Enable Customer Managed Keys (CMK) #8213

clearab · 2021-06-29T17:18:00Z

The work would likely involve:

Add ability for composer user to turn on the feature and specify the key url
a. Consider having a key vault key picker (more user friendly but it’s more work)
Pass the key url when creating/updating the bot
Error handling/surfacing
a. Failure: invalid key url, missing permissions
b. If target subscription has policy to disallow non-CMK bot, composer should return a clear error if deployment of a bot fails for that reason
Likely want the ability to retrieve the state of CMK for an existing bot to pre-populate the settings (see Update README.md #1 above)
a. Also consider how conflict between local and remote settings are handled (e.g. does it pick one silently or does it expose the conflict?)
Nice to have: do we want to help them with
a. Create vault/key?
b. Set up vault permissions (or report on what’s missing)

clearab · 2021-06-29T17:32:02Z

Closing as duplicate of: #5682

clearab added the feature-request A request for new functionality or an enhancement to an existing one. label Jun 29, 2021

clearab closed this as completed Jun 29, 2021

Provide feedback