Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SearchKeys functionality to MacKMS #552

Merged
merged 5 commits into from
Jul 29, 2024
Merged

Add SearchKeys functionality to MacKMS #552

merged 5 commits into from
Jul 29, 2024

Conversation

hslatman
Copy link
Member

@hslatman hslatman commented Jul 18, 2024
edited
Loading

In follow up PRs I'd like to add:

  • Support in PKCS11
  • Support in TPMKMS
  • Support in CAPI?
  • Support for searching certificates?

@hslatman hslatman force-pushed the herman/mackms-search branch from 360134c to 9c3c6e2 Compare July 25, 2024 12:13
@hslatman hslatman marked this pull request as ready for review July 25, 2024 12:15
@hslatman hslatman requested a review from maraino July 25, 2024 12:15
@hslatman hslatman force-pushed the herman/mackms-search branch from bd63571 to 4baf2ce Compare July 26, 2024 12:02
maraino
maraino reviewed Jul 26, 2024
View reviewed changes
Copy link
Contributor

@maraino maraino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks ok, I've added a few questions and a comment to see if it is possible to search keys in the secure enclave. For example, all with the default tag would be mackms:se=true

kms/mackms/mackms.go Outdated Show resolved Hide resolved
kms/mackms/mackms.go Show resolved Hide resolved
kms/mackms/mackms.go Show resolved Hide resolved
@hslatman
Support filtering search query on being in Secure Enclave or not
606fcd9 
If `se` is not specified in the search query, all keys managed by
the KMS (using the default tag) will be returned. When `se=true`,
or `se=false`, keys will be filtered based on whether they were created
inside the Secure Enclave or not, respectively.
@hslatman hslatman requested a review from maraino July 29, 2024 11:13
maraino
maraino approved these changes Jul 29, 2024
View reviewed changes
Copy link
Contributor

@maraino maraino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

In the switch cases, we could remove the se=false in the name URI, which would be the default for individual keys.

@hslatman hslatman merged commit c4593f5 into master Jul 29, 2024
13 checks passed
@hslatman hslatman deleted the herman/mackms-search branch July 29, 2024 18:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maraino maraino maraino approved these changes

Assignees
No one assigned
Labels
needs triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hslatman @maraino