Skip to content

v0.5.0

  • v0.5.0
  • 2c7eb40

  • Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode

  • Choose a tag to compare

    View all tags
Releases v0.5.0 (#65)
  • v0.5.0
  • 2c7eb40

  • Choose a tag to compare

    View all tags

  • Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
@johnnyt johnnyt tagged this 28 Jan 15:07 
### Added
- Multi-keyring generator validation rejecting discovery keyrings (#52)
- Multi.new_with_kms_generator/4 convenience constructor for KMS generators
- Multi.new_mrk_aware/4 convenience constructor for cross-region MRK scenarios
- ARN reconstruction utilities for replica region keyring creation
- AWS KMS MRK Discovery Keyring for cross-region MRK decryption (#51)
- MRK-aware discovery keyring reconstructing ARNs with configured region
- Cross-region MRK decryption enabling disaster recovery scenarios
- Non-MRK key filtering by region match for security
- Optional discovery filter for partition and account restrictions
- Integration with Default CMM and Multi-keyring dispatch clauses
- Comprehensive test suite with 28 tests
- KMS client abstraction layer with behaviour interface (#46)
- KmsClient behaviour defining generate_data_key/5, encrypt/5, and decrypt/5 callbacks
- Mock KMS client implementation for testing without AWS credentials
- ExAws KMS client implementation for production use with AWS
- ExAws configuration in config/config.exs with environment variable support
- Integration test suite for real AWS KMS operations (9 tests)
- Test documentation in test/README.md with setup and usage instructions
- Manual verification script (scripts/verify_kms_client.exs)
- Environment variable template (.env.example)
- AWS SDK dependencies: ex_aws, ex_aws_kms, hackney, sweet_xml
- KMS Key ARN utilities for parsing and validation (#47)
- parse/1 function with comprehensive ARN validation per AWS spec
- mrk?/1 function for Multi-Region Key identification
- mrk_match?/2 function for cross-region MRK matching
- arn?/1 helper for ARN format detection
- to_string/1 function for ARN reconstruction
- String.Chars protocol implementation for idiomatic usage
- Support for all AWS partitions (aws, aws-cn, aws-us-gov)
- Comprehensive test suite with 64 tests covering valid/invalid ARNs
- Test vector validation using keys.json test data
- AWS KMS Keyring implementation for encrypting/decrypting data keys with AWS KMS (#48)
- wrap_key/2 function with dual paths: GenerateDataKey (new keys) and Encrypt (existing keys)
- unwrap_key/3 function with EDK filtering by provider ID, ARN validation, and key matching
- Support for MRK (Multi-Region Key) cross-region matching
- Grant tokens support for KMS API calls
- Integration with Default CMM and Multi-keyring for seamless composition
- Comprehensive test suite with 27 tests using Mock KMS client (96.1% coverage)
- AWS KMS Discovery Keyring for decrypt-only operations (#49)
- Discovery keyring decrypts data keys using ARN from EDK provider info
- Optional discovery filter for partition and account restrictions
- wrap_key/2 implementation that always fails (discovery cannot encrypt)
- unwrap_key/3 with provider ID filtering, ARN validation, and KMS decrypt
- Integration with Default CMM and Multi-keyring dispatch clauses
- Comprehensive test suite with 30 tests (94.2% coverage)
- AWS KMS Multi-Region Key (MRK) Keyring for cross-region decryption (#50)
- MRK-aware keyring enabling data decryption with regional MRK replicas
- wrap_key/2 and unwrap_key/3 functions delegating to AwsKms keyring
- Cross-region MRK matching for disaster recovery scenarios
- Integration with Default CMM and Multi-keyring dispatch clauses
- Comprehensive test suite with 28 tests covering cross-region scenarios
- Comprehensive documentation for AWS KMS keyrings (#53)
- Enhanced moduledocs for AwsKms, AwsKmsDiscovery, AwsKmsMrk, and AwsKmsMrkDiscovery
- Use cases, IAM permissions, and security considerations for each keyring type
- Code examples for basic usage, grant tokens, and multi-keyring patterns
- Examples directory with 4 runnable scripts demonstrating KMS integration
- kms_basic.exs for basic encryption/decryption workflow
- kms_discovery.exs for discovery keyring usage
- kms_multi_keyring.exs for redundant key protection
- kms_cross_region.exs for MRK disaster recovery scenarios
- AWS KMS Integration section in README with keyring selection guide
- Updated README to reflect all implemented KMS keyrings

### Changed
- Excluded examples directory from Credo analysis
- Increased minimum code coverage requirement from 93% to 94%
Assets 2
Loading