cmd/kes: add support for migrating keys to minkms

This commit adds support for migrating keys to minkms via the `kes migrate` command. Migrating all keys of a KES backend to a MinKMS server can be done as following: ``` kes migrate --from src-config.yml --server 127.0.0.1:7373 --enclave minio --api-key k1:... ``` Currently, this implementation has the following limitations: - The HMAC key is not migrated. This requires support from MinKMS. However, HMAC keys are not used for S3 object encryption and have been added to KES recently. - Ciphertexts produced by KES cannot be decrypted auto. because they lack the key version prefix (e.g. 'v1:'). Future KES servers may use ciphertexts with key versions and MinKMS may accept a ciphertext without one. Signed-off-by: Andreas Auernhammer <[email protected]>
minio · Jun 6, 2024 · 35afcc4 · 35afcc4
1 parent fe54489
commit 35afcc4
Show file tree

Hide file tree

Showing 8 changed files with 211 additions and 182 deletions.
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
@@ -16,7 +16,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v3
       with:
-        go-version: 1.22.2
+        go-version: 1.22.4
         check-latest: true
       id: go
     - name: Check out code
@@ -34,7 +34,7 @@ jobs:
       - name: "Set up Go"
         uses: actions/setup-go@v3
         with:
-          go-version: 1.22.2
+          go-version: 1.22.4
         id: go
       - name: Check out code
         uses: actions/checkout@v3
@@ -54,7 +54,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v3
       with:
-        go-version: 1.22.2
+        go-version: 1.22.4
         check-latest: true
       id: go
     - name: Check out code
@@ -70,7 +70,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go-version: [1.21.9, 1.22.3]
+        go-version: [1.21.11, 1.22.4]
     steps:
     - name: Set up Go ${{ matrix.go-version }}
       uses: actions/setup-go@v3

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -20,7 +20,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.22.2
+          go-version: 1.22.4
           check-latest: true
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v1
@@ -30,4 +30,4 @@ jobs:
         uses: goreleaser/goreleaser-action@v3
         with:
           version: latest
-          args: release --skip-publish --skip-sign --clean --snapshot --skip-before
+          args: release --skip=publish,sign,before --clean --snapshot
diff --git a/cmd/kes/main.go b/cmd/kes/main.go
@@ -71,7 +71,7 @@ func main() {
 		"status": statusCmd,
 		"metric": metricCmd,
 
-		"migrate": migrateCmd,
+		"migrate": migrate,
 		"update":  updateCmd,
 	}