We extend EIF building functionality with additional option of signing EIF files with KMS.
sign_info parameter of EifBuilder now turned to a structure that contains enum for the signing key.
This enum can be represented as local private key (previous functionality)
or KMS signing key (implemented in COSE library).
Also a couple of wrappers and helper methods are introduced
to store initial information about signing keys and transform it to the keys itself.
The information about KMS signing key is represented as unique KMS key id string and optional
region string. In case region is missed it will be read from AWS_REGION environment variable
as a standard way for SDK configuration.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
Issue #, if available: https://github.com/aws/aws-nitro-enclaves-cli/issues/204
Description of changes:
This is a reworked version of https://github.com/aws/aws-nitro-enclaves-image-format/pull/6 because it was abandoned
We extend EIF building functionality with additional option of signing EIF files with KMS.
sign_infoparameter of EifBuilder now turned to a structure that contains enum for the signing key. This enum can be represented as local private key (previous functionality) or KMS signing key (implemented in COSE library).Also a couple of wrappers and helper methods are introduced to store initial information about signing keys and transform it to the keys itself.
The information about KMS signing key is represented as unique KMS key id string and optional region string. In case region is missed it will be read from
AWS_REGIONenvironment variable as a standard way for SDK configuration.By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.