Skip to content

Add SearchKeys functionality to MacKMS#552

Merged
hslatman merged 5 commits intomasterfrom
herman/mackms-search
Jul 29, 2024
Merged

Add SearchKeys functionality to MacKMS#552
hslatman merged 5 commits intomasterfrom
herman/mackms-search

Conversation

@hslatman
Copy link
Copy Markdown
Member

@hslatman hslatman commented Jul 18, 2024
edited
Loading

In follow up PRs I'd like to add:

  • Support in PKCS11
  • Support in TPMKMS
  • Support in CAPI?
  • Support for searching certificates?

@hslatman hslatman force-pushed the herman/mackms-search branch from 360134c to 9c3c6e2 Compare July 25, 2024 12:13
@hslatman hslatman marked this pull request as ready for review July 25, 2024 12:15
@hslatman hslatman requested a review from maraino July 25, 2024 12:15
@hslatman hslatman force-pushed the herman/mackms-search branch from bd63571 to 4baf2ce Compare July 26, 2024 12:02
maraino
maraino reviewed Jul 26, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@maraino maraino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks ok, I've added a few questions and a comment to see if it is possible to search keys in the secure enclave. For example, all with the default tag would be mackms:se=true

Comment thread kms/mackms/mackms.go
Comment thread kms/mackms/mackms.go
Comment thread kms/mackms/mackms.go
@hslatman
Support filtering search query on being in Secure Enclave or not
606fcd9 
If `se` is not specified in the search query, all keys managed by
the KMS (using the default tag) will be returned. When `se=true`,
or `se=false`, keys will be filtered based on whether they were created
inside the Secure Enclave or not, respectively.
@hslatman hslatman requested a review from maraino July 29, 2024 11:13
maraino
maraino approved these changes Jul 29, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@maraino maraino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

In the switch cases, we could remove the se=false in the name URI, which would be the default for individual keys.

@hslatman hslatman merged commit c4593f5 into master Jul 29, 2024
@hslatman hslatman deleted the herman/mackms-search branch July 29, 2024 18:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@maraino maraino maraino approved these changes

Assignees

No one assigned

Labels

needs triage

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hslatman @maraino