Skip to content

Feat/azure_ekm_proxy_api_version=0.1-preview #601

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
HatemMn wants to merge 12 commits into
base: develop
Choose a base branch
from
Open

Feat/azure_ekm_proxy_api_version=0.1-preview #601

HatemMn wants to merge 12 commits into from
+1,701 −24

Conversation

@HatemMn
Copy link
Contributor

@HatemMn HatemMn commented Nov 18, 2025
edited
Loading

Issue #653

Overview :

Basically an implementation of Azure EKM API as following in a loyal manner the specifications. This is version 0.1-preview, the code is flexible for future versions

What's done :

  • Added the necessary configs as well as the possibility to enable/disable azure EKM
  • Implemented the info / get metadata / Wrap / unwrap endpoints like specified
  • created all specified error responses, despite some of them being currently un-used
  • authentification ( mTLS )
  • Tests

What's TBH :

  • the "1. Prerequisites" ( read page 6)
  • the timeout, they said it should be 250ms max

⚠️ Information if someone takes over development :

  • Be careful about the multiple edge cases that could arise because some of the parameters the API asks for are set as Option<...> in the KMS. These cases should be addressed case by case, check the metadata endpoint
  • AzureEKMReply (in error.rs) is not an error but a struct that converts to a HTTP response. Read error.rs, eveything has been done for auto conversions toward whatever the API asks, try to leverage that. If what I am saying is not clear read the get metadata endpoint
  • A TODO file has been places in google_cse, for some suggestions that has nothing to do with azure EKM api
  • A contributing.md file has been added too
  • Consider moving the handlers to a file like operations.rs or handlers.rs ?
  • please Ctrl+Maj+F over "TODO(review)" keyword and reply to the questions that I am not sure about since the spec does not say anything

Closes #653

@HatemMn HatemMn self-assigned this Nov 18, 2025
@HatemMn HatemMn marked this pull request as ready for review November 22, 2025 12:43
This was referenced Dec 24, 2025
Merged
Open
@HatemMn HatemMn changed the base branch from develop to feat/support_RFC3394 January 9, 2026 17:03
@HatemMn HatemMn removed their assignment Jan 9, 2026
@HatemMn HatemMn added the Blocked Development can't advance until external conditions are met label Jan 9, 2026
@HatemMn
Copy link
Contributor Author

HatemMn commented Jan 9, 2026

Needs a rebase

Otherwise this will stop at this stage until an azure prod env is available to test

Base automatically changed from feat/support_RFC3394 to develop January 9, 2026 17:12
@Manuthor
Copy link
Contributor

Manuthor commented Jan 9, 2026

Needs a rebase

Otherwise this will stop at this stage until an azure prod env is available to test

I believe you can rebase from now since #658 has been merged to develop

HatemMn added 11 commits January 12, 2026 08:30
@HatemMn
feat: update the rfc5649
f7d2aa0
@HatemMn
feat: DONE rfc5649
2c7b203
@HatemMn
fix: fix problematic test
aa7ee8e
@HatemMn
feat: finish up
d0869a1 
fix: major bugé

feat: add a lot of things

fis: add back provider for ci tests

fix:clip

fix: a lot more stuff

fix: a lot more stuff2

fix: some fixes

fix: finish up
@HatemMn
feat: reviews fixes + ui fixes + migrate fixes + a test
ddbedcc 
feat: missing file

fix: ui

fix: review fixes

fix: grammar fixes
@HatemMn
feat: add azure ekm configs
605d526 
feat: wip on errors

feat: finish start file

feat: big advance on metadata endpoint

feat: finish metadata but the code is ugly

refactor: HUGE refactoring of that huge nested code induced by the errors (I used handlers)

feat: more advance

feat: finish the api and fix compiler problems

feat: multiple improvements for endpoints

feat: more improvements
@HatemMn
feat: auth OK
2b28663 
feat: auth seems ok ...?

feat: first refactor

fix: improve

fix: add missing files

fix: commit first files

fix: add the rest
@HatemMn
fix: rfc algorithms
a6fe941 
Revert "fix: rfc algorithms"

This reverts commit e5d9737.

fix: add rfc algos
@HatemMn
feat: rfc3394 algo postfixes
51fe0f1
@HatemMn
feat: post review fixes and some new feats to AES habndlers
cf89bc1
@HatemMn
feat: final commits that got lost before finish
7cb2714
@HatemMn HatemMn force-pushed the feat/ekm_proxy_api branch from 06af9e2 to 7cb2714 Compare January 12, 2026 07:45
@HatemMn
Copy link
Contributor Author

HatemMn commented Jan 12, 2026

Just rebased

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Blocked Development can't advance until external conditions are met

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support EKM Azure

3 participants

@HatemMn @Manuthor