Enable Google KMS and Azure Key Vault for publisher login tool (#696)

<!-- Provide a brief summary of your changes -->

## Motivation and Context

This allows the private key used for DNS or HTTP based authentication to
be stored securely in a cloud key management system. These services
often provide HSM storage which makes it very hard to leak the private
key.

The full context is described in my design document here:

#482 (comment)

## How Has This Been Tested?

I have tested it against PROD using an Ed25519 key stored in Google KMS.
I have added unit tests. I have tested both ECDSA P-384 and Ed25519 with
Az KV and Google KMS against a locally running server.

## Breaking Changes

None intended.

## Types of changes
<!-- What types of changes does your code introduce? Put an `x` in all
the boxes that apply: -->
- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing
functionality to change)
- [x] Documentation update

## Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply. -->
- [x] I have read the [MCP
Documentation](https://modelcontextprotocol.io)
- [x] My code follows the repository's style guidelines
- [x] New and existing tests pass locally
- [x] I have added appropriate error handling
- [x] I have added or updated documentation as needed

## Additional context
<!-- Add any other context, implementation notes, or design decisions
-->

---------

Co-authored-by: adam jones <[email protected]>

Author: joelverhagen

cmd/publisher/README.md

@@ -32,6 +32,12 @@ make dev-compose  # Start local registry
 - **`http`** - Domain verification via HTTPS endpoints
 - **`none`** - No auth (testing only)
 
+### Signing Providers
+Optional: enables `dns` and `http` methods to sign out-of-process without direct access to the private key.
+
+- **`google-kms`** - Google KMS signing
+- **`azure-key-vault`** - Azure Key Vault signing
+
 ## Key Files
 
 - **`main.go`** - CLI setup and command routing

cmd/publisher/auth/azurekeyvault/common.go

@@ -0,0 +1,85 @@
+package azurekeyvault
+
+import (
+	"context"
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/sha512"
+	"fmt"
+	"math/big"
+	"os"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
+	"github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys"
+	"github.com/modelcontextprotocol/registry/cmd/publisher/auth"
+)
+
+func GetSignatureProvider(vaultName, keyName string) (auth.Signer, error) {
+	if vaultName == "" {
+		return nil, fmt.Errorf("--vault option (vault name) is required")
+	}
+
+	if keyName == "" {
+		return nil, fmt.Errorf("--key option (key name) is required")
+	}
+
+	return Signer{
+		vaultName: vaultName,
+		keyName:   keyName,
+	}, nil
+}
+
+type Signer struct {
+	vaultName string
+	keyName   string
+}
+
+func (d Signer) GetSignedTimestamp(ctx context.Context) (*string, []byte, error) {
+	fmt.Fprintf(os.Stdout, "Signing using Azure Key Vault %s and key %s\n", d.vaultName, d.keyName)
+
+	cred, err := azidentity.NewDefaultAzureCredential(nil)
+	if err != nil {
+		return nil, nil, fmt.Errorf("authentication to Azure failed: %w", err)
+	}
+
+	vaultURL := fmt.Sprintf("https://%s.vault.azure.net/", d.vaultName)
+	client, err := azkeys.NewClient(vaultURL, cred, nil)
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to create Key Vault client: %w", err)
+	}
+
+	keyResp, err := client.GetKey(ctx, d.keyName, "", nil)
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to retrieve key for public parameters: %w", err)
+	}
+
+	if *keyResp.Key.Kty != azkeys.KeyTypeEC && *keyResp.Key.Kty != azkeys.KeyTypeECHSM {
+		return nil, nil, fmt.Errorf("unsupported key type: kty: %s (only EC or EC-HSM keys are supported)", *keyResp.Key.Kty)
+	}
+
+	if *keyResp.Key.Crv != azkeys.CurveNameP384 {
+		return nil, nil, fmt.Errorf("unsupported curve: %s (only P-384 is supported)", *keyResp.Key.Crv)
+	}
+
+	fmt.Fprintln(os.Stdout, "Successfully read the public key from Key Vault.")
+	auth.PrintEcdsaP384KeyInfo(ecdsa.PublicKey{
+		Curve: elliptic.P384(),
+		X:     new(big.Int).SetBytes(keyResp.Key.X),
+		Y:     new(big.Int).SetBytes(keyResp.Key.Y),
+	})
+
+	timestamp := auth.GetTimestamp()
+	digest := sha512.Sum384([]byte(timestamp))
+	alg := azkeys.SignatureAlgorithmES384
+	fmt.Fprintln(os.Stdout, "Executing the sign request...")
+	signResp, err := client.Sign(ctx, d.keyName, "", azkeys.SignParameters{
+		Algorithm: &alg,
+		Value:     digest[:],
+	}, nil)
+
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to sign message: %w", err)
+	}
+
+	return &timestamp, signResp.Result, nil
+}

cmd/publisher/auth/common.go

@@ -8,12 +8,14 @@ import (
 	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/sha512"
+	"encoding/base64"
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
 	"io"
 	"math/big"
 	"net/http"
+	"os"
 	"time"
 )
 
