Currently simple-kbs handles keys and resources separately. Keys are pulled directly from the database whereas resources are read from the filesystem. Otherwise these two secret types are basically the same. They both have policies specified in the database, for instance. With the refactor of the AA/CDH, we have begun to interact with KBSes via a KMS API. This API does not distinguish between resources and secrets. The distinction is really the legacy of the keyprovider API that the AA was originally designed around. For now we will only use the resource secret type when using simple-kbs with the new AA/CDH (even when providing secrets). At some point we might want to merge these secret types together more formally or at least update the guides.
Currently simple-kbs handles
keysandresourcesseparately. Keys are pulled directly from the database whereas resources are read from the filesystem. Otherwise these two secret types are basically the same. They both have policies specified in the database, for instance. With the refactor of the AA/CDH, we have begun to interact with KBSes via a KMS API. This API does not distinguish between resources and secrets. The distinction is really the legacy of the keyprovider API that the AA was originally designed around. For now we will only use the resource secret type when using simple-kbs with the new AA/CDH (even when providing secrets). At some point we might want to merge these secret types together more formally or at least update the guides.