-
-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: adding import functionality #13
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall a bit confused why we are storing the private keys on disk once they are imported
I built out the ability to allow ape-aws to create a key for the user just to give us a visual of what that would look like in case it was something you may have wanted. I originally built out this functionality to get a key in the correct format so I knew what I was dealing with, with respect to KMS. KMS has different requirements for key formats, and with the requirement of needing to use the public key and private key together to encrypt the private key to send, I needed to know what KMS was looking for. After building out the feature, I figured I'd let you look at it to see if it was something you wanted. If you did want it, we needed the ability to store that key. |
Co-authored-by: El De-dog-lo <3859395+fubuloubu@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this actually display on your machine? I hadn't seen this before
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some suggestions, looking close though
ape_aws/kms/_cli.py
Outdated
) | ||
response = kms_client.import_key(import_key_spec) | ||
if response["ResponseMetadata"]["HTTPStatusCode"] != 200: | ||
cli_ctx.abort("Key failed to import into KMS") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does it give any message in case of a failure? might want to display it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the response I get when I get a failure
ERROR: Key failed to import into KMS
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well yeah, that's what the above line will give you
I'm asking if there's any field in response
that will help you understand the issue that came up which we can print w/ .abort
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ohhhhh, let me check what we can give to the user
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
boto3 seems to catch most of these errors, I tried to get a bad response, but I believe boto3 is handling the errors. To be sure, this is how I'm handling it
Co-authored-by: El De-dog-lo <3859395+fubuloubu@users.noreply.github.com>
Co-authored-by: El De-dog-lo <3859395+fubuloubu@users.noreply.github.com>
Co-authored-by: El De-dog-lo <3859395+fubuloubu@users.noreply.github.com>
which are you referring to? |
Where it was saying |
oh, yeah that was showing up in my returns, but if it isn't showing up in yours, I'm not too worried about it |
I didn't actually try it, might be a new feature of Ape v0.8 |
What I did
Adding import for Eth private keys to AWS KMS
fixes: #12
How I did it
Added functionality, trying to emulate This Article in python
How to verify it
ape aws kms import 'testAlias' 'Description' 'private-key'
Checklist