Skip to content

feat(s3): migrate from AWS SDK v1 to v2 #2497

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 1, 2025
Merged

feat(s3): migrate from AWS SDK v1 to v2 #2497

merged 2 commits into from
Nov 1, 2025

Conversation

@migmartri
Copy link
Member

@migmartri migmartri commented Oct 29, 2025
edited
Loading

Migrated S3 blob manager and upgraded Sigstore KMS packages to remove AWS SDK v1 dependency.

S3 Blob Manager Migration

Migrated from AWS SDK v1 to v2. The v1 SDK is deprecated and this ensures continued support and security updates.

Sigstore KMS Packages Upgrade

Upgraded all KMS provider packages from v1.8.8 to v1.9.5 for latest improvements and cloud SDK updates:

  • AWS KMS (with AWS SDK v2)
  • Azure Key Vault
  • GCP KMS
  • HashiCorp Vault

fixes #2496

@migmartri
feat(s3): migrate from AWS SDK v1 to v2
d0dba7f 
Migrated the S3 blob manager to use AWS SDK for Go v2, replacing the deprecated v1 SDK. This modernizes the codebase and ensures continued support and security updates.

Key changes:
- Updated imports to use aws-sdk-go-v2 packages
- Replaced session-based config with LoadDefaultConfig pattern
- Migrated S3 client and manager APIs
- Updated error handling to use smithy APIError
- Normalized metadata keys to lowercase for v2 compatibility
- Removed aws-sdk-go v1 dependency

All existing functionality preserved including custom endpoint support for Minio and Cloudflare R2.

Signed-off-by: Miguel Martinez <miguel@chainloop.dev>
@migmartri
chore(deps): upgrade Sigstore KMS packages to v1.9.5
225ab82 
Upgraded all Sigstore KMS provider packages from v1.8.8 to v1.9.5 to get latest bug fixes and improvements. This upgrade also updates transitive dependencies for cloud provider SDKs.

Updated packages:
- github.com/sigstore/sigstore/pkg/signature/kms/aws v1.9.5
- github.com/sigstore/sigstore/pkg/signature/kms/azure v1.9.5
- github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.9.5
- github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.9.5

These upgrades include transitive updates to:
- AWS SDK v2 KMS service (v1.38.3)
- Azure SDK and Azure Identity (v1.18.0, v1.10.0)
- GCP SDKs for KMS, Storage, Secret Manager
- HashiCorp Vault API (v1.16.0)

Note: v1.9.5 is the latest stable release on the v1.x branch. The main branch already has AWS SDK v1 removed, which will be available in the next major release.
Signed-off-by: Miguel Martinez <miguel@chainloop.dev>
@migmartri migmartri requested review from Piskoo and jiparis and removed request for jiparis October 29, 2025 21:57
javirln
javirln reviewed Oct 30, 2025
View reviewed changes
pkg/blobmanager/s3/backend.go

// Configure AWS config with v2 SDK
cfg, err := config.LoadDefaultConfig(
context.TODO(),
Copy link
Member

@javirln javirln Oct 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or Background?

@migmartri migmartri merged commit 7b72e14 into chainloop-dev:main Nov 1, 2025
13 checks passed
@migmartri migmartri deleted the 2496-aws-sdkv2 branch November 1, 2025 09:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@javirln javirln javirln left review comments

@jiparis jiparis jiparis approved these changes

@Piskoo Piskoo Awaiting requested review from Piskoo

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Chainloop uses AWS SDK for Go (v1) which is EOL

3 participants

@migmartri @jiparis @javirln