leighmcculloch
commented
4 years ago Here's an idea for what we could do using the local-kms tool:
Open howardtw opened 4 years ago
leighmcculloch
commented
4 years ago Here's an idea for what we could do using the local-kms tool:
We use these mocks to test to mock out the call to the kms client. However, we don't currently have a way to test the kms client in cmd/keyset.go. It's fairly important to test the tool as it's critical to make sure we can use the kms client without any problem when
encryption-kms-key-uriis provided. Without the took working properly, we cannot start the recovery signer in a secure way.Similarly, we don't have a way to exercise the code path when a valid kms key uri is provided here.