feat: Adding the hierarchical keyring #1537
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* feat(keystore): create class to model AWS KMS configuration for branch keystore * updated spec submodule to latest master * Update spec submodule to track master branch * feat(keystore): complete and test AWS KMS configuration class * chore: remove version file from branch-keystore-node module * chore: updated gitignore to ignore auto-generated version files in branch-keystore-node module * chore: removed changelog from branch-keystore-node module so that git can autogenerate it * added additional test for 100% coverage fix(CI): bump up lerna from 7.3.0 to 8.1.6 (#615) * bump up lerna * Revert "bump up lerna" This reverts commit 6b3853ea7e184f485c30d45c50c18ba2d1c7e1d9. * Revert "feat(branch-keystore): model AWS KMS configuration" This reverts commit fa8eabcb46290fdd1dbc99baf8ee1a3d2facdc25. * Reapply "feat(branch-keystore): model AWS KMS configuration" This reverts commit 96e8b3085530a67fa46fab653e173eb1db01a7e9. * bump lerna up from 7.3.0 to 8.1.6 * add dependencies to ensure proper build * npm audit fix * fix test compliance issues fix(branch-keystore): modify AWS KMS configuration to only support single region key compatibility for now (#608) * feat(branch-keystore): model AWS KMS configuration * feat(keystore): create class to model AWS KMS configuration for branch keystore * updated spec submodule to latest master * Update spec submodule to track master branch * feat(keystore): complete and test AWS KMS configuration class * chore: remove version file from branch-keystore-node module * chore: updated gitignore to ignore auto-generated version files in branch-keystore-node module * chore: removed changelog from branch-keystore-node module so that git can autogenerate it * added additional test for 100% coverage * made the fix and tested * remove duplicate compliance citations * specified compliance tests * fix compliance tests * fix duvet * remove duvet test annotations * add compliance tests for duvet * fix compliance tests for duvet * fix compliance tests for duvet * change lerna version * removed getParsedArn * separate kms config helpers from types * specified what's a 'bad arn' in tests * better error msg * no longer supressing errors from parseAwsKmsKeyArn * changed tests to assert for specific error messages * add a notice * sync lock file with package.json * consolidate helpers * compliance test citation * add additional flag methods to tell us config state * divide helper function tests and class method tests * add notice * Revert "change lerna version" This reverts commit a9ba112605c76295fb23cfda651f37eff9332e7b. * Update package-lock.json feat(cryptographic-materials-cache): add support for branch key materials (#596) * support branch key materials support branch key materials reinstall uuidv4 * reinstall uuidv4 within specific modules * install util package * uninstall uuidv4 package from code that may run in browser runtimes * generate uuid v4's using uuid package instead of uuidv4 * manually validate uuid v4's * install uuid package * remove uuidv4 regex validation * remove version lowercasing * add tests for v3 & v5 feat(hierarchical-keyring): Uuidv4 byte compression (#626) * wrote code and added tests from MPL * explain the ranges add plain interface (#595) feat(hierarchical-keyring): add branch keystore (#620) * chore: update package-lock.json (#1425) run `npm audit fix` * feat(branch-keystore): model AWS KMS configuration * feat(keystore): create class to model AWS KMS configuration for branch keystore * updated spec submodule to latest master * Update spec submodule to track master branch * feat(keystore): complete and test AWS KMS configuration class * chore: remove version file from branch-keystore-node module * chore: updated gitignore to ignore auto-generated version files in branch-keystore-node module * chore: removed changelog from branch-keystore-node module so that git can autogenerate it * added additional test for 100% coverage * fix(CI): bump up lerna from 7.3.0 to 8.1.6 (#615) * bump up lerna * Revert "bump up lerna" This reverts commit 6b3853ea7e184f485c30d45c50c18ba2d1c7e1d9. * Revert "feat(branch-keystore): model AWS KMS configuration" This reverts commit fa8eabcb46290fdd1dbc99baf8ee1a3d2facdc25. * Reapply "feat(branch-keystore): model AWS KMS configuration" This reverts commit 96e8b3085530a67fa46fab653e173eb1db01a7e9. * bump lerna up from 7.3.0 to 8.1.6 * add dependencies to ensure proper build * npm audit fix * fix test compliance issues * fix(branch-keystore): modify AWS KMS configuration to only support single region key compatibility for now (#608) * feat(branch-keystore): model AWS KMS configuration * feat(keystore): create class to model AWS KMS configuration for branch keystore * updated spec submodule to latest master * Update spec submodule to track master branch * feat(keystore): complete and test AWS KMS configuration class * chore: remove version file