Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

KMS key versionless support #402

Open
lzhecheng opened this issue Oct 16, 2024 · 1 comment
Open

KMS key versionless support #402

lzhecheng opened this issue Oct 16, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@lzhecheng
Copy link

lzhecheng commented Oct 16, 2024

Describe the request

With this feature, kms users can choose to not specify key version, instead the kms plugin gets latest key version from akv.

Explain why KMS Plugin for Key Vault needs it

It reduces users' effort when they need to rotate key regularly.

Describe the solution you'd like

Kms plugin retrieves latest key version when encryption and puts it into annotation. When decryption, kms plugin retrieves key version from annotation and uses it to decrypt.

Describe alternatives you've considered

Additional context

POC code

@lzhecheng lzhecheng added the enhancement New feature or request label Oct 16, 2024
@lzhecheng
Copy link
Author

Cache design for getting latest key version also need consideration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

1 participant