-
Cloud KMS quotas are easily hit when we have a lot of secrets as it does a decrypt operation per file. We need to generate an envelope key per target and use that for encrypting the secrets in that ta…
-
**Help us help you**
Hi team,
I've been building a C++ wrapper library that uses Tink in an opinionated way - specifically, Envelope AEAD backed by AWS KMS.
I need to target a deployment for Alpi…
ghost updated
7 months ago
-
**Is your feature request related to a problem? Please describe.**
We need to plan for a scenario where someone accidentally deletes a KMS key, or KMS itself is inaccessible in a region or an account…
-
* AWS Go SDK v1.37.0 added support for SSO-based AWS credentials. This was merged into terraform-provider-aws with https://github.com/hashicorp/terraform-provider-aws/pull/17340 and made it into pulum…
-
There is a risk of an IV collision using the `awskms` or `aesgcm` provider.
As per NIST SP 800-38D section 8.3, it is unsafe to encrypt more than 2^32 plaintexts under the same key when using a rando…
-
**Description**
The idea is actually came from here[^1]. We can support verification of the signature with multiple public keys, I couldn't think over the design much yet but, at the end of the day…
-
-
I have some pre-setup keys in AWS, I want to use these for smallstep.
It appears that step-awskms-init wants to use it's own key names and won't allow me to specify them. It also doesn't allow me t…
-
I am attempting to automate the deploy of vault in k8s on aws using eks. Terraform is used to provision the k8s cluster, storage and also a KMS key to be used for unseal. Once the workers are deployed…
-
### Terraform Version
v1.3.7
### Provider Version
v1.1.5
### Terraform Configuration Files
```hcl
terraform {
required_providers {
boundary = {
source = "hashicorp/bounda…