admin: new API for creating KMS master keys (#9982)

This commit adds a new admin API for creating master keys. An admin client can send a POST request to: ``` /minio/admin/v3/kms/key/create?key-id=<keyID> ``` The name / ID of the new key is specified as request query parameter `key-id=<ID>`. Creating new master keys requires KES - it does not work with the native Vault KMS (deprecated) nor with a static master key (deprecated). Further, this commit removes the `UpdateKey` method from the `KMS` interface. This method is not needed and not used anymore.
2025-11-25 20:16:10 -05:00 · 2020-07-09 03:50:43 +02:00
parent ee20ebe07a
commit a317a2531c
11 changed files with 118 additions and 83 deletions
--- a/cmd/crypto/kms_test.go
+++ b/cmd/crypto/kms_test.go
@@ -57,15 +57,6 @@ func TestMasterKeyKMS(t *testing.T) {
 		if !test.ShouldFail && !bytes.Equal(key[:], unsealedKey[:]) {
 			t.Errorf("Test %d: The generated and unsealed key differ", i)
 		}
-
-		rotatedKey, err := kms.UpdateKey(test.UnsealKeyID, sealedKey, test.UnsealContext)
-		if err == nil && test.ShouldFail {
-			t.Errorf("Test %d: KMS updated the generated key successfully but should have failed", i)
-		}
-		if !test.ShouldFail && !bytes.Equal(rotatedKey, sealedKey[:]) {
-			t.Errorf("Test %d: The updated and sealed key differ", i)
-		}
-
 	}
 }