Skip to content

Comments

feat: AWS KMS Byok#681

Open
HatemMn wants to merge 16 commits intodevelopfrom
feat/aws_byok
Open

feat: AWS KMS Byok#681
HatemMn wants to merge 16 commits intodevelopfrom
feat/aws_byok

Conversation

@HatemMn
Copy link
Contributor

@HatemMn HatemMn commented Jan 9, 2026
edited
Loading

  • Introduce 2 cli actions to permit BYOK flows with AWS KMS (docs below)

  • Create full flow integration tests - to avoid static mocks, utility functions that mimic (a correct) AWS KMS were created to run locally using openssl

  • Fix stdout console formatting when an export action happens

Checklist

  • should succeed some manual E2E tests from cli
  • and some tests from the ui ( E2E )
  • delete the chinese algorithm and its instances
  • test valid combinations with the aws cli
  • proper docs on docs.cosmian

References :

Creating keys on amazon kms : https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-conceptual.html

Importing keys https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html

Requirements for key material :https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-conceptual.html#importing-keys-material-requirements

@HatemMn HatemMn self-assigned this Jan 9, 2026
@HatemMn HatemMn mentioned this pull request Jan 13, 2026
Open
This was linked to issues Jan 13, 2026
Azure Byok might not re-wrap already wrapped in-base keys #685
Open
Support of AWS BYOK #650
Open
@HatemMn HatemMn force-pushed the feat/aws_byok branch 3 times, most recently from 7d16d1b to 9b2cd4c Compare January 26, 2026 12:26
@HatemMn HatemMn mentioned this pull request Jan 29, 2026
Merged
@HatemMn
Copy link
Contributor Author

HatemMn commented Jan 30, 2026

@copilot search this PR for "TODO" comments, useless comments, or stuff I have "forgot" around

Copilot AI mentioned this pull request Jan 30, 2026
Closed
Copy link
Contributor

Copilot AI commented Jan 30, 2026

@HatemMn I've opened a new pull request, #699, to work on those changes. Once the pull request is ready, I'll request review from you.

@HatemMn HatemMn added bug Something isn't working documentation Improvements or additions to documentation labels Feb 3, 2026
@HatemMn
Copy link
Contributor Author

HatemMn commented Feb 3, 2026

Documentation isn't finished yet but it's just a matter of redaction

The CLI, the UI, and the integration tests are all finished tho

For now the only problem here is that, for some reason, when using an algorithm other that RSAES_OAEP_SHA_256 to wrap the AWS KMS returns an "invalid cyphertext error"...

Until this is fixed I can safely say that RSAES_OAEP_SHA_256 wrapping is correctly implemented if an AWS BYOK use case is needed by someone, but please don't use the other ones before this is finished

@HatemMn HatemMn removed bug Something isn't working documentation Improvements or additions to documentation labels Feb 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@HatemMn HatemMn

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Azure Byok might not re-wrap already wrapped in-base keys Support of AWS BYOK

2 participants

@HatemMn