scality / Arsenal

Common utilities for the open-source Scality S3 project components

Apache License 2.0

14 stars 19 forks source link

Add AWS KMS client connector #2253

Open outscale-fba opened 2 months ago

outscale-fba commented 2 months ago

Add AWS KMS client connector

New code to use AWS KMS for bucket encryption, based on the KMIP implementation.

Add an optional "GenerateDataKey" function on the kms client API, only defined in the AWS KMS client. This new function is used in cloudserver when detected for the creation of a datakey. For others existing KMS implementations (KMIP, file, memory, ...) the behavior is unchanged.

The following modifications are made:

Arsenal:

new package dependency: @aws-sdk/client-kms
new dev dependency: aws-sdk-client-mock
new source file for implementing the AWS KMS backend connector
introduce a new optional "GenerateDataKey" function on the client
add unit tests on the new AWS KMS client.

Cloudserver:

Add a new configuration section for the AWS KMS backend connector,
New code to use the GenerateDataKey function when available.