feat(kms): bulk import keys#6089
Conversation
- Added a new API endpoint for bulk importing KMS keys with validation for key types and algorithms. - Introduced corresponding types and interfaces for handling bulk import requests and responses. - Updated the audit log to track bulk import events. - Enhanced the CmekTable component to include an import keys option in the dropdown menu. - Created a new CmekBulkImportModal component for user interaction during key import.
- Added a new field for failed key names in the audit log metadata to track import failures. - Updated the audit log creation logic to include failed key names during bulk import. - Improved error handling in the CmekBulkImportModal to provide user feedback for file read failures and key count limits.
|
Preview deployment for your docs. Learn more about Mintlify Previews.
💡 Tip: Enable Workflows to automatically generate PRs for you. |
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
- Introduced new sections in the documentation for bulk export and import of key material. - Updated the CmekBulkImportModal component to utilize stable UI components, enhancing the user experience for importing keys. - Improved the layout and structure of the key import table for better readability and usability.
|
💬 Discussion in Slack: #pr-review-infisical-6089-feat-kms-bulk-import-keys Posted by Review Police — reviews, comments, new commits, and CI failures will stream into this channel. |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 9e318e148c
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
- Added validation to ensure keyMaterial is base64 encoded in the CmekBulkImportModal component. - Updated the cmek-service to return a structured result for bulk import operations. - Introduced new types for bulk import results to capture errors and project details. - Enhanced KMS service to validate key length based on the algorithm used for symmetric keys. - Updated documentation with new images and improved clarity on bulk import/export processes.
scott-ray-wilson
left a comment
scott-ray-wilson
left a comment
There was a problem hiding this comment.
looks great minor comments
There was a problem hiding this comment.
nit: your nord pass is showing 😏
| <Tooltip open={!isAllowed ? undefined : false}> | ||
| <TooltipTrigger asChild className="block w-full"> | ||
| <DropdownMenuItem | ||
| onClick={() => handlePopUpOpen("importKeys")} | ||
| isDisabled={!isAllowed} | ||
| > | ||
| <FontAwesomeIcon icon={faFileImport} /> | ||
| Import Keys | ||
| </DropdownMenuItem> | ||
| </TooltipTrigger> | ||
| <TooltipContent side="left">Access Restricted</TooltipContent> | ||
| </Tooltip> | ||
| )} |
There was a problem hiding this comment.
nit: using font awesome icon instead of lucid
also I think we need to remove asChild as it messes with the dropdown styling and then doesn't show when disabled - it's removing the flex/gap styling on the menu
| onClick={() => handlePopUpOpen("upsertKey", null)} | ||
| isDisabled={!isAllowed} | ||
| > | ||
| <FontAwesomeIcon icon={faPlus} className="mr-2" /> |
There was a problem hiding this comment.
nit: can we use lucide icon
| ); | ||
| } | ||
|
|
||
| return ( |
There was a problem hiding this comment.
- maybe the back button should be outline? or cancel? one should be I feel
- let's maybe make the hover more inline with the error state, feels weird it turns gray (or just leave the same, remove hover)
- I'm not sure I see the value in numbering them? the alignment of the header col bothers me so if we keep it could we at least remove the # in the header?
| <ul className="max-h-[50vh] thin-scrollbar space-y-1 overflow-y-auto pr-2"> | ||
| {importResult.failed.map((err) => ( | ||
| <li key={err.name} className="text-xs text-red/80"> | ||
| <span className="font-medium">{err.name}</span> |
There was a problem hiding this comment.
if you merge main we actually now have a danger alert v3 variant, we should move this to that with a cute little alert icon :3
also the description says the same thing as the text beneath it minus the failed count - little redundant maybe just say the failed count in the alert and don't add the additional repetition?
There was a problem hiding this comment.
probably should handle this empty json array
| { | ||
| "name": "my-rsa-key", | ||
| "keyType": "sign-verify", | ||
| "algorithm": "rsa-4096", |
There was a problem hiding this comment.
nit: this is incorrect format - should be RSA_4096
3 participants
Context
Adds bulk KMS key import:
POST /api/v1/kms/keys/bulk-importaccepts up to 100 keys per request (name, usage, algorithm, base64 key material) and returns created{ id, name }[]plus per-key errors for partial success. Audit:CMEK_BULK_IMPORT_KEYS(when at least one key imports). ExtendskmsService.importKeyMaterialso sign/verify keys can be imported (with PKCS8 validation) alongside encrypt/decrypt. UI: Import Keys modal (JSON upload, validation preview, import). Docs: platform KMS overview updated for the import flow (export behavior lives on the base branch).Screenshots
Steps to verify
errors[]in the response / UI.Type
Checklist
type(scope): short description(scope is optional, e.g.,fix: prevent crash on syncorfix(api): handle null response).