@@ -30,78 +32,105 @@ const (
 
 // CryptoProvider provides common functionality for DNS and HTTP authentication
 type CryptoProvider struct {
-	registryURL     string
-	domain          string
-	privateKey      string
-	cryptoAlgorithm CryptoAlgorithm
-	authMethod      string
+	registryURL string
+	domain      string
+	signer      Signer
+	authMethod  string
 }
 
-// GetToken retrieves the registry JWT token using cryptographic authentication
-func (c *CryptoProvider) GetToken(ctx context.Context) (string, error) {
-	if c.domain == "" {
-		return "", fmt.Errorf("%s domain is required", c.authMethod)
-	}
+type Signer interface {
+	GetSignedTimestamp(ctx context.Context) (*string, []byte, error)
+}
+
+func GetTimestamp() string {
+	return time.Now().UTC().Format(time.RFC3339)
+}
 
-	if c.privateKey == "" {
-		return "", fmt.Errorf("%s private key (hex) is required", c.authMethod)
+func NewInProcessSigner(privateKey string, algorithm CryptoAlgorithm) (Signer, error) {
+	if privateKey == "" {
+		return nil, fmt.Errorf("%s private key (hex) is required", algorithm)
 	}
 
 	// Decode private key from hex
-	privateKeyBytes, err := hex.DecodeString(c.privateKey)
+	privateKeyBytes, err := hex.DecodeString(privateKey)
 	if err != nil {
-		return "", fmt.Errorf("invalid hex private key format: %w", err)
+		return nil, fmt.Errorf("invalid hex private key format: %w", err)
+	}
+
+	return &InProcessSigner{
+		privateKey:      privateKeyBytes,
+		cryptoAlgorithm: algorithm,
+	}, nil
+}
+
+// GetToken retrieves the registry JWT token using cryptographic authentication
+func (c *CryptoProvider) GetToken(ctx context.Context) (string, error) {
+	if c.domain == "" {
+		return "", fmt.Errorf("%s domain is required", c.authMethod)
 	}
 
 	// Generate current timestamp
-	timestamp := time.Now().UTC().Format(time.RFC3339)
-	signedTimestamp, err := c.signMessage(privateKeyBytes, []byte(timestamp))
+	timestamp, signedTimestamp, err := c.signer.GetSignedTimestamp(ctx)
 	if err != nil {
 		return "", fmt.Errorf("failed to sign timestamp: %w", err)
 	}
 	signedTimestampHex := hex.EncodeToString(signedTimestamp)
 
 	// Exchange signature for registry token
-	registryToken, err := c.exchangeTokenForRegistry(ctx, c.domain, timestamp, signedTimestampHex)
+	registryToken, err := c.exchangeTokenForRegistry(ctx, c.domain, *timestamp, signedTimestampHex)
 	if err != nil {
 		return "", fmt.Errorf("failed to exchange %s signature: %w", c.authMethod, err)
 	}
 
 	return registryToken, nil
 }
 
-func (c *CryptoProvider) signMessage(privateKeyBytes []byte, message []byte) ([]byte, error) {
+type InProcessSigner struct {
+	privateKey      []byte
+	cryptoAlgorithm CryptoAlgorithm
+}
+
+func (c *InProcessSigner) GetSignedTimestamp(_ context.Context) (*string, []byte, error) {
+	fmt.Fprintf(os.Stdout, "Signing in process using key algorithm %s\n", c.cryptoAlgorithm)
+
+	timestamp := GetTimestamp()
+
 	switch c.cryptoAlgorithm {
 	case AlgorithmEd25519:
-		if len(privateKeyBytes) != ed25519.SeedSize {
-			return nil, fmt.Errorf("invalid seed length: expected %d bytes, got %d", ed25519.SeedSize, len(privateKeyBytes))
+		if len(c.privateKey) != ed25519.SeedSize {
+			return nil, nil, fmt.Errorf("invalid seed length: expected %d bytes, got %d", ed25519.SeedSize, len(c.privateKey))
 		}
 
