-
Notifications
You must be signed in to change notification settings - Fork 334
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP - Add HSM support to Key Vault #1717
base: dev
Are you sure you want to change the base?
Conversation
f681b39
to
160e128
Compare
@Fred-sun or @xuzhang3 Can one of you run the integration tests? I've tested as much as my account allows me but I don't have permission to download the security domain file in my org.
I've also had limited success running this in the pipeline, I either get 5 HSM's are already deployed or a gateway timeout.
Thanks. |
sure, I will running these tests. |
@p3ck can you help migrate the vendor-sdk to azure-keyvault-administration for KV HSM management? |
I've looked at this and it doesn't seem to have the methods to actually
setup the HSM for use. Please see this:
https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/quick-create-cli
The piece that is missing is the security-domain download.
…On Mon, Sep 23, 2024 at 2:11 AM xuzhang3 ***@***.***> wrote:
@p3ck <https://github.com/p3ck> can you help migrate the vendor-sdk to
azure-keyvault-administration for KV HSM management?
https://learn.microsoft.com/en-us/python/api/overview/azure/keyvault-administration-readme?view=azure-python
—
Reply to this email directly, view it on GitHub
<#1717 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAUPZOCU44OVGE3RPAU6WRDZX6WJ3AVCNFSM6AAAAABOMFWUM6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNRXGMYDMMRQHA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
df9353d
to
96ee472
Compare
I have been able to test some of this locally..
As you can see I was able to download the security-domain which involves uploading the public certs and specifying the minimum number for quorum. I am unable to test the key generation since I don't have permission to do that. I don't think my account has the correct permissions from my org since I tried the following as well:
I've also opened an issue in the azure-cli package asking if the vendored_sdks files can be broken out into a separate package. |
# | ||
# azure_rm_hsmsecret tests | ||
# | ||
- name: Create a hsm secret |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Key Vault HSM does not support secret management, this test case can be removed
Waiting for Azure/azure-sdk-for-python#37929 to finalize so we can use the SDK. |
SUMMARY
Add support for HSM in KeyVault module(s)
ISSUE TYPE
COMPONENT NAME
plugins/modules/azure_rm_keyvault.py
plugins/modules/azure_rm_keyvault_info.py
plugins/modules/azure_rm_keyvaultsecuritydomain.py
ADDITIONAL INFORMATION
The vendored_sdks is copied directiy from azure-cli. It doesn't seem to be packaged in the azure-python-sdk which is where I think it should go.