admin: new API for creating KMS master keys (#9982)

This commit adds a new admin API for creating master keys. An admin client can send a POST request to: ``` /minio/admin/v3/kms/key/create?key-id=<keyID> ``` The name / ID of the new key is specified as request query parameter `key-id=<ID>`. Creating new master keys requires KES - it does not work with the native Vault KMS (deprecated) nor with a static master key (deprecated). Further, this commit removes the `UpdateKey` method from the `KMS` interface. This method is not needed and not used anymore.
2025-11-10 05:59:43 -05:00 · 2020-07-09 03:50:43 +02:00
parent ee20ebe07a
commit a317a2531c
11 changed files with 118 additions and 83 deletions
--- a/pkg/madmin/kms-commands.go
+++ b/pkg/madmin/kms-commands.go
@@ -23,6 +23,28 @@ import (
 	"net/url"
 )

+// CreateKey tries to create a new master key with the given keyID
+// at the KMS connected to a MinIO server.
+func (adm *AdminClient) CreateKey(ctx context.Context, keyID string) error {
+	// POST /minio/admin/v3/kms/key/create?key-id=<keyID>
+	qv := url.Values{}
+	qv.Set("key-id", keyID)
+	reqData := requestData{
+		relPath:     adminAPIPrefix + "/kms/key/create",
+		queryValues: qv,
+	}
+
+	resp, err := adm.executeMethod(ctx, http.MethodPost, reqData)
+	if err != nil {
+		return err
+	}
+	defer closeResponse(resp)
+	if resp.StatusCode != http.StatusOK {
+		return httpRespToErrorResponse(resp)
+	}
+	return nil
+}
+
 // GetKeyStatus requests status information about the key referenced by keyID
 // from the KMS connected to a MinIO by performing a Admin-API request.
 // It basically hits the `/minio/admin/v3/kms/key/status` API endpoint.