-		privateKey := ed25519.NewKeyFromSeed(privateKeyBytes)
-		signature := ed25519.Sign(privateKey, message)
-		return signature, nil
+		privateKey := ed25519.NewKeyFromSeed(c.privateKey)
+
+		PrintEd25519KeyInfo(privateKey.Public().(ed25519.PublicKey))
+
+		signature := ed25519.Sign(privateKey, []byte(timestamp))
+		return &timestamp, signature, nil
 	case AlgorithmECDSAP384:
-		if len(privateKeyBytes) != 48 {
-			return nil, fmt.Errorf("invalid seed length for ECDSA P-384: expected 48 bytes, got %d", len(privateKeyBytes))
+		if len(c.privateKey) != 48 {
+			return nil, nil, fmt.Errorf("invalid seed length for ECDSA P-384: expected 48 bytes, got %d", len(c.privateKey))
 		}
 
-		digest := sha512.Sum384(message)
+		digest := sha512.Sum384([]byte(timestamp))
 		curve := elliptic.P384()
 
 		// Parse the raw private key (compatible with Go 1.24)
-		privateKey, err := parseRawPrivateKey(curve, privateKeyBytes)
+		privateKey, err := parseRawPrivateKey(curve, c.privateKey)
 		if err != nil {
-			return nil, fmt.Errorf("failed to parse ECDSA private key: %w", err)
+			return nil, nil, fmt.Errorf("failed to parse ECDSA private key: %w", err)
 		}
 
+		PrintEcdsaP384KeyInfo(privateKey.PublicKey)
+
 		r, s, err := ecdsa.Sign(rand.Reader, privateKey, digest[:])
 		if err != nil {
-			return nil, fmt.Errorf("failed to sign message: %w", err)
+			return nil, nil, fmt.Errorf("failed to sign message: %w", err)
 		}
 		signature := append(r.Bytes(), s.Bytes()...)
-		return signature, nil
+		return &timestamp, signature, nil
 	default:
-		return nil, fmt.Errorf("unsupported crypto algorithm: %s", c.cryptoAlgorithm)
+		return nil, nil, fmt.Errorf("unsupported crypto algorithm: %s", c.cryptoAlgorithm)
 	}
 }
 
@@ -112,6 +141,11 @@ func parseRawPrivateKey(curve elliptic.Curve, privateKeyBytes []byte) (*ecdsa.Pr
 		return nil, fmt.Errorf("nil curve")
 	}
 
+	expectedBytes := (curve.Params().N.BitLen() + 7) / 8
+	if len(privateKeyBytes) != expectedBytes {
+		return nil, fmt.Errorf("invalid private key length: expected %d bytes, got %d", expectedBytes, len(privateKeyBytes))
+	}
+
 	// Only standard NIST curves supported
 	switch curve {
 	case elliptic.P224(), elliptic.P256(), elliptic.P384(), elliptic.P521():
@@ -147,6 +181,23 @@ func (c *CryptoProvider) Login(_ context.Context) error {
 	return nil
 }
 
+func PrintEd25519KeyInfo(pubKey ed25519.PublicKey) {
+	pubKeyString := base64.StdEncoding.EncodeToString(pubKey)
+	fmt.Fprint(os.Stdout, "Expected proof record:\n")
+	fmt.Fprintf(os.Stdout, "v=MCPv1; k=ed25519; p=%s\n", pubKeyString)
+}
+
+func PrintEcdsaP384KeyInfo(pubKey ecdsa.PublicKey) {
+	printEcdsaKeyInfo("ecdsap384", pubKey)
+}
+
+func printEcdsaKeyInfo(k string, pubKey ecdsa.PublicKey) {
+	compressed := elliptic.MarshalCompressed(pubKey.Curve, pubKey.X, pubKey.Y)
+	pubKeyString := base64.StdEncoding.EncodeToString(compressed)
+	fmt.Fprint(os.Stdout, "Expected proof record:\n")
+	fmt.Fprintf(os.Stdout, "v=MCPv1; k=%s; p=%s\n", k, pubKeyString)
+}
+
 // exchangeTokenForRegistry exchanges signature for a registry JWT token
 func (c *CryptoProvider) exchangeTokenForRegistry(ctx context.Context, domain, timestamp, signedTimestamp string) (string, error) {
 	if c.registryURL == "" {

cmd/publisher/auth/dns.go

@@ -5,14 +5,13 @@ type DNSProvider struct {
 }
 
 // NewDNSProvider creates a new DNS-based auth provider
-func NewDNSProvider(registryURL, domain, privateKey string, cryptoAlgorithm CryptoAlgorithm) Provider {
+func NewDNSProvider(registryURL, domain string, signer *Signer) Provider {
 	return &DNSProvider{
 		CryptoProvider: &CryptoProvider{
-			registryURL:     registryURL,
-			domain:          domain,
-			privateKey:      privateKey,
-			cryptoAlgorithm: cryptoAlgorithm,
-			authMethod:      "dns",
+			registryURL: registryURL,
+			domain:      domain,
+			signer:      *signer,
+			authMethod:  "dns",
 		},
 	}
 }