Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add hsm key set prefix to support multiple hydra instances on t… #3066

Merged
merged 2 commits into from
Apr 24, 2022
Merged

feat: add hsm key set prefix to support multiple hydra instances on t… #3066

merged 2 commits into from
Apr 24, 2022

Conversation

aarmam
Copy link
Contributor

@aarmam aarmam commented Apr 13, 2022
edited
Loading

This pull request adds configuration option hsm.key_set_prefix to support multiple Ory Hydra instances to store keys on the same HSM partition. For example if hsm.key_set_prefix=app1. then key set hydra.openid.id-token would be generated/requested/deleted on HSM with CKA_LABEL=app1.hydra.openid.id-token

This will not affect Hydra API in any way. GET /keys/hydra.openid.id-token will return key set from HSM with label app1.hydra.openid.id-token

Checklist

  • I have read the contributing guidelines.
  • I have referenced an issue containing the design document if my change
    introduces a new feature.
  • I am following the
    contributing code guidelines.
  • I have read the security policy.
  • I confirm that this pull request does not address a security
    vulnerability. If this pull request addresses a security. vulnerability, I
    confirm that I got green light (please contact
    security@ory.sh) from the maintainers to push
    the changes.
  • I have added tests that prove my fix is effective or that my feature
    works.
  • I have added or changed the documentation.

@aarmam aarmam requested a review from aeneasr as a code owner April 13, 2022 11:34
@codecov
Copy link

codecov bot commented Apr 13, 2022
edited
Loading

Codecov Report

Merging #3066 (f9c72ea) into master (a3c4304) will decrease coverage by 0.02%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##           master    #3066      +/-   ##
==========================================
- Coverage   79.57%   79.55%   -0.02%     
==========================================
  Files         112      112              
  Lines        7957     7959       +2     
==========================================
  Hits         6332     6332              
- Misses       1223     1225       +2     
  Partials      402      402
Impacted Files Coverage Δ
driver/config/provider.go 85.21% <0.00%> (-0.75%) ⬇️
driver/registry_sql.go 80.32% <0.00%> (ø)
hsm/manager_nohsm.go 0.00% <0.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 222a01b...f9c72ea. Read the comment docs.

@aarmam aarmam force-pushed the feature/hsm-key-set-prefix branch from 7170e31 to e629a10 Compare April 13, 2022 12:19
@aarmam aarmam mentioned this pull request Apr 14, 2022
Merged
6 tasks
aeneasr
aeneasr requested changes Apr 14, 2022
View reviewed changes
driver/registry_sql.go Outdated Show resolved Hide resolved
@aarmam aarmam force-pushed the feature/hsm-key-set-prefix branch from 6a69907 to 7a4552c Compare April 19, 2022 07:55
@aarmam aarmam requested a review from aeneasr April 19, 2022 12:51
@aarmam aarmam force-pushed the feature/hsm-key-set-prefix branch from 7a4552c to f9c72ea Compare April 19, 2022 12:58
@aeneasr aeneasr merged commit 90523fd into ory:master Apr 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aeneasr aeneasr aeneasr approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@aarmam @aeneasr