-
Notifications
You must be signed in to change notification settings - Fork 113
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add initial eHSM-KMS support for signstore #1393
base: main
Are you sure you want to change the base?
Conversation
a78743f
to
0d68e4d
Compare
eHSM-KMS is an End-to-End Distributed and Scalable Cloud KMS built on top of Intel SGX enclave-based HSM(Hardware Security Module), aka eHSM. More details, please refer to: https://github.com/intel/ehsm Signed-off-by: Yan, Shaopu <shaopu.yan@intel.com>
hi cpanato, bobcallaway, would you help to review this PR, which is to provide another alternative cloud KMS eHSM-KMS. eHSM-KMS is An End-to-End Distributed and Scalable Cloud KMS built on top of Intel SGX enclave-based HSM(Hardware Security Module), aka eHSM, that cloud KMS could be attested by the user to make sure it's actually runs in the TEE(Trusty Execution Environment). More details, please refer to: |
Hey @lukehinds @cpanato , what should be done to get this PR merged? |
sorry for the delay, I will need a bit more time to review and have others to review as well |
Thanks. Any comments for this PR? |
Hi @syan10 First off sorry for the late reply and thank you for your contribution. A few considerations that come to mind (correct me if wrong on any of these):
Please let me know and this can help guide our decisions. Many Thanks, Luke |
Thanks Luke. Yes, eHSM requires a SGX-capable machine for testing. Compared to the commercial Cloud KMS offered by CSPs, eHSM-KMS is a more convenient option for private cloud usage, offering enhanced security compared to Hashicorp Vault for users who prefer not to rely on CSPs. Anyway, we can hold off on merging this patch for now and consider it when you receive similar requests. Thanks |
eHSM-KMS is An End-to-End Distributed and Scalable Cloud KMS built on top of Intel SGX enclave-based HSM(Hardware Security Module), aka eHSM.
More details, please refer to:
https://github.com/intel/ehsm