Closed jazzyMix closed 7 months ago
Thanks for the report. This is working as intended.
Tink provides FIPS mode to guarantee that only FIPS compliant encryptions happen. If you use a KMS, Tink cannot guarantee anymore that this is true.
Note that the work around is simply to not use FIPS mode in Tink. Tink can still be FIPS complaint, even if it is not in FIPS mode.
I understand that this can be annoying, and we are working on providing more fine grained configuration options, but this will take a while to materialize.
Help us help you
Tell us more about your Tink deployment.
Is your feature request related to a problem?
If so, provide a description of the problem. Context: I am making our service FIPS compliant, we depends on https://github.com/tink-crypto/tink-java-gcpkms and when we start our server we fail to start the kms client due to this error
What sort of feature would you like to see?
it seems like com.google.api.client.util.SecurityUtils.loadKeyStore failed, please advice
Have you considered any alternative solutions?
I have try to move away from google.api.client.googleapis dependency but failed
Would you like to add additional context?
Provide any other context about the feature request.