Query public keys by key namespace and name
Description
The signer must be able to work with multiple transit engines enabled in the Vault.
Each transit engine will represent a key namespace with keys inside it referenced by name.
In order to make a signing operation, the client will have to specify the namespace (transit engine name) and the key name to be used for the signing process. When querying the keys, the client will have to at least specify the namespace (transit engine name).
For example: GET /v1/keys/namespace/keyname
Implementation details
The HTTP endpoint for returning Vault keys must be changed to accept 2 parameters:
- transit engine name
- key name (optional)
If the key name is missing, all keys in the given transit engine will be returned.
Key filtering can also be supported by a ?filter=pattern
parameter.
GET /v1/keys/transit
GET /v1/keys/transit?filter=pattern
GET /v1/keys/transit/key1
Response is array of public keys info.
The configuration value for Issuer DID should be removed and replaced by this new feature. Also, all key retrievals for other services should be checked and changed for compatibility.
Acceptance Criteria
-
Implementation -
Unit tests