search

smallstep / certificates

🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
https://smallstep.com/certificates
Apache License 2.0
6.67k stars 433 forks source link

Azure Key Vault Support #462

Closed rolffujino closed 2 years ago

rolffujino commented 3 years ago

What would you like to be added

Support for Azure's KMS key vault: https://azure.microsoft.com/en-us/services/key-vault/

Why this is needed

Support already exists for GCP & AWS, it would be great to have the equivalent for Azure, to round out support for the 3 largest Cloud providers..

mmalone commented 3 years ago

We definitely want to support Azure Key Vault. Not sure when we'll have time, but it's on our roadmap. We do prioritize based on both open source and commercial interest. So I encourage people to vote with their +1s here, or contact us to vote with your dollars.

I also think this would be a good first issue for anyone interested in contributing to the project. @maraino did a really nice job abstracting out signing into a module system (sort of like database backends). So adding a new backend is a pretty discrete bit of work that doesn't require a ton of knowledge of the overall codebase. You should be able to follow the patterns used in the other backends. That code is here: https://github.com/smallstep/certificates/tree/master/kms

Also worth mentioning: @maraino is currently working on a generic PKCS#11 backend over at https://github.com/smallstep/certificates/pull/457. If Azure Key Vault has a PKCS#11 interface that may be a good short-term workaround. I still think we probably need a custom backend for Azure Key Vault though.