feat: Adds CreateKey API to create a branch key#1645
Open
sharmabikram wants to merge 2 commits intoshbikram/create-version-keyfrom
Open
feat: Adds CreateKey API to create a branch key#1645sharmabikram wants to merge 2 commits intoshbikram/create-version-keyfrom
sharmabikram wants to merge 2 commits intoshbikram/create-version-keyfrom
Conversation
texastony
requested changes
Mar 16, 2026
| //= aws-encryption-sdk-specification/framework/branch-key-store.md#decrypt_only-encryption-context | ||
| //# The DECRYPT_ONLY encryption context MUST NOT have a `version` attribute. | ||
| //# The `type` attribute MUST stores the branch key version formatted like `"branch:version:"` + `version`. | ||
| function buildDecryptOnlyEncryptionContext( |
Contributor
There was a problem hiding this comment.
This should have been needed for VersionKey... Oh, I see what you did.
OK.
Comment on lines
+949
to
+950
| expect(validate(result.branchKeyIdentifier)).to.be.true | ||
| expect(version(result.branchKeyIdentifier)).to.equal(4) |
Contributor
There was a problem hiding this comment.
Are validate and version from UUID?
Yes.
Comment on lines
+978
to
+981
| // Active key must be retrievable | ||
| const material = await keyStore.getActiveBranchKey(customId) | ||
| expect(material.branchKey().length).to.equal(32) | ||
| }) |
Contributor
There was a problem hiding this comment.
Blocking: Assert that the encryption context is department: test.
| }) | ||
|
|
||
| describe('CreateKey + VersionKey lifecycle', () => { | ||
| it('Create, retrieve, version, retrieve new, retrieve old', async () => { |
Contributor
There was a problem hiding this comment.
Blocking: do this test with custom EC and assert that EC is preserved by version.
…ersioning a branch key
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue #, if available:
Description of changes:
This change adds createKey API which creates a branch key following the spec: https://github.com/awslabs/aws-encryption-sdk-specification/blob/6fd8f886f708afeb89bcfb2a618ca57bb2bd48cd/framework/branch-key-store.md#createkey
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Check any applicable: