feat(policy): Default Platform Keys #2254
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Benchmark results, click to expandBenchmark Results:
Bulk Benchmark Results
TDF3 Benchmark Results:
NANOTDF Benchmark Results:
Error Summary:
Standard Benchmark Metrics Skipped or Failed |
Benchmark results, click to expandBenchmark Results:
Bulk Benchmark Results
TDF3 Benchmark Results:
NANOTDF Benchmark Results:
Error Summary:
Standard Benchmark Metrics Skipped or Failed |
There was a problem hiding this comment.
Pull Request Overview
Adds support for default Key Access Server (KAS) keys, including storage, RPCs, and configuration updates.
- Introduces a new
default_kas_keystable with migrations - Defines
SetDefaultKeyandGetDefaultKeysRPCs in the proto and implements handlers - Updates DB layer, service logic, and well-known configuration on default key changes
Reviewed Changes
Copilot reviewed 15 out of 19 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| service/wellknownconfiguration/wellknown_configuration.go | Adds UpdateConfiguration for writing well-known configs |
| service/policy/kasregistry/key_access_server_registry.proto | Defines TdfType, SetDefaultKey, GetDefaultKeys messages |
| service/policy/kasregistry/key_access_server_registry.go | Implements service handlers for the new RPCs |
| service/policy/db/migrations/20250512000000_default_keys_table.md | Adds mermaid ER diagram for default_kas_keys |
| service/policy/db/schema_erd.md | Updates ERD to include default_kas_keys table |
| service/policy/db/query.sql.go | Adds queries for default KAS key CRUD |
| service/policy/db/models.go | Adds DefaultKasKey model |
| service/policy/db/key_access_server_registry.go | Implements DB client logic for default keys, migrations & config |
| service/pkg/db/marshalHelpers.go | Adds JSON/proto helpers for default KAS keys |
Files not reviewed (4)
- docs/grpc/index.html: Language not supported
- docs/openapi/policy/kasregistry/key_access_server_registry.swagger.json: Language not supported
- service/policy/db/migrations/20250512000000_default_keys_table.sql: Language not supported
- service/policy/db/query.sql: Language not supported
Comments suppressed due to low confidence (3)
service/policy/db/models.go:3
- [nitpick] The sqlc version was downgraded from v1.29.0 to v1.28.0; please confirm this was intentional.
// sqlc v1.29.0
service/policy/kasregistry/key_access_server_registry.proto:617
- Remove the trailing semicolon after the message block;
.protomessage definitions should not end with a semicolon.
};
service/policy/kasregistry/key_access_server_registry.go:476
SetDefaultKeyRequesthas noGetId()method. Use theobjectIDvariable (which holds the active key ID) instead ofr.Msg.GetId().
return nil, db.StatusifyError(err, db.ErrTextUpdateFailed, slog.String("SetDefaultKey", r.Msg.GetId()))
github-actions
bot
added
comp:db
strantalis
reviewed
May 20, 2025
strantalis
reviewed
May 20, 2025
Benchmark results, click to expandBenchmark Results:
Bulk Benchmark Results
TDF3 Benchmark Results:
NANOTDF Benchmark Results:
Error Summary:
Standard Benchmark Metrics Skipped or Failed |
Benchmark results, click to expandBenchmark Results:
Bulk Benchmark Results
TDF3 Benchmark Results:
NANOTDF Benchmark Results:
Error Summary:
Standard Benchmark Metrics Skipped or Failed |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces significant new functionality for managing default platform keys, including a new database table, RPCs for setting and getting default keys, and changes to allow multiple active keys of the same algorithm. The changes also include a fix for a key rotation issue. Overall, the implementation looks solid, with good test coverage for the new features. I've identified a few areas for improvement, primarily around documentation clarity and a potential data handling concern in marshalHelpers.go.
Summary of Findings
- Data Handling in
UnmarshalSimpleKasKey: There are assumptions inservice/pkg/db/marshalHelpers.go UnmarshalSimpleKasKeyabout how algorithm and PEM data are stored/retrieved from the database versus their protobuf definitions. This could lead to runtime issues if the actual data format differs. (Severity: High) - Documentation Clarity for Default Key: Several comments and descriptions in generated documentation (gRPC HTML, OpenAPI, .pb.go comments) refer to the default base key as a "list of keys" when it appears to be a single key. This should be clarified for consistency. (Severity: Medium)
- Missing Descriptions in Generated Documentation: Some fields in the auto-generated gRPC HTML and OpenAPI documentation are missing descriptions, which impacts clarity. (Severity: Medium)
- Efficiency of
CreateKeyDB Interaction: TheCreateKeymethod inservice/policy/db/key_access_server_registry.gonow involves two database queries instead of potentially one. This might have a minor performance impact if it's a high-frequency operation. (Severity: Medium) - Minor Typos in Comments/Docs: There are a couple of minor typos (e.g., "tp" instead of "to") in comments and documentation. (Severity: Low - not commented directly due to settings)
- Use of
context.TODO():context.TODO()is used during service initialization inservice/policy/kasregistry/key_access_server_registry.go. While often acceptable for init, passing a real context is preferred if feasible. (Severity: Low - not commented directly due to settings) - SQLC Version Change: Generated
sqlcfiles show a version change from v1.29.0 to v1.28.0 (downgrade). This is likely a tooling/process note rather than a code issue. (Severity: Low - not commented directly due to settings)
Merge Readiness
This pull request introduces valuable functionality for default platform keys and includes important fixes. The integration tests for the new features are comprehensive.
However, there are a few points to address before merging, particularly the high-severity concern regarding data handling in UnmarshalSimpleKasKey and several medium-severity documentation clarity issues. Addressing these will improve the robustness and maintainability of the code.
I am unable to approve pull requests, but I recommend addressing the high and medium severity issues before this PR is merged. Other reviewers should also assess these changes.
docs/openapi/policy/kasregistry/key_access_server_registry.swagger.json
Outdated
Show resolved
Hide resolved
protocol/go/policy/kasregistry/key_access_server_registry.pb.go
Outdated
Show resolved
Hide resolved
Benchmark results, click to expandBenchmark Results:
Bulk Benchmark Results
TDF3 Benchmark Results:
NANOTDF Benchmark Results:
Error Summary:
Standard Benchmark Metrics Skipped or Failed |
Benchmark results, click to expandBenchmark Results:
Bulk Benchmark Results
TDF3 Benchmark Results:
NANOTDF Benchmark Results:
Error Summary:
Standard Benchmark Metrics Skipped or Failed |
Benchmark results, click to expandBenchmark Results:
Bulk Benchmark Results
TDF3 Benchmark Results:
NANOTDF Benchmark Results:
Error Summary:
Standard Benchmark Metrics Skipped or Failed |
strantalis
previously approved these changes
May 23, 2025
Benchmark results, click to expandBenchmark Results:
Bulk Benchmark Results
TDF3 Benchmark Results:
NANOTDF Benchmark Results:
Error Summary:
Standard Benchmark Metrics Skipped or Failed |
strantalis
approved these changes
May 23, 2025
This was referenced May 23, 2025
github-merge-queue bot
pushed a commit
that referenced
this pull request
May 23, 2025
