search

minio / kes

Key Managament Server for Object Storage and more
https://min.io/docs/kes/concepts/
GNU Affero General Public License v3.0
460 stars 97 forks source link

keystore: add support for KES<->KES setup #326

Closed aead closed 1 year ago

aead commented 1 year ago

This commit adds keystore support for KES. Now, a stateless KES server can use a stateful KES server for storing keys as secrets.

The KES server now accepts a new KES keystore config:

  # Configuration for storing keys on a KES server.
  kes:
    endpoint: 
    - ""           # The endpoint (or list of endpoints) to the KES server(s)
    enclave: ""    # An optional enclave name. If empty, the default enclave will be used
    tls:           # The KES mTLS authentication credentials - i.e. client certificate.
      cert: ""     # Path to the TLS client certificate for mTLS authentication
      key: ""      # Path to the TLS client private key for mTLS authentication
      ca: ""       # Path to one or multiple PEM root CA certificates
klauspost commented 1 year ago

@aead There are unresolved conflicts in the PR.

aead commented 1 year ago

Thanks @klauspost - resolved