globality-corp / microcosm-postgres

Opinionated persistence with PostgreSQL
Apache License 2.0
4 stars 7 forks source link

Custom, restricted KMS master key provider #139

Closed dumpstate closed 1 year ago

dumpstate commented 1 year ago

Add a custom, restricted KMS master key provider, that could operate without kms:GenerateDataKey permission, but with kms:GenerateDataKeyWithoutPlaintext + kms:Decode instead. The provider is disabled by default, can be enabled by setting a flag per context key.