🤖 I have created a release *beep* *boop* --- ## [0.3.5](protocol/go/v0.3.4...protocol/go/v0.3.5) (2025-05-23) ### Features * **policy:** Default Platform Keys ([#2254](#2254)) ([d7447fe](d7447fe)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
github-merge-queue bot
pushed a commit
that referenced
this pull request
May 28, 2025
🤖 I have created a release *beep* *boop* --- ## [0.4.6](sdk/v0.4.5...sdk/v0.4.6) (2025-05-28) ### Features * **policy:** Default Platform Keys ([#2254](#2254)) ([d7447fe](d7447fe)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com> Co-authored-by: Chris Reed <[email protected]>
github-merge-queue bot
pushed a commit
that referenced
this pull request
May 29, 2025
🤖 I have created a release *beep* *boop* --- ## [0.5.4](service/v0.5.3...service/v0.5.4) (2025-05-29) ### Features * **authz:** access pdp v2 with actions ([#2264](#2264)) ([7afefb7](7afefb7)) * **authz:** logic for authz v2 (actions within ABAC decisioning) ([#2146](#2146)) ([0fdc259](0fdc259)) * **policy:** Default Platform Keys ([#2254](#2254)) ([d7447fe](d7447fe)) * **policy:** Update key status's and UpdateKey rpc. ([#2315](#2315)) ([7908db9](7908db9)) ### Bug Fixes * **policy:** DSPX-1151 update of registered resource value always clears existing action attribute values ([#2325](#2325)) ([ca94425](ca94425)) * **policy:** Ensure non active keys cannot be assigned. ([#2321](#2321)) ([207d10d](207d10d)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com> Co-authored-by: Elizabeth Healy <[email protected]>
strantalis
pushed a commit
to strantalis/platform
that referenced
this pull request
May 29, 2025
🤖 I have created a release *beep* *boop* --- ## [0.4.6](opentdf/platform@sdk/v0.4.5...sdk/v0.4.6) (2025-05-28) ### Features * **policy:** Default Platform Keys ([opentdf#2254](opentdf#2254)) ([d7447fe](opentdf@d7447fe)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com> Co-authored-by: Chris Reed <[email protected]>
strantalis
pushed a commit
to strantalis/platform
that referenced
this pull request
May 29, 2025
🤖 I have created a release *beep* *boop* --- ## [0.5.4](opentdf/platform@service/v0.5.3...service/v0.5.4) (2025-05-29) ### Features * **authz:** access pdp v2 with actions ([opentdf#2264](opentdf#2264)) ([7afefb7](opentdf@7afefb7)) * **authz:** logic for authz v2 (actions within ABAC decisioning) ([opentdf#2146](opentdf#2146)) ([0fdc259](opentdf@0fdc259)) * **policy:** Default Platform Keys ([opentdf#2254](opentdf#2254)) ([d7447fe](opentdf@d7447fe)) * **policy:** Update key status's and UpdateKey rpc. ([opentdf#2315](opentdf#2315)) ([7908db9](opentdf@7908db9)) ### Bug Fixes * **policy:** DSPX-1151 update of registered resource value always clears existing action attribute values ([opentdf#2325](opentdf#2325)) ([ca94425](opentdf@ca94425)) * **policy:** Ensure non active keys cannot be assigned. ([opentdf#2321](opentdf#2321)) ([207d10d](opentdf@207d10d)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com> Co-authored-by: Elizabeth Healy <[email protected]>
This was referenced Jul 25, 2025
github-merge-queue bot
pushed a commit
that referenced
this pull request
Aug 9, 2025
🤖 I have created a release *beep* *boop* --- ## [0.7.0](protocol/go/v0.6.2...protocol/go/v0.7.0) (2025-08-08) ### ⚠ BREAKING CHANGES * **policy:** disable kas grants in favor of key mappings ([#2220](#2220)) * **core:** Require go 1.23+ ([#1979](#1979)) ### Features * add ability to retrieve policy resources by id or name ([#1901](#1901)) ([deb4455](deb4455)) * **authz:** authz v2, ers v2 protos and gencode for ABAC with actions & registered resource ([#2124](#2124)) ([ea7992a](ea7992a)) * **authz:** improve v2 request proto validation ([#2357](#2357)) ([f927b99](f927b99)) * **authz:** sensible request limit upper bounds ([#2526](#2526)) ([b3093cc](b3093cc)) * **core:** adds bulk rewrap to sdk and service ([#1835](#1835)) ([11698ae](11698ae)) * **core:** EXPERIMENTAL: EC-wrapped key support ([#1902](#1902)) ([652266f](652266f)) * **core:** Require go 1.23+ ([#1979](#1979)) ([164c922](164c922)) * **core:** v2 ERS with proto updates ([#2210](#2210)) ([a161ef8](a161ef8)) * **policy:** add enhanced standard/custom actions protos ([#2020](#2020)) ([bbac53f](bbac53f)) * **policy:** Add legacy keys. ([#2613](#2613)) ([57370b0](57370b0)) * **policy:** Add list key mappings rpc. ([#2533](#2533)) ([fbc2724](fbc2724)) * **policy:** add obligation protos ([#2579](#2579)) ([50882e1](50882e1)) * **policy:** Add validation to delete keys ([#2576](#2576)) ([cc169d9](cc169d9)) * **policy:** add values to CreateObligationRequest ([#2614](#2614)) ([94535cc](94535cc)) * **policy:** adds new public keys table ([#1836](#1836)) ([cad5048](cad5048)) * **policy:** Allow the deletion of a key. ([#2575](#2575)) ([82b96f0](82b96f0)) * **policy:** cache SubjectConditionSet selectors in dedicated column maintained via trigger ([#2320](#2320)) ([215791f](215791f)) * **policy:** Change return type for delete key proto. ([#2566](#2566)) ([c1ae924](c1ae924)) * **policy:** Default Platform Keys ([#2254](#2254)) ([d7447fe](d7447fe)) * **policy:** disable kas grants in favor of key mappings ([#2220](#2220)) ([30f8cf5](30f8cf5)) * **policy:** DSPX-1018 NDR retrieval by FQN support ([#2131](#2131)) ([0001041](0001041)) * **policy:** DSPX-1057 registered resource action attribute values (protos only) ([#2217](#2217)) ([6375596](6375596)) * **policy:** DSPX-893 NDR define crud protos ([#2056](#2056)) ([55a5c27](55a5c27)) * **policy:** DSPX-902 NDR service crud protos only (1/2) ([#2092](#2092)) ([24b6cb5](24b6cb5)) * **policy:** Finish resource mapping groups ([#2224](#2224)) ([5ff754e](5ff754e)) * **policy:** key management crud ([#2110](#2110)) ([4c3d53d](4c3d53d)) * **policy:** Key management proto ([#2115](#2115)) ([561f853](561f853)) * **policy:** Modify get request to search for keys by kasid with keyid. ([#2147](#2147)) ([780d2e4](780d2e4)) * **policy:** Return KAS Key structure ([#2172](#2172)) ([7f97b99](7f97b99)) * **policy:** Return Simple Kas Keys from non-Key RPCs ([#2387](#2387)) ([5113e0e](5113e0e)) * **policy:** rotate keys rpc ([#2180](#2180)) ([0d00743](0d00743)) * **policy:** Update key status's and UpdateKey rpc. ([#2315](#2315)) ([7908db9](7908db9)) * **policy:** Update simple kas key ([#2378](#2378)) ([09d8239](09d8239)) ### Bug Fixes * add pagination to list public key mappings response ([#1889](#1889)) ([9898fbd](9898fbd)) * **core:** Allow 521 curve to be used ([#2485](#2485)) ([aaf43dc](aaf43dc)) * **core:** Fixes protoJSON parse bug on ec rewrap ([#1943](#1943)) ([9bebfd0](9bebfd0)) * **core:** Update fixtures and flattening in sdk and service ([#1827](#1827)) ([d6d6a7a](d6d6a7a)) * **deps:** bump toolchain in /lib/fixtures and /examples to resolve CVE GO-2025-3563 ([#2061](#2061)) ([9c16843](9c16843)) * **policy:** protovalidate deprecated action types and removal of gRPC gateway in subject mappings svc ([#2377](#2377)) ([54a6de0](54a6de0)) * **policy:** remove gRPC gateway in policy except where needed ([#2382](#2382)) ([1937acb](1937acb)) * **policy:** remove new public keys rpc's ([#1962](#1962)) ([5049bab](5049bab)) * **policy:** remove predefined rules in actions protos ([#2069](#2069)) ([060f059](060f059)) * **policy:** return kas uri on keys for definition, namespace and values ([#2186](#2186)) ([6c55fb8](6c55fb8)) * **sdk:** Fix compatibility between bulk and non-bulk rewrap ([#1914](#1914)) ([74abbb6](74abbb6)) * update key_mode to provide more context ([#2226](#2226)) ([44d0805](44d0805)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com> Co-authored-by: Krish Suchak <[email protected]>
