Skip to content

[feature proposal] additional keyring trace entries #97

New issue
New issue
Closed
#105
Closed
[feature proposal] additional keyring trace entries#97
#105
Assignees
mattsb42-aws
Labels
Doc impactRequires a change to AWS documentationenhancementNew feature or request
Milestone
Spec 1.0 (Official Keyring Release)
@mattsb42-aws

Description

@mattsb42-aws
mattsb42-aws
opened on Apr 24, 2020

NOTE: I would argue that this is dependent on and blocked by #95.

Problem

One of the common challenges that users of the AWS Encryption SDK encounter is how to debug why an encryption or decryption did not work. The keyring trace can help to audit what worked but does not currently help determine if something did not work.

Type of Problem

feature

Actual Behavior

Keyrings currently only add entries to the trace on success.

Desired Behavior

Keyrings should add entries to the keyring trace that describe what they did for no-ops and failure as well as success.

Proposed Solution

In order to help close the debugging issue, this proposal is to add additional trace entry flags that keyrings SHOULD use in new trace entries.

  • SKIPPED : Keyring was engaged but did not attempt to decrypt any EDKs.
  • DECRYPT_FAILED : Keyring attempted to decrypt EDK but failed.

Open questions:

  • How many entries should a keyring add?
    • Trace entries do not contain any information about the EDK, each keyring should probably only add one trace entry.

Metadata

Metadata

Assignees

Labels

Doc impactRequires a change to AWS documentationenhancementNew feature or request

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions