Skip to content

Use protection level HSM if it's given in the URI#809

Merged
maraino merged 1 commit intomasterfrom
mariano/key-vault-hsm
Jul 30, 2025
Merged

Use protection level HSM if it's given in the URI#809
maraino merged 1 commit intomasterfrom
mariano/key-vault-hsm

Conversation

@maraino
Copy link
Copy Markdown
Contributor

@maraino maraino commented Jul 29, 2025
edited
Loading

This commit prioritizes the hsm=true flag in the URI to create a key in an Azure HSM Key Vault. Before this change, step-kms-plugin required the use of the flag --protection-level HSM to create a key in the HSM.

Fixes smallstep/step-kms-plugin#252

$ step kms sign --in README.md 'yubikey:slot-id=82?pin-prompt'
Enter PIN:

# And after entering the proper pin
$ step kms sign --in README.md 'yubikey:slot-id=82?pin-prompt'
MEUCIBK96u7ggPhbknJBKBxOTPS7NsF3KMvytrls3TnZg9zMAiEAzbUzGVcRERcT36goiXD/ZU7nz416xwy3PkT6Y/Ys4LE=

@maraino
Use protection level HSM if it's given in the URI
30b20db 
This commit prioritizes the `hsm=true` flag in the URI to create a key
in an Azure HSM Key Vault. Before this change, `step-kms-plugin`
required the use of the flag `--protection-level HSM` to create a key in
the HSM.

Fixes smallstep/step-kms-plugin#252
@maraino maraino requested a review from hslatman July 29, 2025 18:58
@maraino maraino merged commit 592ab4d into master Jul 30, 2025
14 checks passed
@maraino maraino deleted the mariano/key-vault-hsm branch July 30, 2025 00:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hslatman hslatman hslatman approved these changes

Assignees

No one assigned

Labels

needs triage

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Unable to create an EC-HSM key in an Azure premium Key Vault

3 participants

@maraino @hslatman @step-ci