search

tink-crypto / tink

Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
https://developers.google.com/tink
Apache License 2.0
13.5k stars 1.18k forks source link

HashiCorp Vault support is documented but not present in the code #528

Closed giovanniagazzi closed 1 year ago

giovanniagazzi commented 3 years ago

In the following documentation pages, Vault is described as a KMS option for Tink: https://developers.google.com/tink/create-an-external-key https://developers.google.com/tink/get-key-uri https://developers.google.com/tink/get-key-credentials

But if you try to use Vault as a KMS in order to encrypt/decrypt keysets, you discover that the following package does not contain a Client dedicated to Vault: com.google.crypto.tink.integration.*

On the source repo I found a pull request for Vault integration: https://github.com/google/tink/pull/405 But it seems that the PR was never merged into master.

Could you please add Vault KMS support or delete it from the documentation?

juergw commented 2 years ago

Yes, the documentation is missleading. Sorry about that. HashiCorp Vault is currently only supported in Golang, see https://github.com/google/tink/tree/master/go/integration/hcvault We currently don't have plans to implement this in other languages. I will update the documentation.

juergw commented 1 year ago

Done.

JordanStopford commented 1 year ago

I've opened up PRs to get this integrated in Java/Python but it's awaiting review - hopefully someone can get to it soon!