We use these mocks to test to mock out the call to the kms client. However, we don't currently have a way to test the kms client in cmd/keyset.go. It's fairly important to test the tool as it's critical to make sure we can use the kms client without any problem when encryption-kms-key-uri is provided. Without the took working properly, we cannot start the recovery signer in a secure way.
Similarly, we don't have a way to exercise the code path when a valid kms key uri is provided here.
We use these mocks to test to mock out the call to the kms client. However, we don't currently have a way to test the kms client in cmd/keyset.go. It's fairly important to test the tool as it's critical to make sure we can use the kms client without any problem when
encryption-kms-key-uri
is provided. Without the took working properly, we cannot start the recovery signer in a secure way.Similarly, we don't have a way to exercise the code path when a valid kms key uri is provided here.