Keith Wall
Keith Wall
We should also think about the test cases we'll want to add too. One idea: EnvelopeEncryptionFilterIT test which tests that the filter survives a KMS restart.
We've got the [kubernetes examples](https://github.com/kroxylicious/kroxylicious/tree/main/kubernetes-examples) already, those should act a as a starting point
I'd prefer a single point of reference with some kind of labelling to indicate terms that are use-case specific. It would help us drive towards a single vocabulary. I'd envisage...
I'm wondering if this IT should be using the TestKmsFacade. It would mean that TestKekManager would need to expose function to load a serialised key into the KMS. I guess...
The requirement came from a threat model review.
I think we might need to do something for 0.5.0 to improve the unencrypted path. Testing with the script coming out of #1015, shows that the use-case absolutely hammers HashiCorp...
Agreed, for the multi-tenant use case, eventually we'd want the ability to: - dynamically add/remove tenants - allow a per-certificate TLS certificate (exploiting Netty's SniHandler/DomainWildcardMapping) - allow TLS certificates to...
Not a priority for 0.5.0
This problem is wider than the serving certificate. It also applies to TLS trust. Kroxylicious ought to be be prepared to reload that too.