Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KMS/HSM support #1056

Open
codysoyland opened this issue Apr 18, 2023 · 3 comments
Open

KMS/HSM support #1056

codysoyland opened this issue Apr 18, 2023 · 3 comments
Labels
feature help wanted

Comments

@codysoyland
Copy link

codysoyland commented Apr 18, 2023
edited

My team is interested in running a Trillian-based CT Log with a signer in Azure Key Vault using an HSM. It doesn't look like this project has support for KMS systems like Azure Key Vault or GCP/AWS KMS. Is there any plan or prior effort to build KMS support into this project?
@mhutchinson
Copy link
Contributor

Hey @codysoyland, this is a good question. I'm fairly confident that this is something that is not currently being worked on, but is something we would likely accept a PR to add functionality for. Is this something you'd be interested in writing an integration for?

@codysoyland
Copy link
Author

Is this something you'd be interested in writing an integration for?

Thanks for the quick reply! I will investigate the level of effort to see if we have the capacity to build it and update here if we are able to get started on it.

@ChevronTango
Copy link

I too would be interested in AWS KMS support for CT log and Trillian. Having certificates stored alongside the deployment we consider to be undesirable from a security perspective so KMS is much preferred.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@codysoyland @mhutchinson @ChevronTango