lzhecheng
commented
1 week ago Cache design for getting latest key version also need consideration.
Open lzhecheng opened 1 month ago
lzhecheng
commented
1 week ago Cache design for getting latest key version also need consideration.
Describe the request
With this feature, kms users can choose to not specify key version, instead the kms plugin gets latest key version from akv.
Explain why KMS Plugin for Key Vault needs it
It reduces users' effort when they need to rotate key regularly.
Describe the solution you'd like
Kms plugin retrieves latest key version when encryption and puts it into annotation. When decryption, kms plugin retrieves key version from annotation and uses it to decrypt.
Describe alternatives you've considered
Additional context
POC code