-
Notifications
You must be signed in to change notification settings - Fork 4.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
* Add known issues around transit managed keys - Document known issue around managed key encryption failure with Cloud KMS backed keys and the failure to sign with managed keys * Fix filename typos * Update website/content/partials/known-issues/transit-managed-keys-sign-fails.mdx * Update website/content/partials/known-issues/transit-managed-keys-panics.mdx * Apply PR feedback * Missed new line to force error on new-line. --------- Co-authored-by: Steven Clark <[email protected]> Co-authored-by: Alexander Scheel <[email protected]>
- Loading branch information
3 people
authored
Sep 14, 2023
1 parent
99e70b3
commit cd3c613
Showing
4 changed files
with
51 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
22 changes: 22 additions & 0 deletions
22
website/content/partials/known-issues/transit-managed-keys-panics.mdx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| ### Transit Encryption with Cloud KMS managed keys causes a panic | ||
|
|
||
| #### Affected versions | ||
|
|
||
| - 1.13.1+ up to 1.13.7 inclusively | ||
| - 1.14.0+ up to 1.14.3 inclusively | ||
|
|
||
| #### Issue | ||
|
|
||
| Vault panics when it receives a Transit encryption API call that is backed by a Cloud KMS managed key (Azure, GCP, AWS). | ||
|
|
||
| <Note> | ||
| The issue does not affect encryption and decryption with the following key types: | ||
|
|
||
| - PKCS#11 managed keys | ||
| - Transit native keys | ||
|
|
||
| </Note> | ||
|
|
||
| #### Workaround | ||
|
|
||
| None at this time |
22 changes: 22 additions & 0 deletions
22
website/content/partials/known-issues/transit-managed-keys-sign-fails.mdx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| ### Transit Sign API calls with managed keys fail | ||
|
|
||
| #### Affected versions | ||
|
|
||
| - 1.14.0+ up to 1.14.3 inclusively | ||
|
|
||
| #### Issue | ||
|
|
||
| Vault responds to Transit sign API calls with the following error when the request uses a managed key: | ||
|
|
||
| `requested version for signing does not contain a private part` | ||
|
|
||
| <Note> | ||
| The issue does not affect signing with the following key types: | ||
|
|
||
| - Transit native keys | ||
|
|
||
| </Note> | ||
|
|
||
| #### Workaround | ||
|
|
||
| None at this time |