Skip to content

Hold Your Own Key Support #1201

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Hold Your Own Key Support #1201

wants to merge 7 commits into from

Conversation

helenjw
Copy link

@helenjw helenjw commented Aug 26, 2025
edited
Loading

Description

  • Add support to perform CRUD operations on HYOK configuration and OIDC configuration resources.
  • Add support to perform the following operations on HYOKCustomerKeyVersions resources:
    • List
    • Read
    • Revoke
    • Delete
  • Add support to perform the following operations on HYOKEncryptedDataKey resources:
    • Read
  • Add support for HYOK related attributes in existing resources:
    • agent_pool related attributes:
      • HYOKConfigurations: read only.
    • organization related attributes:
      • EnforceHYOK: create, read, update.
      • PrimaryHYOKConfiguration: read only.
      • CanUpdateHYOKConfiguration added in OrganizationPermissions.
      • CanViewHYOKFeatureInfo added in OrganizationPermissions.
    • plan related attributes:
      • HYOKEncryptedDataKey: read only.
      • SanitizedPlan: read only.
    • state_version related attributes:
      • EncryptedStateDownloadURL: read only.
      • SanitizedStateDownloadURL: read only.
      • SanitizedStateUploadURL: read only.
      • UploadSanitizedState(): function to upload sanitized state.
      • HYOKEncryptedDataKey: read only.
    • workspace related attributes:
      • HYOKEnabled: create, read, update.
      • CanManageHYOK added in WorkspacePermissions.
      • HYOKEncryptedDataKey: read only.

Testing plan

All the testing cases have been documented in the other related PRs. hyok-testing.sh should have all the implemented test cases for this entire pull request.

External links

Output from tests

If the attribute ENABLE_HYOK_INTEGRATION_TESTS is available and set to 1:
HYOK attributes:
Screenshot 2025-09-15 at 1 55 32 PM

OIDC configurations:
Screenshot 2025-09-15 at 1 42 30 PM

HYOK configurations:
Screenshot 2025-09-15 at 1 43 16 PM

If the attribute ENABLE_HYOK_INTEGRATION_TESTS is not available or not set to 1:
Screenshot 2025-09-15 at 2 12 51 PM
Screenshot 2025-09-15 at 2 13 52 PM

Rollback Plan

Changes to Security Controls

Related PRs

@helenjw helenjw force-pushed the feature/hyok branch 2 times, most recently from b60638c to c006283 Compare August 29, 2025 14:51
@helenjw helenjw mentioned this pull request Sep 9, 2025
Open
2 tasks
@helenjw helenjw mentioned this pull request Sep 15, 2025
Open
2 tasks
@dominic-retli-hashi dominic-retli-hashi mentioned this pull request Sep 15, 2025
Open
2 tasks
@iuri-slywitch-hashicorp @helenjw
Add support for HYOK Configurations and OIDC Configurations (#1162)
cb9036d 
Co-authored-by: Helen Jiang <[email protected]>
@helenjw @JarrettSpiker
Add support for Customer Key Version and Encrypted Data Keys (#1203)
8b0c086 
Co-authored-by: Jarrett Spiker <[email protected]>
@iuri-slywitch-hashicorp @helenjw @JarrettSpiker
[TF-27661] Add support for HYOK related attributes (#1192)
ee3e762 
* initial attribute changes, wip

* Add support for HYOK Configurations and OIDC Configurations (#1162)

Co-authored-by: Helen Jiang <[email protected]>

* Update workspace.go

Co-authored-by: Jarrett Spiker <[email protected]>

* Add support for HYOK Configurations and OIDC Configurations (#1162)

Co-authored-by: Helen Jiang <[email protected]>

* Add support for Customer Key Version and Encrypted Data Keys (#1203)

Co-authored-by: Jarrett Spiker <[email protected]>

* Updating attributes.

* Add support for HYOK Configurations and OIDC Configurations (#1162)

Co-authored-by: Helen Jiang <[email protected]>

* Add support for Customer Key Version and Encrypted Data Keys (#1203)

Co-authored-by: Jarrett Spiker <[email protected]>

* Updating agent_pool. Added test case.

* Updated agent pool integration test file.

* Revert commented section.

* Updating organization. WIP organization_integration_test.

* Updated organization integration test.

* Updating attributes. Updating test cases.

* Added workspace integration test cases

* Updated test cases.

* Updated state_version. Updated Read test cases.

* Updated hyok tests. Added environment variables.

* Updated errors.go

* WIP StateVersion

* Updated skipHYOKIntegrationTests if-statement.

* Added hyok-testing.sh to scripts folder. Finished state_version testing and new functions.

* Updated uploading test.

* Added comments to UploadSanitizedState.

* Updated hyok test cases.

* Updating state_version_mocks.go.

---------

Co-authored-by: Helen Jiang <[email protected]>
Co-authored-by: Jarrett Spiker <[email protected]>
Co-authored-by: Helen Jiang <[email protected]>
@helenjw
Update CHANGELOG.md
23f134f
@helenjw helenjw marked this pull request as ready for review September 15, 2025 20:36
@helenjw helenjw requested a review from a team as a code owner September 15, 2025 20:36
@helenjw helenjw changed the title HYOK Support Hold Your Own Key Support Sep 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@helenjw @iuri-slywitch-hashicorp @dominic-retli-hashi