-
Notifications
You must be signed in to change notification settings - Fork 113
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pluggable KMS integrations #386
Comments
For the current integrations, what I was thinking is to adopt a pattern similar to our cosign OIDC integrations which:
If
This way tooling that leverages cosign as an SDK can more selectively pull in implementations of the various providers. |
We could take the above a step further by allowing a "credential helper"-like fallback option. Presumably the registration phase above would allow implementations to register the "scheme" that they support, e.g. We could do the equivalent of As exemplars the |
@dlorenc @lukehinds @bobcallaway for thoughts ☝️ I can probably drive this, if folks think it would be a good refactor? cc @vaikas @jdolitsky who I have been talking about this with. |
I think @imjasonh already did the interface/registration thing: https://github.com/sigstore/sigstore/blob/main/pkg/signature/kms/gcp/client.go#L43 |
Looks like they are still linked from fairly core places: I'm going to start by moving these out to the binary entrypoint (further out than most folks still use as a library) to try and avoid the MPL problem in the linked issue. |
@haydentherapper and I discussed something like this quite recently here: sigstore/fulcio#496 (comment)
So yeah big +1 to moving all imports with side-effects out to the main entrypoint! |
Just a case study of the how the pattern |
Related: sigstore/sigstore#384 Related: sigstore/sigstore#386 Signed-off-by: Matt Moore <mattmoor@chainguard.dev>
Moving the imports up will be a big win. I'm not sure we can delete these ones from here without some kind of backwards compatibility story because of semver, but we could always just cut a version 2. |
@dlorenc we can make them their own modules in-place here? |
idk, does that make semver mad? |
Moving the side effect is already breaking to some folks downstream. I was actually going to suggest we scramble to move these out before my PR lands in a release to avoid breaking folks twice, but making these modules in place here could be a nice middle ground. This feels like a gray area of semver, since 1.x would have both in a single module and 1.x+1 would have both in different modules (but with identical names). Given how |
I'm a habitual line stepper when it comes to semver. Let's give it a try! |
* Move the KMS integration imports into the binary entrypoints Related: sigstore/sigstore#384 Related: sigstore/sigstore#386 Signed-off-by: Matt Moore <mattmoor@chainguard.dev> * Remove the fake import Signed-off-by: Matt Moore <mattmoor@chainguard.dev>
…e#1744) * Move the KMS integration imports into the binary entrypoints Related: sigstore/sigstore#384 Related: sigstore/sigstore#386 Signed-off-by: Matt Moore <mattmoor@chainguard.dev> * Remove the fake import Signed-off-by: Matt Moore <mattmoor@chainguard.dev>
…igstore#386) Signed-off-by: Jake Sanders <jsand@google.com>
Description
This is something I've been marinating on for some time, but was driven to open a tracking issue by #384
Problem: baking in every KMS provider under the sun into sigstore/sigstore itself incurs a significant overhead on all downstream projects regardless of whether they even use this functionality.
I'll sketch out some ideas in a follow up comment.
The text was updated successfully, but these errors were encountered: