Skip to content
This repository has been archived by the owner on Jul 12, 2023. It is now read-only.

Switch InMemory KMS to filesystem based #957

Merged
merged 2 commits into from
Sep 8, 2020
Merged

Switch InMemory KMS to filesystem based #957

merged 2 commits into from
Sep 8, 2020

Conversation

sethvargo
Copy link
Member

@sethvargo sethvargo commented Sep 7, 2020
edited
Loading

The challenge with the in-memory implementation is that keys go away if the process dies. This doesn't mesh well with the verification server, which creates/destroys keys and requires persistence.

This also exposes test helpers for managing keys.

This added 1s to the overall test suite time, so I'm really not concerned with the additional I/O.

Fixes GH-914

Release Note

BREAKING: Replace in-memory key manager with filesystem key manager, dropped support for in-memory key manager.

@sethvargo
Switch InMemory KMS to filesystem based
63963fc 
The challenge with the in-memory implementation is that keys go away if
the process dies. This doesn't mesh well with the verification server,
which creates/destroys keys and requires persistence.
@google-oss-robot google-oss-robot added the approved Auto: added by prow when enough reviewers approve. label Sep 7, 2020
@google-cla google-cla bot added the cla: yes Auto: added by CLA bot when all committers have signed a CLA. label Sep 7, 2020
@google-oss-robot google-oss-robot added the size/XXL Auto: extra extra large number of changes. label Sep 7, 2020
@sethvargo sethvargo mentioned this pull request Sep 7, 2020
Merged
@sethvargo
Copy link
Member Author

Oh, this fixes GH-914

@sethvargo sethvargo linked an issue Sep 7, 2020 that may be closed by this pull request
keys.InMemory should implement keys.SigningKeyManagement #914
Closed
@Goclipse27 Goclipse27 mentioned this pull request Sep 8, 2020
Closed
icco
icco reviewed Sep 8, 2020
View reviewed changes
pkg/keys/config.go Show resolved Hide resolved
pkg/keys/filesystem.go Outdated Show resolved Hide resolved
pkg/keys/filesystem.go Show resolved Hide resolved
pkg/keys/filesystem.go Outdated Show resolved Hide resolved
pkg/keys/filesystem_test.go Show resolved Hide resolved
icco
icco approved these changes Sep 8, 2020
View reviewed changes
Copy link
Contributor

@icco icco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@google-oss-robot google-oss-robot added the lgtm Auto: added by prown with a reviewer LGTMs label Sep 8, 2020
@google-oss-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: icco, sethvargo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@google-oss-robot google-oss-robot merged commit ec881e8 into main Sep 8, 2020
@google-oss-robot google-oss-robot deleted the sethvargo/kmsondisk branch September 8, 2020 14:35
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 6, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@icco icco icco approved these changes

@gurayAlsac gurayAlsac Awaiting requested review from gurayAlsac

@whaught whaught Awaiting requested review from whaught

Assignees

@icco icco

Labels
approved Auto: added by prow when enough reviewers approve. cla: yes Auto: added by CLA bot when all committers have signed a CLA. lgtm Auto: added by prown with a reviewer LGTMs size/XXL Auto: extra extra large number of changes.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

keys.InMemory should implement keys.SigningKeyManagement
3 participants
@sethvargo @google-oss-robot @icco