github-merge-queue bot
pushed a commit
that referenced
this pull request
Aug 26, 2025
🤖 I have created a release *beep* *boop* --- ## [0.7.0](sdk/v0.6.1...sdk/v0.7.0) (2025-08-25) ### ⚠ BREAKING CHANGES * **core:** Require go 1.23+ ([#1979](#1979)) ### Features * add system metadata assertions to TDFConfig ([#2446](#2446)) ([4eb9fff](4eb9fff)) * **authz:** authz v2 versioning implementation ([#2173](#2173)) ([557fc21](557fc21)) * **core:** adds bulk rewrap to sdk and service ([#1835](#1835)) ([11698ae](11698ae)) * **core:** Adds EC withSalt options ([#2126](#2126)) ([67b6fb8](67b6fb8)) * **core:** Adds ErrInvalidPerSchema ([#1860](#1860)) ([456639e](456639e)) * **core:** DSPX-608 - Deprecate public_client_id ([#2185](#2185)) ([0f58efa](0f58efa)) * **core:** EXPERIMENTAL: EC-wrapped key support ([#1902](#1902)) ([652266f](652266f)) * **core:** Expose version info ([#1841](#1841)) ([92a9f5e](92a9f5e)) * **core:** Require go 1.23+ ([#1979](#1979)) ([164c922](164c922)) * **core:** v2 ERS with proto updates ([#2210](#2210)) ([a161ef8](a161ef8)) * **policy:** actions service RPCs should actually hit storage layer CRUD ([#2063](#2063)) ([da4faf5](da4faf5)) * **policy:** Add list key mappings rpc. ([#2533](#2533)) ([fbc2724](fbc2724)) * **policy:** adds new public keys table ([#1836](#1836)) ([cad5048](cad5048)) * **policy:** Allow the deletion of a key. ([#2575](#2575)) ([82b96f0](82b96f0)) * **policy:** Default Platform Keys ([#2254](#2254)) ([d7447fe](d7447fe)) * **policy:** DSPX-902 NDR service crud implementation (2/2) ([#2066](#2066)) ([030ad33](030ad33)) * **policy:** key management crud ([#2110](#2110)) ([4c3d53d](4c3d53d)) * **sdk:** Add a KAS allowlist ([#2085](#2085)) ([d7cfdf3](d7cfdf3)) * **sdk:** add nanotdf plaintext policy ([#2182](#2182)) ([e5c56db](e5c56db)) * **sdk:** adds seeker interface to TDF Reader ([#2385](#2385)) ([63ccd9a](63ccd9a)) * **sdk:** Allow key splits with same algo ([#2454](#2454)) ([7422b15](7422b15)) * **sdk:** Allow schema validation during TDF decrypt ([#1870](#1870)) ([b7e6fb2](b7e6fb2)) * **sdk:** autoconfig kaos with kids ([#2438](#2438)) ([c272016](c272016)) * **sdk:** bump protocol/go v0.6.0 ([#2536](#2536)) ([23e4c2b](23e4c2b)) * **sdk:** CreateTDF option to run with specific target schema version ([#2045](#2045)) ([0976b15](0976b15)) * **sdk:** Enable base key support. ([#2425](#2425)) ([9ff3806](9ff3806)) * **sdk:** Expose connectrpc wrapper codegen for re-use ([#2322](#2322)) ([8b29392](8b29392)) * **sdk:** MIC-1436: User can decrypt TDF files created with FileWatcher2.0.8 and older. ([#1833](#1833)) ([f77d110](f77d110)) * **sdk:** remove hex encoding for segment hash ([#1805](#1805)) ([d7179c2](d7179c2)) * **sdk:** sdk.New should validate platform connectivity and provide precise error ([#1937](#1937)) ([aa3696d](aa3696d)) * **sdk:** Use ConnectRPC in the go client ([#2200](#2200)) ([fc34ee6](fc34ee6)) ### Bug Fixes * Allow parsing IPs as hostnames ([#1999](#1999)) ([d54b550](d54b550)) * **ci:** Fix intermittent failures from auth tests ([#2345](#2345)) ([395988a](395988a)) * **ci:** Update expired ca and certs in oauth unit tests ([#2113](#2113)) ([5440fcc](5440fcc)) * **core:** Autobump sdk ([#1863](#1863)) ([855cb2b](855cb2b)) * **core:** Autobump sdk ([#1873](#1873)) ([085ac7a](085ac7a)) * **core:** Autobump sdk ([#1894](#1894)) ([201244e](201244e)) * **core:** Autobump sdk ([#1917](#1917)) ([edeeb74](edeeb74)) * **core:** Autobump sdk ([#1941](#1941)) ([0a5a948](0a5a948)) * **core:** Autobump sdk ([#1948](#1948)) ([4dfb457](4dfb457)) * **core:** Autobump sdk ([#1968](#1968)) ([7084061](7084061)) * **core:** Autobump sdk ([#1972](#1972)) ([7258f5d](7258f5d)) * **core:** Autobump sdk ([#2102](#2102)) ([0315635](0315635)) * **core:** Fixes protoJSON parse bug on ec rewrap ([#1943](#1943)) ([9bebfd0](9bebfd0)) * **core:** Improves errors when under heavy load ([#2132](#2132)) ([4490a14](4490a14)) * **core:** Update fixtures and flattening in sdk and service ([#1827](#1827)) ([d6d6a7a](d6d6a7a)) * **core:** Updates ec-wrapped to newer salt ([#1961](#1961)) ([0e17968](0e17968)) * **deps:** bump github.com/docker/docker from 28.2.2+incompatible to 28.3.3+incompatible in /sdk ([#2597](#2597)) ([a68d00d](a68d00d)) * **deps:** bump github.com/opentdf/platform/lib/ocrypto from 0.2.0 to 0.3.0 in /sdk ([#2502](#2502)) ([3ec8b35](3ec8b35)) * **deps:** bump github.com/opentdf/platform/protocol/go from 0.3.6 to 0.4.0 in /sdk ([#2397](#2397)) ([99e3aa4](99e3aa4)) * **deps:** bump github.com/opentdf/platform/protocol/go from 0.4.0 to 0.5.0 in /sdk ([#2471](#2471)) ([e8f97e0](e8f97e0)) * **deps:** bump github.com/opentdf/platform/protocol/go from 0.5.0 to 0.5.1 in /sdk ([#2505](#2505)) ([4edab72](4edab72)) * **deps:** bump github.com/opentdf/platform/protocol/go from 0.6.0 to 0.6.2 in /sdk ([#2586](#2586)) ([4ed9856](4ed9856)) * **deps:** bump github.com/opentdf/platform/protocol/go from 0.6.2 to 0.7.0 in /sdk ([#2627](#2627)) ([e775e14](e775e14)) * **deps:** bump golang.org/x/oauth2 from 0.26.0 to 0.30.0 in /sdk ([#2252](#2252)) ([9b775a2](9b775a2)) * **deps:** bump google.golang.org/grpc from 1.71.0 to 1.72.1 in /sdk ([#2244](#2244)) ([49484e0](49484e0)) * **deps:** bump the external group across 1 directory with 5 updates ([#2400](#2400)) ([0b7ea79](0b7ea79)) * **deps:** bump toolchain in /lib/fixtures and /examples to resolve CVE GO-2025-3563 ([#2061](#2061)) ([9c16843](9c16843)) * Improve http.Client usage for security and performance ([#1910](#1910)) ([e6a53a3](e6a53a3)) * **sdk:** adds connection options to getPlatformConfiguration ([#2286](#2286)) ([a3af31e](a3af31e)) * **sdk:** Allow reuse of session key ([#2016](#2016)) ([d48c11e](d48c11e)) * **sdk:** bump lib/ocrypto to 0.1.8 ([#1938](#1938)) ([53fa8ab](53fa8ab)) * **sdk:** bump protocol/go module dependencies ([#2078](#2078)) ([e027f43](e027f43)) * **sdk:** Display proper error on kas rewrap failure ([#2081](#2081)) ([508cbcd](508cbcd)) * **sdk:** everything is `mixedSplits` now ([#1861](#1861)) ([ba78f14](ba78f14)) * **sdk:** Fix compatibility between bulk and non-bulk rewrap ([#1914](#1914)) ([74abbb6](74abbb6)) * **sdk:** Fixed token expiration time ([#1854](#1854)) ([c3cda1b](c3cda1b)) * **sdk:** perfsprint lint issues ([#2208](#2208)) ([d36a078](d36a078)) * **sdk:** Prefer KID and Algorithm selection from key maps ([#2475](#2475)) ([98fd392](98fd392)) * **sdk:** Removes unnecessary down-cast of `int` ([#1869](#1869)) ([66f0c14](66f0c14)) * **sdk:** Version config fix ([#1847](#1847)) ([be5d817](be5d817)) * Service utilize `httputil.SafeHttpClient` ([#1926](#1926)) ([af32700](af32700)) * set consistent system metadata id and schema ([#2451](#2451)) ([5db3cf2](5db3cf2)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Proposed Changes
1.) Add a new table to represent default kas keys
2.) Add SetDefaultKey / GetDefaultKeys rpcs
3.) Allow for keys of the same algorithm to be created even if another is active
4.) Fix an issue with rotate where service level code could not get key
Checklist
Testing Instructions