from branch-keystore-node module * chore: updated gitignore to ignore auto-generated version files in branch-keystore-node module * chore: removed changelog from branch-keystore-node module so that git can autogenerate it * added additional test for 100% coverage * made the fix and tested * remove duplicate compliance citations * specified compliance tests * fix compliance tests * fix duvet * remove duvet test annotations * add compliance tests for duvet * fix compliance tests for duvet * fix compliance tests for duvet * change lerna version * removed getParsedArn * separate kms config helpers from types * specified what's a 'bad arn' in tests * better error msg * no longer supressing errors from parseAwsKmsKeyArn * changed tests to assert for specific error messages * add a notice * sync lock file with package.json * consolidate helpers * compliance test citation * add additional flag methods to tell us config state * divide helper function tests and class method tests * add notice * Revert "change lerna version" This reverts commit a9ba112605c76295fb23cfda651f37eff9332e7b. * Update package-lock.json * Noop commit * wrote keystore * modify tests * modifying tests * add constructor tests * use material management module's branch key material class * more testing * create fixtures file to consolidate all test constants * rename * more tests and duvet * add copyright notice * fix test * fix test * change interface name * change param type to interface * change method signature * change return types because this is a node package * indicate integration tests * add mock network calls todo * better error message for getBranchKeyItem helper * more concise * leave grant tokens empty * modify mock todo * consolidate constants into one file * add notice * remove tests involving multi region keys * moved non-resource info out of fixtures * reinstall dependencies * sync lockfile after rebase * assume SRK * changes * rename keystore interface --------- Co-authored-by: seebees <[email protected]> feat(hierarchical-keyring): KDF in counter mode with pseudorandom function (#609) * kdf * sync lockfile * nonce is required * improve Uint32ToSeq function * use pre-existing uint32 to big endian byte array * rename kdf.ts to kdfctr.ts * change macLengthBytes to h as in SP800-108 * change # iterations formula * removed dead code * made nonce optional and added a test * simplify calculation * remove repeated precondition Since kdfCtrMode will be exported from this module, its preconditions are also rawDerive's preconditions * better spacing * match test file name with src file name * optional nonce test * explain why offset is not a param * correct # iters * modify preconditions * chore: update package-lock.json (#1425) run `npm audit fix` * chore(CI): Add CodeBuild GHA Runner (#603) * feat(branch-keystore): model AWS KMS configuration * feat(keystore): create class to model AWS KMS configuration for branch keystore * updated spec submodule to latest master * Update spec submodule to track master branch * feat(keystore): complete and test AWS KMS configuration class * chore: remove version file from branch-keystore-node module * chore: updated gitignore to ignore auto-generated version files in branch-keystore-node module * chore: removed changelog from branch-keystore-node module so that git can autogenerate it * added additional test for 100% coverage * fix(CI): bump up lerna from 7.3.0 to 8.1.6 (#615) * bump up lerna * Revert "bump up lerna" This reverts commit 6b3853ea7e184f485c30d45c50c18ba2d1c7e1d9. * Revert "feat(branch-keystore): model AWS KMS configuration" This reverts commit fa8eabcb46290fdd1dbc99baf8ee1a3d2facdc25. * Reapply "feat(branch-keystore): model AWS KMS configuration" This reverts commit 96e8b3085530a67fa46fab653e173eb1db01a7e9. * bump lerna up from 7.3.0 to 8.1.6 * add dependencies to ensure proper build * npm audit fix * fix test compliance issues * fix(branch-keystore): modify AWS KMS configuration to only support single region key compatibility for now (#608) * feat(branch-keystore): model AWS KMS configuration * feat(keystore): create class to model AWS KMS configuration for branch keystore * updated spec submodule to latest master * Update spec submodule to track master branch * feat(keystore): complete and test AWS KMS configuration class * chore: remove version file from branch-keystore-node module * chore: updated gitignore to ignore auto-generated version files in branch-keystore-node module * chore: removed changelog from branch-keystore-node module so that git can autogenerate it * added additional test for 100% coverage * made the fix and tested * remove duplicate compliance citations * specified compliance tests * fix compliance tests * fix duvet * remove duvet test annotations * add compliance tests for duvet * fix compliance tests for duvet * fix compliance tests for duvet * change lerna version * removed getParsedArn * separate kms config helpers from types * specified what's a 'bad arn' in