tink icon indicating copy to clipboard operation
tink copied to clipboard

Published 20 hours ago verified publisher icon tink-crypto

support for azure key vault

Open codethatrocks opened this issue 6 years ago • 8 comments

Hi, are there plans for supporting Azure in addition to GCP and AWS KMS?

codethatrocks avatar Nov 14 '18 20:11 codethatrocks

It's not high priority at the moment, but if you can contribute we'll help review your code.

thaidn avatar Nov 16 '18 20:11 thaidn

Yes it is.

thaidn avatar Mar 25 '19 23:03 thaidn

Yes, absolutely.

On Tue, Mar 26, 2019 at 1:08 AM 99M8 [email protected] wrote:

Great. Then I would love to take it on. Is it ok, @thaidn https://github.com/thaidn ?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/google/tink/issues/158#issuecomment-476516426, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAdbPk0-a02qRud3qELOrOYNV0EPZ-Iks5vadV8gaJpZM4YefRa .

-- https://vnhacker.blogspot.com

thaidn avatar Mar 26 '19 23:03 thaidn

Hi @99M8 , are you still interested in contributing?

przydatek avatar Jul 05 '19 10:07 przydatek

Closing for now, as we don't have resources to work on it, but potential contributors are encouraged to re-open.

przydatek avatar Sep 13 '19 16:09 przydatek

asking theoretically, what size would this task be, M, L?

pawelprazak avatar Dec 02 '20 13:12 pawelprazak

It's similar to https://github.com/google/tink/pull/405.

thaidn avatar Dec 04 '20 09:12 thaidn

Hey @thaidn, Is anyone working on this? I would like to contribute here (for go, maybe java as well).

thejasn avatar Aug 25 '21 17:08 thejasn

This looks pretty easy, but - Azure key vault doesn't support symmetric keys so the implementation would need to use an asymmetric RSA key (RSA-OAEP-256). The interface in aead.go accepts AAD, but it isn't passed when encrypting DEKs with the remote KMS (code.

Anyone willing to weigh in?

sfc-gh-kleonhard avatar Jan 13 '23 23:01 sfc-gh-kleonhard

Over the years we found several reason to redesign our KMS integration. I will leave this open for now though -- but we should first do the redesign.

tholenst avatar Feb 09 '23 15:02 tholenst

Thanks Thomas. If the reasons are written down somewhere, I'd be curious to see them for my own understanding.

My two cents - without Azure support, there's a whole swatch of multi-cloud users that won't adopt Tink.

sfc-gh-kleonhard avatar Feb 09 '23 17:02 sfc-gh-kleonhard

Hi, did the redesign happen? If not, are you still open to accept Azure Key Vault integration with the current design?

svrakitin avatar Nov 07 '23 23:11 svrakitin

We don't plan this and I will close this. The issue is that maintaining these integrations is not trivial. Furthermore, an implementation can be done by anyone (not just us) in a separate repository.

tholenst avatar Jan 10 '24 16:01 tholenst