feat: add key processor repository#157
Conversation
Signed-off-by: fabenan-f <63860771+fabenan-f@users.noreply.github.com>
apatsap
left a comment
apatsap
left a comment
There was a problem hiding this comment.
Very nice. I think we should revisit the provider mechanism though
| config: | ||
| prefix: root-kek | ||
| type: unsafe-sqlite-memory | ||
| cryptor: |
There was a problem hiding this comment.
Cryptor is very go-ish.
What about just calling it crypto or cipher?
| "github.com/openkcm/krypton/internal/securemem" | ||
| ) | ||
|
|
||
| const TypeHSM cryptor.Type = "hsm" |
| parent_key_provider: | ||
| agent_name: root |
There was a problem hiding this comment.
I know you didn't add this but this is wrong. Since the root doesn't have parent_key_provider but rather K1's cryptor knows how to access the parent.
Maybe you could just remove it
| const TypeAES256GCM cryptor.Type = "aes256gcm" | ||
|
|
||
| // CryptorConfig is the configuration for an AES-256-GCM cryptor. | ||
| type CryptorConfig struct{} |
| type CryptorBundle struct { | ||
| Cryptor cryptor.Cryptor | ||
| SecretGenerator cryptor.SecretGenerator | ||
| } |
There was a problem hiding this comment.
This is a good idea. But it feels at a wrong place. I think this should live at cryptor.Bundle
| type CryptorSpec struct { | ||
| Name string `yaml:"name"` | ||
| Type cryptor.Type `yaml:"type"` | ||
| Config cryptor.Config `yaml:"-"` |
There was a problem hiding this comment.
The yaml shouldn't be excluded. I.e.
type CryptorSpec struct {
...
Config cryptor.Config `yaml:"config"`
}| return nil | ||
| } | ||
|
|
||
| func (c *CryptorSpec) Open(ctx context.Context) (CryptorBundle, error) { |
There was a problem hiding this comment.
I think the Open should go away (see long comment) above
| func newCryptorConfig(t cryptor.Type) (cryptor.Config, error) { | ||
| switch t { | ||
| case aes256gcm.TypeAES256GCM: | ||
| return &aes256gcm.CryptorConfig{}, nil |
There was a problem hiding this comment.
I think we can make aes256gcm.CryptorConfig impelment the yaml.Marshalller so that it isn't all scattered around
| type VaultSpec struct { | ||
| Name string `yaml:"name"` | ||
| Type vault.Type `yaml:"type"` | ||
| Config vault.Config `yaml:"-"` |
There was a problem hiding this comment.
I think this should be not excluded:
Config vault.Config `yaml:"config"`| return nil | ||
| } | ||
|
|
||
| func (v *VaultSpec) Open(ctx context.Context) (vault.Vault, error) { |
There was a problem hiding this comment.
I'd suggest the same provider mechanism as for the cryptor package
2 participants
No description provided.