Skip to content

feat(kms): bulk export private keys#6083

Open
victorvhs017 wants to merge 5 commits intomainfrom
feature/kms-export-multiple-keys
Open

feat(kms): bulk export private keys#6083
victorvhs017 wants to merge 5 commits intomainfrom
feature/kms-export-multiple-keys

Conversation

@victorvhs017
Copy link
Copy Markdown
Contributor

Context

Adds bulk private key export for project KMS keys: POST /api/v1/kms/keys/bulk-export-private-keys (up to 100 UUIDs, same auth as other KMS routes). Server validates keys (same project, customer-managed, not disabled), checks Export private key once, returns material (+ publicKey for asymmetric keys), and logs CMEK_BULK_EXPORT_PRIVATE_KEYS. UI: row/page selection (max 100), Export downloads JSON; KMS table moved to v3 Unstable components.

Screenshots

image

Steps to verify

  1. Select ≤100 keys → Export → JSON has expected fields.
  2. API: bulk endpoint returns 200 for valid keyIds.
  3. Audit log shows bulk export.
  4. Errors: wrong project mix, missing ID, disabled key, no permission.

Type

  • Fix
  • Feature
  • Improvement
  • Breaking
  • Docs
  • Chore

Checklist

  • Title follows the conventional commit format: type(scope): short description (scope is optional, e.g., fix: prevent crash on sync or fix(api): handle null response).
  • Tested locally
  • Updated docs (if needed)
  • Updated CLAUDE.md files (if needed)
  • Read the contributing guide

Victor Hugo dos Santos added 4 commits April 17, 2026 16:08
- Introduced a new endpoint for bulk exporting private keys.
- Added corresponding types and interfaces for handling bulk export requests and responses.
- Updated the audit log to track bulk export events.
- Enhanced the KMS service and data access layer to support bulk key retrieval.
- Implemented frontend hooks and components for initiating bulk exports and handling responses.
- Updated the event type for bulk exporting private keys to improve clarity.
- Enhanced error handling in the KMS service to provide more informative messages for missing keys and key material.
- Refactored frontend components to utilize the new FileSaver library for JSON export functionality.
- Added a check to prevent exporting more than 100 keys at once, displaying an error notification if the limit is exceeded.
- Updated the logic for selecting keys to ensure that the selected key IDs do not exceed the 100-key limit during selection.
- Wrapped the export button in a span for better styling control.
- Enhanced tooltip content to provide clearer feedback based on user permissions.
- Removed unnecessary state reset on search input change.
- Simplified page change handling by directly setting the page state without resetting selected keys.
@maidul98
Copy link
Copy Markdown
Collaborator

maidul98 commented Apr 17, 2026

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 524aaa02c8

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread frontend/src/pages/kms/OverviewPage/components/CmekTable.tsx
Comment thread backend/src/services/cmek/cmek-service.ts Outdated
@linear
Copy link
Copy Markdown

linear Bot commented Apr 17, 2026

Comment thread backend/src/services/cmek/cmek-service.ts
Comment thread frontend/src/pages/kms/OverviewPage/components/CmekTable.tsx
- Updated the KMS service to handle unique key IDs for bulk retrieval, improving error handling for missing keys.
- Added a new API endpoint for bulk exporting private keys and corresponding documentation.
- Refactored the CmekTable component to utilize the new InfoIcon for tooltips, enhancing user experience.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants