-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Adding a storage option to the KeyStore #594
Conversation
@seebees, I noticed you are updating the smithy model files. |
Detected changes to the release files or to the check-files action |
Changes to the release files or the check-files action requires 2 approvals from CODEOWNERS |
ad43b7e
to
ca83676
Compare
Detected changes to the release files or to the check-files action |
@seebees, I noticed you are updating the smithy model files. |
Changes to the release files or the check-files action requires 2 approvals from CODEOWNERS |
@seebees, I noticed you are updating the smithy model files. |
@seebees, I noticed you are updating the smithy model files. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
AwsCryptographicMaterialProviders/dafny/AwsCryptographyKeyStore/Model/Storage.smithy
Show resolved
Hide resolved
AwsCryptographicMaterialProviders/dafny/AwsCryptographyKeyStore/Model/Storage.smithy
Outdated
Show resolved
Hide resolved
AwsCryptographicMaterialProviders/dafny/AwsCryptographyKeyStore/Model/Storage.smithy
Outdated
Show resolved
Hide resolved
AwsCryptographicMaterialProviders/dafny/AwsCryptographyKeyStore/Model/Storage.smithy
Outdated
Show resolved
Hide resolved
AwsCryptographicMaterialProviders/dafny/AwsCryptographyKeyStore/Model/Storage.smithy
Show resolved
Hide resolved
AwsCryptographicMaterialProviders/dafny/AwsCryptographyKeyStore/Model/KeyStore.smithy
Show resolved
Hide resolved
@texastony, I noticed you are updating the smithy model files. |
@seebees, I noticed you are updating the smithy model files. |
...ryptographicMaterialProviders/dafny/AwsCryptographyKeyStore/src/DefaultEncryptedKeyStore.dfy
Outdated
Show resolved
Hide resolved
...ryptographicMaterialProviders/dafny/AwsCryptographyKeyStore/src/DefaultEncryptedKeyStore.dfy
Outdated
Show resolved
Hide resolved
AwsCryptographicMaterialProviders/dafny/AwsCryptographyKeyStore/Model/Storage.smithy
Outdated
Show resolved
Hide resolved
@seebees, I noticed you are updating the smithy model files. |
@seebees, I noticed you are updating the smithy model files. |
@seebees, I noticed you are updating the smithy model files. |
@seebees, I noticed you are updating the smithy model files. |
@seebees, I noticed you are updating the smithy model files. |
7fa97d5
to
1c0f43a
Compare
@seebees, I noticed you are updating the smithy model files. |
@seebees, I noticed you are updating the smithy model files. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looking good!
...hicMaterialProviders/dafny/AwsCryptographyKeyStore/src/AwsCryptographyKeyStoreOperations.dfy
Show resolved
Hide resolved
// config.ddbTableName, | ||
config.logicalKeyStoreName, | ||
config.kmsConfiguration, | ||
config.grantTokens, | ||
config.kmsClient, | ||
config.ddbClient | ||
config.storage | ||
// config.ddbClient |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
intentional comments?
|
||
&& 3 == |writeNewKey.TransactItems| | ||
&& Seq.Last(storage.History.WriteNewEncryptedBranchKey).input.Active |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: I liked how above you separated the Seq.Last(..)
on line 112 into its own variable that made it easy to follow along. Down below it gets a little difficult to tell what the Seq.Last is referring to.
AwsCryptographicMaterialProviders/dafny/AwsCryptographyKeyStore/src/CreateKeys.dfy
Show resolved
Hide resolved
AwsCryptographicMaterialProviders/dafny/AwsCryptographyKeyStore/src/Structure.dfy
Show resolved
Hide resolved
@seebees, I noticed you are updating the smithy model files. |
@seebees, I noticed you are updating the smithy model files. |
@seebees, I noticed you are updating the smithy model files. |
The key store now allows for both a default DynamoDB table, or any custom storage system. The important aspect about the key store is the fact that branch keys can be versioned easily, and are cryptographically safe to use. The actual storage medium is not important. See: https://github.com/awslabs/aws-encryption-sdk-specification/blob/master/changes/2024-6-17_key-store-persistance/background.md#background
56e5262
to
53c9c25
Compare
@seebees, I noticed you are updating the smithy model files. |
|
||
ensures | ||
&& old(ddbClient.History.GetItem) < ddbClient.History.GetItem | ||
&& old(ddbClient.History.TransactWriteItems) == ddbClient.History.TransactWriteItems |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@seebees What is going on here?
I just stumbled on this while working on Mutations,
but why assert the history of TransactWriteItems?
Is this a copy-paste mistake?
The key store now allows for both a default DynamoDB table, or any custom storage system.
The important aspect about the key store
is the fact that branch keys can be versioned easily, and are cryptographically safe to use.
The actual storage medium is not important.
See: https://github.com/awslabs/aws-encryption-sdk-specification/blob/master/changes/2024-6-17_key-store-persistance/background.md#background
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.