Fly KMS

Fresh Produce
21

Thanks for the additional details… I originally jumped into this thread on impulse, and wouldn’t want to double-down on a misjudgment—particularly if it’s going to ruffle feathers.

My own opinion of this particular API remains unchanged, for whatever that’s worth, and I hope that there’s scope for eventually having an alternative that aligns better with intuitive, idiomatic usage, perhaps along the lines of the following:

fkms = Pathname.new('/.fly/kms/short-blobs/myxaeskey/encr')

plaintext = 'crimson 11 delight petrichore'

session = fkms / File.read(fkms / 'clone')

File.write(session / 'plaintext', plaintext)

ciphertext = File.read(session / 'ciphertext')

if ENV['AM_WORRYWART_MAYAILURUS']
  st = session / 'status'

  ('ok' == File.read(st / 'code')) || raise

  (ciphertext =~ /\Afkms:/) || raise
  (ciphertext =~ /;\n\z/) || raise

  ( plaintext.length == File.read(st /  'plaintext_length').to_i) || raise
  (ciphertext.length == File.read(st / 'ciphertext_length').to_i) || raise
end

File.unlink(session / 'ciphertext')

I really appreciate the work that you guys put into the security side in general—and hope that the overall spirit continues…

22

That would make the API easier to drive purely from the shell, but to my eyes more complicated to drive from programs. That the API is currently drivable from the shell already makes it very weird! (But we love that it’s weird).

My general take on other APIs for this functionality are that we should keep the system API simple enough that it is extremely easy to build other APIs on top of it. For instance: that’s probably how I’d do a REST-y interface for this, so that you could use it from your dev machine.

(You’re never ruffling feathers).