Closed rolffujino closed 2 years ago
We definitely want to support Azure Key Vault. Not sure when we'll have time, but it's on our roadmap. We do prioritize based on both open source and commercial interest. So I encourage people to vote with their +1s here, or contact us to vote with your dollars.
I also think this would be a good first issue for anyone interested in contributing to the project. @maraino did a really nice job abstracting out signing into a module system (sort of like database backends). So adding a new backend is a pretty discrete bit of work that doesn't require a ton of knowledge of the overall codebase. You should be able to follow the patterns used in the other backends. That code is here: https://github.com/smallstep/certificates/tree/master/kms
Also worth mentioning: @maraino is currently working on a generic PKCS#11 backend over at https://github.com/smallstep/certificates/pull/457. If Azure Key Vault has a PKCS#11 interface that may be a good short-term workaround. I still think we probably need a custom backend for Azure Key Vault though.
What would you like to be added
Support for Azure's KMS key vault: https://azure.microsoft.com/en-us/services/key-vault/
Why this is needed
Support already exists for GCP & AWS, it would be great to have the equivalent for Azure, to round out support for the 3 largest Cloud providers..