sethvargo
commented
2 years ago Did you mean asymmetric instead of async?
Closed raserva closed 2 years ago
sethvargo
commented
2 years ago Did you mean asymmetric instead of async?
sethvargo
commented
2 years ago Did you mean asymmetric instead of async?
raserva
commented
2 years ago yes ha, updated.
raserva
commented
2 years ago This should also update the JVS code to be able to update the key version used in an async fashion
mikehelmick
commented
2 years ago yes, this needs to be internal state that creates a key, waits for propagation TTL and then makes active.
on the client side - clients should be able to download the latest public key set on a cache miss.
raserva
commented
2 years ago
KMS does not support marking primary versions for asymmetric keys. Therefore, we need another mechanism for telling the JVS when to stop using an old key version and move to a new one.