If the storepass parameter is not provided, it queries the Instance MetaData Service (IMDS) to get credentials to access AWS KMS.
I did not reuse the RESTClient because it assumes JSON response body, and IMDS explicitly returns text, though it may also sometimes be JSON in that text response...
Note
If running from within a container hosted on that EC2, the IMDSv2 may not be reachable by default (hop limit set to 1 for the PUT request to obtain the API token). Updating the hop limit to 2 solves the issue, but this is not managed here. Just a clue in case of breaking tests.
This is a solution for #147.
storepass
parameter is not provided, it queries the Instance MetaData Service (IMDS) to get credentials to access AWS KMS.RESTClient
because it assumes JSON response body, and IMDS explicitly returns text, though it may also sometimes be JSON in that text response...Note
If running from within a container hosted on that EC2, the IMDSv2 may not be reachable by default (hop limit set to 1 for the PUT request to obtain the API token). Updating the hop limit to 2 solves the issue, but this is not managed here. Just a clue in case of breaking tests.