Skip to content
This repository has been archived by the owner on Dec 19, 2023. It is now read-only.

Implement KMS provider #96

Closed
dgreene-r7 opened this issue Feb 1, 2017 · 1 comment
Closed

Implement KMS provider #96

dgreene-r7 opened this issue Feb 1, 2017 · 1 comment

Comments

@dgreene-r7
Copy link
Contributor

dgreene-r7 commented Feb 1, 2017
edited
Loading

Tokend has a pretty steep set of dependencies in Warden and Vault. Implementing a KMS provider would provide a single dependency and make for easier adoption.

This provider will implement the following endpoint: /v1/kms/decrypt. It will only accept POST requests and requires a body with a ciphertext key whose value is the encrypted secret from KMS.

The response from the endpoint will be:

{
  "keyid": "<ARN OF KEY USED TO ENCRYPT>",
  "plaintext": "<SECRET>"
}

Like the TransitProvider this is a non-renewable secret.
This was referenced Feb 2, 2017
Open
Open
Merged
@dgreene-r7
Copy link
Contributor Author

This is resolved by #99!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dgreene-r7