tests * better error msg * no longer supressing errors from parseAwsKmsKeyArn * changed tests to assert for specific error messages * add a notice * sync lock file with package.json * consolidate helpers * compliance test citation * add additional flag methods to tell us config state * divide helper function tests and class method tests * add notice * Revert "change lerna version" This reverts commit a9ba112605c76295fb23cfda651f37eff9332e7b. * Update package-lock.json * feat(cryptographic-materials-cache): add support for branch key materials (#596) * support branch key materials support branch key materials reinstall uuidv4 * reinstall uuidv4 within specific modules * install util package * uninstall uuidv4 package from code that may run in browser runtimes * generate uuid v4's using uuid package instead of uuidv4 * manually validate uuid v4's * install uuid package * remove uuidv4 regex validation * remove version lowercasing * add tests for v3 & v5 * kdf * sync lockfile * nonce is required * improve Uint32ToSeq function * use pre-existing uint32 to big endian byte array * rename kdf.ts to kdfctr.ts * change macLengthBytes to h as in SP800-108 * change # iterations formula * removed dead code * made nonce optional and added a test * simplify calculation * remove repeated precondition Since kdfCtrMode will be exported from this module, its preconditions are also rawDerive's preconditions * better spacing * match test file name with src file name * optional nonce test * explain why offset is not a param * correct # iters * modify preconditions * sync lock file * chore: update package-lock.json (#1425) run `npm audit fix` * feat(branch-keystore): model AWS KMS configuration * feat(keystore): create class to model AWS KMS configuration for branch keystore * updated spec submodule to latest master * Update spec submodule to track master branch * feat(keystore): complete and test AWS KMS configuration class * chore: remove version file from branch-keystore-node module * chore: updated gitignore to ignore auto-generated version files in branch-keystore-node module * chore: removed changelog from branch-keystore-node module so that git can autogenerate it * added additional test for 100% coverage * fix(CI): bump up lerna from 7.3.0 to 8.1.6 (#615) * bump up lerna * Revert "bump up lerna" This reverts commit 6b3853ea7e184f485c30d45c50c18ba2d1c7e1d9. * Revert "feat(branch-keystore): model AWS KMS configuration" This reverts commit fa8eabcb46290fdd1dbc99baf8ee1a3d2facdc25. * Reapply "feat(branch-keystore): model AWS KMS configuration" This reverts commit 96e8b3085530a67fa46fab653e173eb1db01a7e9. * bump lerna up from 7.3.0 to 8.1.6 * add dependencies to ensure proper build * npm audit fix * fix test compliance issues * fix(branch-keystore): modify AWS KMS configuration to only support single region key compatibility for now (#608) * feat(branch-keystore): model AWS KMS configuration * feat(keystore): create class to model AWS KMS configuration for branch keystore * updated spec submodule to latest master * Update spec submodule to track master branch * feat(keystore): complete and test AWS KMS configuration class * chore: remove version file from branch-keystore-node module * chore: updated gitignore to ignore auto-generated version files in branch-keystore-node module * chore: removed changelog from branch-keystore-node module so that git can autogenerate it * added additional test for 100% coverage * made the fix and tested * remove duplicate compliance citations * specified compliance tests * fix compliance tests * fix duvet * remove duvet test annotations * add compliance tests for duvet * fix compliance tests for duvet * fix compliance tests for duvet * change lerna version * removed getParsedArn * separate kms config helpers from types * specified what's a 'bad arn' in tests * better error msg * no longer supressing errors from parseAwsKmsKeyArn * changed tests to assert for specific error messages * add a notice * sync lock file with package.json * consolidate helpers * compliance test citation * add additional flag methods to tell us config state * divide helper function tests and class method tests * add notice * Revert "change lerna version" This reverts commit a9ba112605c76295fb23cfda651f37eff9332e7b. * Update package-lock.json * feat(cryptographic-materials-cache): add support for branch key materials (#596) * support branch key materials support branch key materials reinstall uuidv4 * reinstall uuidv4 within specific modules * install util package * uninstall uuidv4 package from code that may run in browser runtimes * generate uuid v4's using uuid package instead of uuidv4 * manually validate uuid v4's * install uuid package * remove uuidv4 regex validation * remove version lowercasing * add tests for v3 & v5 * kdf * sync lockfile * nonce is required * improve Uint32ToSeq function * use pre-existing uint32 to big endian byte array * rename kdf.ts to kdfctr.ts * change macLengthBytes to h as in SP800-108 * change # iterations formula * removed dead code * made nonce optional and added a test * simplify calculation * remove repeated precondition Since kdfCtrMode will be exported from this module, its preconditions are also rawDerive's preconditions * better spacing * match test file name with src file name * optional nonce test * explain why offset is not a param * correct # iters * modify preconditions * sync lock file * kdf * sync lockfile * nonce is required * improve Uint32ToSeq function * use pre-existing uint32 to big endian byte array * rename kdf.ts to kdfctr.ts * made nonce optional and added a test * remove repeated precondition Since kdfCtrMode will be exported from this module, its preconditions are also rawDerive's preconditions * match test file name with src file name * sync lock file after rebase * chain the calls * chore: update package-lock.json (#1425) run `npm audit fix` * feat(branch-keystore): model AWS KMS configuration * feat(keystore): create class to model AWS KMS configuration for branch keystore * updated spec submodule to latest master * Update spec submodule to track master branch * feat(keystore): complete and test AWS KMS configuration class * chore: remove version file from branch-keystore-node module * chore: updated gitignore to ignore auto-generated version files in branch-keystore-node module * chore: removed changelog from branch-keystore-node module so that git can autogenerate it * added additional test for 100% coverage * fix(CI): bump up lerna from 7.3.0 to 8.1.6 (#615) * bump up lerna * Revert "bump up lerna" This reverts commit 6b3853ea7e184f485c30d45c50c18ba2d1c7e1d9. * Revert "feat(branch-keystore): model AWS KMS configuration" This reverts commit fa8eabcb46290fdd1dbc99baf8ee1a3d2facdc25. * Reapply "feat(branch-keystore): model AWS KMS configuration" This reverts commit 96e8b3085530a67fa46fab653e173eb1db01a7e9. * bump lerna up from 7.3.0 to 8.1.6 * add dependencies to ensure proper build * npm audit fix * fix test compliance issues * fix(branch-keystore): modify AWS KMS configuration to only support single region key compatibility for now (#608) * feat(branch-keystore): model AWS KMS configuration * feat(keystore): create class to model AWS KMS configuration for branch keystore * updated spec submodule to latest master * Update spec submodule to track master branch * feat(keystore): complete and test AWS KMS configuration class * chore: remove version file from branch-keystore-node module * chore: updated gitignore to ignore auto-generated version files in branch-keystore-node module * chore: removed changelog from branch-keystore-node module so that git can autogenerate it * added additional test for 100% coverage * made the fix and tested * remove duplicate compliance citations * specified compliance tests * fix compliance tests * fix duvet * remove duvet test annotations * add compliance tests for duvet * fix compliance tests for duvet * fix compliance tests for duvet * change lerna version * removed getParsedArn * separate kms config helpers from types * specified what's a 'bad arn' in tests * better error msg * no longer supressing errors from parseAwsKmsKeyArn * changed tests to assert for specific error messages * add a notice * sync lock file with package.json * consolidate helpers * compliance test citation * add additional flag methods to tell us config state * divide helper function tests and class method tests * add notice * Revert "change lerna version" This reverts commit a9ba112605c76295fb23cfda651f37eff9332e7b. * Update package-lock.json * feat(cryptographic-materials-cache): add support for branch key materials (#596) * support branch key materials support branch key materials reinstall uuidv4 * reinstall uuidv4 within specific modules * install util package * uninstall uuidv4 package from code that may run in browser runtimes * generate uuid v4's using uuid package instead of uuidv4 * manually validate uuid v4's * install uuid package * remove uuidv4 regex validation * remove version lowercasing * add tests for v3 & v5 * kdf * sync lockfile * nonce is required * improve Uint32ToSeq function * use pre-existing uint32 to big endian byte array * rename kdf.ts to kdfctr.ts * change macLengthBytes to h as in SP800-108 * change # iterations formula * removed dead code * made nonce optional and added a test * simplify calculation * remove repeated precondition Since kdfCtrMode will be exported from this module, its preconditions are also rawDerive's preconditions * better spacing * match test file name with src file name * optional nonce test * explain why offset is not a param * correct # iters * modify preconditions * sync lock file * kdf * sync lockfile * nonce is required * improve Uint32ToSeq function * use pre-existing uint32 to big endian byte array * rename kdf.ts to kdfctr.ts * made nonce optional and added a test * remove repeated precondition Since kdfCtrMode will be exported from this module, its preconditions are also rawDerive's