Support BYOK in Terraform provider #1041
Open
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR brings support of the Bring Your Own Key (BYOK) functionality in the Auth0 Management API.
🔧 Changes
A new block
customer_provided_root_key
has been added to theauth0_encryption_key_manager
resource.When this block is added, this initiates the process of adding a customer provided root key to the tenant. The block will at this point be filled with attributes from the Auth0 tenant
key_id
,type
,state
,created_at
, andupdated_at
which describe the new key, as well aspublic_wrapping_key
andwrapping_algorithm
, which will be used by the customer to wrap the new key they generate in their KSM/HSM.Once the key is generated and wrapped, the Base64 encoded key is supplied by the customer in the
wrapped_key
attribute.If the
customer_provided_root_key
block is removed, the key provisioning is stopped and Auth0 reverts to using a root key generated internally.📚 References
Customer Managed Keys
API Docuimentation
🔬 Testing
📝 Checklist