Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support BYOK in Terraform provider #1041

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Support BYOK in Terraform provider #1041

wants to merge 1 commit into from

Conversation

acwest
Copy link
Contributor

@acwest acwest commented Oct 4, 2024
edited
Loading

This PR brings support of the Bring Your Own Key (BYOK) functionality in the Auth0 Management API.

🔧 Changes

A new block customer_provided_root_key has been added to the auth0_encryption_key_manager resource.
When this block is added, this initiates the process of adding a customer provided root key to the tenant. The block will at this point be filled with attributes from the Auth0 tenant key_id, type, state, created_at, and updated_at which describe the new key, as well as public_wrapping_key and wrapping_algorithm, which will be used by the customer to wrap the new key they generate in their KSM/HSM.
Once the key is generated and wrapped, the Base64 encoded key is supplied by the customer in the wrapped_key attribute.
If the customer_provided_root_key block is removed, the key provisioning is stopped and Auth0 reverts to using a root key generated internally.

📚 References

Customer Managed Keys

API Docuimentation

🔬 Testing

📝 Checklist

  • All new/changed/fixed functionality is covered by tests (or N/A)
  • I have added documentation for all new/changed functionality (or N/A)

@codecov-commenter
Copy link

codecov-commenter commented Oct 4, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 84.10042% with 38 lines in your changes missing coverage. Please review.

Project coverage is 90.19%. Comparing base (1a3b628) to head (d77ad15).

Files with missing lines Patch % Lines
internal/auth0/encryptionkeymanager/resource.go 79.12% 26 Missing and 12 partials ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #1041      +/-   ##
==========================================
- Coverage   90.27%   90.19%   -0.09%     
==========================================
  Files         114      115       +1     
  Lines       16448    16666     +218     
==========================================
+ Hits        14849    15032     +183     
- Misses       1122     1146      +24     
- Partials      477      488      +11
Files with missing lines Coverage Δ
internal/auth0/encryptionkeymanager/flatten.go 100.00% <100.00%> (ø)
internal/wait/wait.go 100.00% <100.00%> (ø)
internal/auth0/encryptionkeymanager/resource.go 83.92% <79.12%> (-8.85%) ⬇️

@acwest acwest force-pushed the DXCDT-651-support-byok-in-terraform branch from e0f8b55 to d77ad15 Compare October 4, 2024 14:22
@acwest acwest marked this pull request as ready for review October 4, 2024 15:03
@acwest acwest requested a review from a team as a code owner October 4, 2024 15:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@acwest @codecov-commenter