Improved KAS key management tools - Githubissues

opentdf / platform

Persistent data centric security that extends owner control wherever data travels

BSD 3-Clause Clear License

19 stars 11 forks source link

Improved KAS key management tools #1275

Open dmihalcik-virtru opened 3 months ago

dmihalcik-virtru commented 3 months ago

We currently don't support KAS key management very well

Introduce service keys subcommand to otdfctl: a. init: similar to current init-temp-keys script, this creates new keys b. create: Adds new key or keys of requested type c. import: Adds existing keys of the requested type
These keys update the opentdf.yaml file with the new key information.

Things to think about:

the keys should be stored in jwk sets
all keys must be compatible with existing clients
should be an opentdf subcommand set, to simplify deployment
must work on windows

Subtasks:

[ ] #1085
[ ] #894
[ ] #778
[ ] #769
[ ] #616

cassandrabailey293 commented 1 month ago

this is currently blocked by the key management adr. moving to BLOCKED until that is complete.