Skip to content

[keymanager/wsd] GET /v1/keys enumerate keys#653

Open
atulpatildbz wants to merge 5 commits intogoogle:mainfrom
atulpatildbz:wsd_enumerate_go
Open

[keymanager/wsd] GET /v1/keys enumerate keys#653
atulpatildbz wants to merge 5 commits intogoogle:mainfrom
atulpatildbz:wsd_enumerate_go

Conversation

@atulpatildbz
Copy link
Collaborator

@atulpatildbz atulpatildbz commented Feb 9, 2026
edited
Loading

This PR implements the Enumerate Keys API (GET /v1/keys) for the Workload Service Daemon (WSD).
It allows clients to list active KEM keys stored in the in-memory Key Registry.

  • Workload Service (Go):
    • Exposes GET /v1/keys endpoint.
    • Integrates with KCC FFI (EnumerateKEMKeys).
    • Marshals responses with snake_case JSON tags and stringified enums.

Dependencies

This PR is created on top of, and requires:

Testing

Unit Tests

  • server_test.go - covering success, empty state, and error handling.
  • Updated existing tests to align with the removal of KeyProtectionMechanism.

Manual Testing

  • Method: Manual verification using a custom Go test harness (not committed in this PR) wrapping the WSD server and KPS FFI.
  • Scenarios:
    • Verified GET /v1/keys returns empty list initially.
    • Verified POST /v1/keys:generate_kem successfully creates a key.
    • Verified GET /v1/keys returns the created key with correct snake_case fields and stringified enums/durations.

@atulpatildbz atulpatildbz changed the title [keymanager/wsd] Align GET /v1/keys enumerate with rich response [keymanager/wsd] GET /v1/keys enumerate keys Feb 9, 2026
@atulpatildbz atulpatildbz marked this pull request as draft February 9, 2026 13:17
@atulpatildbz atulpatildbz marked this pull request as ready for review February 15, 2026 08:05
@atulpatildbz atulpatildbz force-pushed the wsd_enumerate_go branch 6 times, most recently from bbccf9e to 6fd86d5 Compare February 20, 2026 15:07
@atulpatildbz atulpatildbz force-pushed the wsd_enumerate_go branch 2 times, most recently from ab9e5b2 to e909897 Compare February 27, 2026 09:04
@atulpatildbz
[keymanager] GenerateKey API - incorporate signature change
dab941a 
Key changes:
- Renamed endpoint from /v1/keys:generate_kem to /v1/keys:generate_key.
- Restructured `GenerateKeyRequest` to use a nested `Algorithm`
definition containing `Type` and an algorithm-specific `Params` object
with `kem_id`.
- Added support for `KEY_PROTECTION_VM_EMULATED` in the
KeyProtectionMechanism enum and established this as the default and only
supported mechanism for Vanguard so far.
- Validated lifecycle configurations and parsed `Algorithm`
appropriately according to updated schemas.
- Updated associated unit and integration tests (server_test.go,
integration_test.go) to use the new endpoints and the new request
signature.
@atulpatildbz
[keymanager] address review comments
f26280f 
* Refactor GenerateKey algorithm validation to support future key types
* remove KeyProtectionMechanism
@atulpatildbz atulpatildbz force-pushed the wsd_enumerate_go branch 2 times, most recently from 02da1b8 to 76a15a5 Compare February 27, 2026 13:07
@atulpatildbz atulpatildbz force-pushed the wsd_enumerate_go branch 2 times, most recently from ce5b130 to dddbb99 Compare February 27, 2026 14:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@NilanjanDaw NilanjanDaw Awaiting requested review from NilanjanDaw

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@atulpatildbz