New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add KMS support to crypto pseudo-Node #1846
Conversation
d7d5371
to
d72e6c4
Compare
c310961
to
2bab9d4
Compare
oak_runtime/Cargo.toml
Outdated
@@ -53,7 +53,10 @@ serde_json = "*" | |||
sha2 = "^0.9.1" | |||
tink-core = { version = "^0.1", features = ["json"] } | |||
tink-aead = "^0.1" | |||
tink-awskms = "^0.1" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it feasible to make KMS support feature-gated? These KMS support dependencies worry me, and I would prefer to not always include it in the TCB unless someone really wants to use KMS integration.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point, will do.
7a34f19
to
7cfbfa3
Compare
Not ideal because different features can't be specified independently, but that's a bigger/different change.
"retrieve KMS client for {} using credentials in {:?}", | ||
key_uri, self.kms_credentials | ||
); | ||
#[cfg(feature = "awskms")] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice. I like how locally contained the feature scoping ended up being.
Reproducibility Index:
Reproducibility Index diff: diff --git a/reproducibility_index b/reproducibility_index
index d2bd887..5f21d35 100644
--- a/reproducibility_index
+++ b/reproducibility_index
@@ -10,4 +10,4 @@ b43a49ae8e06e165e282ed877050f1ab61ac84ffed8d04011c5dfbd9ea79b5e6 ./examples/inj
e7baa8bbf76625baa88769d8a31e250886ad5ab527a7af0f0474400b278e5530 ./examples/private_set_intersection/bin/private_set_intersection_handler.wasm
8c97d83fe6aa157dbbb01b0931e206bc4d9da058adfc2e0df46a7d1979c495c2 ./examples/translator/bin/translator.wasm
281511f222523d02d7a369d6b00c8f4e80d3ad6754af29a04e8b4864fbc1a2bc ./examples/trusted_database/bin/trusted_database.wasm
-f7f13572ca737e414e848807894b40f6bf8e1cb5d4d742986b40b85c4feac1b8 ./oak_loader/bin/oak_loader
+7d2ab6e28054bc5a697a46e6b5acf9cf3d2a618db92212f19038fc0e402c275f ./oak_loader/bin/oak_loader
|
Checklist
Cloudbuild
cover any TODOs and/or unfinished work.
construction.