preconditions * match test file name with src file name * sync lock file after rebase * chore: update package-lock.json (#1425) run `npm audit fix` * feat(branch-keystore): model AWS KMS configuration * feat(keystore): create class to model AWS KMS configuration for branch keystore * updated spec submodule to latest master * Update spec submodule to track master branch * feat(keystore): complete and test AWS KMS configuration class * chore: remove version file from branch-keystore-node module * chore: updated gitignore to ignore auto-generated version files in branch-keystore-node module * chore: removed changelog from branch-keystore-node module so that git can autogenerate it * added additional test for 100% coverage * fix(CI): bump up lerna from 7.3.0 to 8.1.6 (#615) * bump up lerna * Revert "bump up lerna" This reverts commit 6b3853ea7e184f485c30d45c50c18ba2d1c7e1d9. * Revert "feat(branch-keystore): model AWS KMS configuration" This reverts commit fa8eabcb46290fdd1dbc99baf8ee1a3d2facdc25. * Reapply "feat(branch-keystore): model AWS KMS configuration" This reverts commit 96e8b3085530a67fa46fab653e173eb1db01a7e9. * bump lerna up from 7.3.0 to 8.1.6 * add dependencies to ensure proper build * npm audit fix * fix test compliance issues * fix(branch-keystore): modify AWS KMS configuration to only support single region key compatibility for now (#608) * feat(branch-keystore): model AWS KMS configuration * feat(keystore): create class to model AWS KMS configuration for branch keystore * updated spec submodule to latest master * Update spec submodule to track master branch * feat(keystore): complete and test AWS KMS configuration class * chore: remove version file from branch-keystore-node module * chore: updated gitignore to ignore auto-generated version files in branch-keystore-node module * chore: removed changelog from branch-keystore-node module so that git can autogenerate it * added additional test for 100% coverage * made the fix and tested * remove duplicate compliance citations * specified compliance tests * fix compliance tests * fix duvet * remove duvet test annotations * add compliance tests for duvet * fix compliance tests for duvet * fix compliance tests for duvet * change lerna version * removed getParsedArn * separate kms config helpers from types * specified what's a 'bad arn' in tests * better error msg * no longer supressing errors from parseAwsKmsKeyArn * changed tests to assert for specific error messages * add a notice * sync lock file with package.json * consolidate helpers * compliance test citation * add additional flag methods to tell us config state * divide helper function tests and class method tests * add notice * Revert "change lerna version" This reverts commit a9ba112605c76295fb23cfda651f37eff9332e7b. * Update package-lock.json * feat(cryptographic-materials-cache): add support for branch key materials (#596) * support branch key materials support branch key materials reinstall uuidv4 * reinstall uuidv4 within specific modules * install util package * uninstall uuidv4 package from code that may run in browser runtimes * generate uuid v4's using uuid package instead of uuidv4 * manually validate uuid v4's * install uuid package * remove uuidv4 regex validation * remove version lowercasing * add tests for v3 & v5 * kdf * sync lockfile * nonce is required * improve Uint32ToSeq function * use pre-existing uint32 to big endian byte array * rename kdf.ts to kdfctr.ts * made nonce optional and added a test * remove repeated precondition Since kdfCtrMode will be exported from this module, its preconditions are also rawDerive's preconditions * match test file name with src file name * sync lock file * kdf * sync lockfile * nonce is required * improve Uint32ToSeq function * use pre-existing uint32 to big endian byte array * rename kdf.ts to kdfctr.ts * made nonce optional and added a test * remove repeated precondition Since kdfCtrMode will be exported from this module, its preconditions are also rawDerive's preconditions * match test file name with src file name * chain the calls * sync lockfile after rebase --------- Co-authored-by: seebees <[email protected]> Co-authored-by: José Corella <[email protected]> fix(keystore): Fix kms config (#627) * change kms config remove flag methods remove assertValidNotAliasArn function * less arn parsing util exports needed type checks to class constructors and methods (#637) * type checks to class constructors and methods * modify grant token initialization feat(kms-keyring-node): add AWS KMS Hierarchical keyring (#632) * hkr * remove timeouts * fix test timeout issues * add an additional verification check * set up mocking * document mock mechanism * hkr * remove timeouts * fix test timeout issues * add an additional verification check * set up mocking * document mock mechanism * added runtime type checks to constructor * try fixing dep errors * fixes * add notice * renaming and modified preconditions Number attributes like TTL and max cache size