Skip to content

Commit f8891ba

Browse files
beaulacbeaulac
authored
feat(signatures): allow using alternate google-kms client implementation (#45)
1 parent 437cfb9 commit f8891ba

File tree

1 file changed

+10
-7
lines changed

1 file changed

+10
-7
lines changed

src/signatures/signers/google-kms.ts

Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,11 @@ import type { DigestAlgorithm, KeyType, SignatureAlgorithm, Signer } from "../ty
2222

2323
/** KMS client type - dynamically imported */
2424
type KeyManagementServiceClient = import("@google-cloud/kms").KeyManagementServiceClient;
25+
/** Subset of methods actually used for signing */
26+
type KmsClient = Pick<
27+
KeyManagementServiceClient,
28+
"asymmetricSign" | "getCryptoKeyVersion" | "getPublicKey"
29+
>;
2530

2631
/** Secret Manager client type - dynamically imported */
2732
type SecretManagerServiceClient = import("@google-cloud/secret-manager").SecretManagerServiceClient;
@@ -41,7 +46,7 @@ interface GoogleKmsSignerBaseOptions {
4146
chainTimeout?: number;
4247

4348
/** Pre-configured KMS client (optional, uses ADC if not provided) */
44-
client?: KeyManagementServiceClient;
49+
client?: KmsClient;
4550
}
4651

4752
/** Full resource name style */
@@ -356,10 +361,10 @@ export class GoogleKmsSigner implements Signer {
356361
/** Full resource name of the KMS key version (for logging/debugging) */
357362
readonly keyVersionName: string;
358363

359-
private readonly client: KeyManagementServiceClient;
364+
private readonly client: KmsClient;
360365

361366
private constructor(
362-
client: KeyManagementServiceClient,
367+
client: KmsClient,
363368
keyVersionName: string,
364369
certificate: Uint8Array,
365370
certificateChain: Uint8Array[],
@@ -403,16 +408,14 @@ export class GoogleKmsSigner implements Signer {
403408
* ```
404409
*/
405410
static async create(options: GoogleKmsSignerOptions): Promise<GoogleKmsSigner> {
406-
// Dynamically import KMS
407-
const kms = await importKms();
408-
409411
// Build full resource name if shorthand
410412
const keyVersionName = isFullNameOptions(options)
411413
? options.keyVersionName
412414
: buildKeyVersionName(options);
413415

414416
// Create or use provided client
415-
const client = options.client ?? new kms.KeyManagementServiceClient();
417+
// Dynamically import KMS only if client was not provided
418+
const client = options.client ?? new (await importKms()).KeyManagementServiceClient();
416419

417420
try {
418421
// Fetch key version metadata

0 commit comments

Comments
 (0)