fix(core): Load in-process key manager, too

[dmihalcik-virtru]

Proposed Changes

• when key management is enabled and the in-process key manager has some configured keys, load it
• these keys will still be accessible with the provider opentdf.io/in-process for the key ids present in the config file

Checklist

• I have added or updated unit tests
• I have added or updated integration tests (if appropriate)
• I have added or updated documentation

Testing Instructions

[gemini-code-assist]

Summary of Changes

Hello @dmihalcik-virtru, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request resolves an issue where the in-process key manager was not being initialized when the new key management preview feature was active. The changes ensure that if the in-process key manager has configured keys, it will be loaded alongside the new key management system, allowing keys accessible via opentdf.io/in-process to remain available as intended.

Highlights

• In-process Key Manager Loading: Ensures that the in-process key manager is correctly loaded even when the new key management preview feature is enabled, provided there are configured keys (Keyring, ECCertID, or RSACertID). This allows existing in-process keys to remain accessible.
• Conditional Logic Refinement: The conditional logic for initializing the CryptoProvider has been updated to explicitly check for the useKeyManagement flag and the presence of configured in-process keys, preventing the in-process manager from being inadvertently skipped.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

---

Keys held close and tight, New path opens, old still gleams, Secrets safe from sight.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request aims to load the in-process key manager even when the new key management feature is enabled, which is a good enhancement for backward compatibility. However, the current implementation introduces a critical bug where the key management setup is completely overwritten by the in-process/legacy setup, instead of being augmented. I've provided a suggestion to fix this issue.

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	177.740922ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	89.18928ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	351.90287ms
Throughput	284.17 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	36.164891297s
Average Latency	360.185431ms
Throughput	138.26 requests/second

NANOTDF Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	25.438137767s
Average Latency	253.529701ms
Throughput	196.56 requests/second

[dmihalcik-virtru]

Blocked by #2730

Refactoring to change names and allow configuration.

Later work: Auto-update from static to managed

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	177.480439ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	97.878291ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	345.203779ms
Throughput	289.68 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	36.640989935s
Average Latency	364.409584ms
Throughput	136.46 requests/second

NANOTDF Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	25.637257211s
Average Latency	255.385567ms
Throughput	195.03 requests/second