Open KyleKotowick opened 1 year ago
Voting for Prioritization
Volunteering to Work on This Issue
I think you meant https://docs.aws.amazon.com/kms/latest/APIReference/API_Sign.html
I think you meant https://docs.aws.amazon.com/kms/latest/APIReference/API_Sign.html
Fixed, thank you.
Description
The AWS provider currently offers a resource (and data source) for using a KMS key to encrypt plaintext into ciphertext (aws_kms_ciphertext), i.e. a resource that uses the https://docs.aws.amazon.com/kms/latest/APIReference/API_Encrypt.html operation.
What would be equally useful is a resource and data source that uses a KMS key to sign a message, i.e. a resource / data source that uses the https://docs.aws.amazon.com/kms/latest/APIReference/API_Sign.html operation.
Specifically, this would allow us to build a KMS-based certificate authority without needing to store any secrets (private keys) in the Terraform state.
This operation is supported in the AWS Go SDK v2.
Requested Resource(s) and/or Data Source(s)
Resource:
Data source:
Potential Terraform Configuration