can only be stored with precision if they are under JavaScript's Number.MAX_SAFE_INTEGER. In the MPL, TTL can be a non-negative signed 64-bit integer. However, JavaScript numbers cannot safely store integers beyond Number.MAX_SAFE_INTEGER. Thus, we will cap TTL in seconds such that TTL in ms is <= Number.MAX_SAFE_INTEGER. TTL could be a JS BigInt type but this would require casting back to a number in order to configure the CMC (which only deals with number types not BigInt), which leads to a lossy conversion. This same reasoning is applied to max cache size. Preconditions and tests for these preconditions are updated. * change in wrapping AAD logic * Update modules/kms-keyring-node/src/constants.ts add comment about encrypted key length in the ciphertext Co-authored-by: Rishav karanjit <[email protected]> * update constants change name of the kdf digest algorithm constant to specify sha256. Increases readability * update constants change provider id constant name to specify hierarchy --------- Co-authored-by: Rishav karanjit <[email protected]> hkr remove timeouts fix test timeout issues add an additional verification check set up mocking document mock mechanism added runtime type checks to constructor hkr remove timeouts fix test timeout issues add an additional verification check set up mocking document mock mechanism fixes add notice renaming and modified preconditions Number attributes like TTL and max cache size can only be stored with precision if they are under JavaScript's Number.MAX_SAFE_INTEGER. In the MPL, TTL can be a non-negative signed 64-bit integer. However, JavaScript numbers cannot safely store integers beyond Number.MAX_SAFE_INTEGER. Thus, we will cap TTL in seconds such that TTL in ms is <= Number.MAX_SAFE_INTEGER. TTL could be a JS BigInt type but this would require casting back to a number in order to configure the CMC (which only deals with number types not BigInt), which leads to a lossy conversion. This same reasoning is applied to max cache size. Preconditions and tests for these preconditions are updated. change in wrapping AAD logic update constants change name of the kdf digest algorithm constant to specify sha256. Increases readability update constants change provider id constant name to specify hierarchy create example file wrote code add notice and sync lockfile fix lint issue document the example more examples change class name add a comment about example branch key id supplier impl demo code and readme comment the demo code update duvet anotations first cut add storage Updates to H-Keyring Update tests all tests pass and all features “work” adding duvet anotations More duvet updates update the anotations Add discovery More citations Add expiration Update the spec version Updates add uuid to serialize update package lock update this one
seebees
force-pushed
the
seebees/add-hierarchical-keyring
branch
from
57fab73 to
235c28b
Compare
seebees
force-pushed
the
seebees/add-hierarchical-keyring
branch
from
b5d0db5 to
d9bc2ab
Compare
texastony
reviewed
Dec 14, 2024
| //# On initialization the KeyStore SHOULD | ||
| //# append a user agent string to the AWS KMS SDK Client with | ||
| //# the value `aws-kms-hierarchy`. | ||
| customUserAgent: KMS_CLIENT_USER_AGENT, |
There was a problem hiding this comment.
I have but looked yet, but does this constant include JS/TS, or does it only ID the H-Keyring/Key Store?
| 'MUST supply a string branch key id' | ||
| ) | ||
| needs( | ||
| branchKeyId && branchKeyVersion, |
There was a problem hiding this comment.
Sorry, it's been a while since I looked at TS.
Does this ensure the BKV is a string, or only that it has been set?
| //# GetActiveBranchKey MUST verify that the returned EncryptedHierarchicalKey is an HierarchicalSymmetricVersion. | ||
| needs( | ||
| encryptedBranchKey.type instanceof HierarchicalSymmetricVersion, | ||
| 'Unexpected type. Not an version record.' |
There was a problem hiding this comment.
Suggested change
| 'Unexpected type. Not an version record.' | |
| 'Unexpected type. Not a version record.' |
| if (!POTENTIAL_BRANCH_KEY_RECORD_FIELDS.includes(field)) { | ||
| needs( | ||
| field.startsWith(CUSTOM_ENCRYPTION_CONTEXT_FIELD_PREFIX), | ||
| `Custom encryption context key ${field} should be prefixed with ${CUSTOM_ENCRYPTION_CONTEXT_FIELD_PREFIX}` |
There was a problem hiding this comment.
If I am reading this correctly, the other implementation is not as strict in this respect.
I'm not against it, but I want to call out the diff.
I.e: other languages would allow for un-prefixed values.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adding the hierarchical keyring from the AWS Cryptographic Materials Provider(https://github.com/aws/aws-cryptographic-material-providers-library).
This only adds the hierarchical keyring for NodeJS. The browser is a difficult fit for a key hierarchy because the security boundaries are difficult to maintain.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Check any applicable: