Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extend KrillSigner to support multiple signers #539

Closed
ximon18 opened this issue Jun 10, 2021 · 1 comment · Fixed by #674
Closed

Extend KrillSigner to support multiple signers #539

ximon18 opened this issue Jun 10, 2021 · 1 comment · Fixed by #674
Assignees
@ximon18
Labels
hsm Relates to adding HSM support to Krill
Projects
HSM support for keys

Comments

@ximon18
Copy link
Member

ximon18 commented Jun 10, 2021

One signer should be the default which will be used for generating new key pairs. Other signers will be used to work with keys that were previously created with those signers. Extend KrillSigner functions to lookup the signer to use based on the Key Identifier, or in the case of key generation by using the signer marked as the “default”. Only the SoftSigner exists at this point but the collection should support any signer implementation.
@ximon18 ximon18 added the hsm Relates to adding HSM support to Krill label Jun 10, 2021
@ximon18 ximon18 added this to To do in HSM support for keys via automation Jun 10, 2021
@ximon18 ximon18 moved this from To do to In progress in HSM support for keys Sep 21, 2021
@ximon18 ximon18 self-assigned this Sep 21, 2021
@ximon18 ximon18 moved this from In progress to To do in HSM support for keys Sep 21, 2021
@ximon18 ximon18 moved this from To do to In progress in HSM support for keys Sep 21, 2021
ximon18 added a commit that referenced this issue Sep 23, 2021
@ximon18
Support multiple signers of different types behind a HSM feature flag…
5571271 
…, and support in principle selecting which signer to use for which purpose. (#539)
@ximon18 ximon18 linked a pull request Sep 23, 2021 that will close this issue
HSM: Support multiple signers (#539) #674
Merged
@ximon18 ximon18 moved this from In progress to To review in HSM support for keys Sep 23, 2021
ximon18 added a commit that referenced this issue Oct 5, 2021
@ximon18
HSM: Support multiple signers (#539) (#674)
faf6bd2 
Support multiple signers of different types behind a HSM feature flag, and support in principle selecting which signer to use for which purpose. (#539)
@ximon18 ximon18 moved this from To review to Done in HSM support for keys Nov 19, 2021
ximon18 added a commit that referenced this issue Nov 23, 2021
@ximon18
Initial KMIP signer support (#566)
936dbda 
* Support multiple signers of different types behind a `hsm` feature flag, and support in principle selecting which signer to use for which purpose (#539). Note: Currently only usable in combination with a new`hsm-tests` feature flag due to lack of any actual means to select an alternate signer via code or config.

* Replaces the dummy signer with a KMIP signer (#566) and supporting dependencies `kmip-protocol` (#557, #558, #559), `backoff` (retry support), `r2d2` (connection pooling support). Adds a `hsm-tests` feature flag for testing exclusively with KMIP, i.e. not using the OpenSSL signer at all.

* Adds a GitHub Actions `hsmtest` CI job that tests Krill integration with a co-installed PyKMIP instance (#560, #561, #683).
@ximon18
Copy link
Member Author

ximon18 commented Sep 6, 2022

Delivered with the Krill v0.10.0 release.

@ximon18 ximon18 closed this as completed Sep 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ximon18 ximon18

Labels
hsm Relates to adding HSM support to Krill
Projects
HSM support for keys
  
Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

HSM: Support multiple signers (#539) NLnetLabs/krill
1 participant
@ximon18