search

FalcoSuessgott / vault-kubernetes-kms

Encrypt Kubernetes Secrets using Hashicorp Vault as the KMS Provider
https://falcosuessgott.github.io/vault-kubernetes-kms/
MIT License
23 stars 1 forks source link

latest_version field value for status request implementation (KMSv2) #92

Closed xslicex closed 1 month ago

xslicex commented 1 month ago

Hi Tom!

A minor improvement idea for the Status RPC implementation at pkg/plugin/plugin_v2.go:

Although not exist in Vault's transit secret engine API documentation, the Read key endpoint response has a latest_version field, what is exactly what you need during the status message implementation. No need to sort the keys.

# vault write -f transit/keys/my-key
Key                       Value
---                       -----
allow_plaintext_backup    false
auto_rotate_period        0s
deletion_allowed          false
derived                   false
exportable                false
imported_key              false
keys                      map[1:1721312962]
latest_version            1
min_available_version     0
min_decryption_version    1
min_encryption_version    0
name                      my-key
supports_decryption       true
supports_derivation       true
supports_encryption       true
supports_signing          false
type                      aes256-gcm96
FalcoSuessgott commented 1 month ago

Nice! Thank you for reporting, Its implemented in #93