Skip to content

Add SET command for run-time configuration of keyset_id #299

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 8 commits into
base: main
Choose a base branch
from
Draft

Add SET command for run-time configuration of keyset_id #299

wants to merge 8 commits into from

Conversation

tobyhede
Copy link
Contributor

@tobyhede tobyhede commented Aug 1, 2025
edited
Loading

The Proxy should expose a SET command that enables run-time configuration of a keyset_id:

SET CIPHERSTASH.KEYSET_ID = 'EXAMPLE-UUID-4b38-9571-e0cf47802677'
  • Parse set command
  • Parse keyset as UUID if defined
  • Set keyset_id if defined
  • Error if set command but value cannot be parsed
  • Update error docs with syntax details
  • Extract zerokms initalisation
  • Enable cipher initalisation to accept keyset_id
  • Pass keyset_id when encrypting or decrypting
  • Handle decrypt errors
  • Refactor to extract error handling from frontend into common module
  • Update backend to send decrypt errors as pg errors

@freshtonic
Copy link
Contributor

This looks really good - nice work

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tobyhede @freshtonic