You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -184,8 +185,6 @@ The `DecryptRequest` passes the same `currentKeyID` and `metadata` returned by t
184
185
185
186
```proto
186
187
message DecryptRequest {
187
-
// Version of the KMS plugin API.
188
-
string version = 1;
189
188
// The data to be decrypted.
190
189
bytes cipher = 2;
191
190
// UID is a unique identifier for the request.
@@ -207,8 +206,6 @@ message DecryptResponse {
207
206
}
208
207
209
208
message EncryptRequest {
210
-
// Version of the KMS plugin API.
211
-
string version = 1;
212
209
// The data to be encrypted.
213
210
bytes plain = 2;
214
211
// UID is a unique identifier for the request.
@@ -516,3 +513,12 @@ We considered using the `AuditID` from the kube-apiserver request that generated
516
513
1.`AuditID` can be configured by the user with the `Audit-ID` header in the API server request. Multiple requests can be sent to the kube-apiserver with the same `Audit-ID`.
517
514
2. Not all API server requests will generate an envelope operation. The API server caches DEKs and for the DEK that's available in the cache, the kube-apiserver will not generate an envelope operation.
518
515
3. Since not all calls to the KMS correspond to an audit log, using audit ID is not complete for correlating calls from kube-apiserver->kms-plugin->KMS.
516
+
517
+
## Infrastructure Needed
518
+
519
+
<!--
520
+
Use this section if you need things from the project/SIG. Examples include a
521
+
new subproject, repos requested, or GitHub details. Listing these here allows a
522
+
SIG to get the process for these resources started right away.
523
+
-->
524
+
We need a new git repo for the KMS plugin reference implementation. It will need to be synced from the k/k staging dir.
0 commit comments