Skip to content

Add new keyring trace flag to indicate KMS Keyring property #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
lavaleri opened this issue Sep 16, 2019 · 0 comments · Fixed by #105
Closed

Add new keyring trace flag to indicate KMS Keyring property #39

lavaleri opened this issue Sep 16, 2019 · 0 comments · Fixed by #105
Assignees
@mattsb42-aws
Milestone
Spec 1.0 (Officia...

Comments

@lavaleri
Copy link
Contributor

There is a specific property that the KMS Keyring can ensure regarding the EDKs it produces and the EC used to wrap/unwrap data keys. The property is something along the lines of "If KMS is set up correctly, users who have the ability to only unwrap data keys are unable to modify the EC"

We need to determine the correct wording for this property, and define this new flag in the spec.
@seebees seebees added this to the keyrings milestone May 22, 2020
@mattsb42-aws mattsb42-aws mentioned this issue May 22, 2020
Merged
farleyb-amazon pushed a commit to farleyb-amazon/aws-encryption-sdk-specification that referenced this issue May 4, 2022
@alex-chew
chore: minor message header fixes (awslabs#39)
5206155
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mattsb42-aws mattsb42-aws

Labels
None yet
Projects
None yet
Milestone
Spec 1.0 (Official Keyring Release)
Development

Successfully merging a pull request may close this issue.

feat: remove keyring trace mattsb42-aws/aws-encryption-sdk-specification
3 participants
@seebees @mattsb42-aws @lavaleri