cloudserver icon indicating copy to clipboard operation
cloudserver copied to clipboard
verified publisher icon scality

Add AWS KMS client connector

Open outscale-fba opened this issue 1 year ago • 0 comments

Add AWS KMS client connector

New code to use AWS KMS for bucket encryption, based on the KMIP implementation.

Add an optional "GenerateDataKey" function on the kms client API, only defined in the AWS KMS client. This new function is used in cloudserver when detected for the creation of a datakey. For others existing KMS implementations (KMIP, file, memory, ...) the behavior is unchanged.

The following modifications are made:

Arsenal:

  • new package dependency: @aws-sdk/client-kms
  • new dev dependency: aws-sdk-client-mock
  • new source file for implementing the AWS KMS backend connector
  • introduce a new optional "GenerateDataKey" function on the client
  • add unit tests on the new AWS KMS client.

Cloudserver:

  • Add a new configuration section for the AWS KMS backend connector,
  • New code to use the GenerateDataKey function when available.

outscale-fba avatar Jul 12 '24 13:07 outscale-fba