acioc
commented
4 years ago This is blocked due to ongoing client supplier/ KMS keyring work
Closed lavaleri closed 4 years ago
acioc
commented
4 years ago This is blocked due to ongoing client supplier/ KMS keyring work
acioc
commented
4 years ago Closing in favor of https://github.com/awslabs/aws-encryption-sdk-specification/issues/165
The KMS Keyring will have drastically different behavior based on whether it is a discovery keyring or not (see https://github.com/awslabs/aws-encryption-sdk-specification/issues/83). The spec describes the conditions for the KMS behaving one way vs. the other, however does not prescribe on KMS Keyring construction that such user intent is taken in as input. This could result in users mistakenly creating one type of keyring when intending on constructing the other.
We should update the spec to require that implementations take in some isDiscovery param in the construtcor (or something isomorphically similar) such that construction fails if the input is invalid for the type of keyring the user intends to create.