Add Google Cloud KMS support
RJPercival opened this issue · comments
Rob Percival commented
A keys.ProtoHandler
and associated protobuf message should be defined to support private keys stored in Google Cloud KMS. This would provide more secure storage for tree private keys than storing them in an encrypted file on the server or as plain text in the database. See https://cloud.google.com/kms/docs/create-validate-signatures for information on integrating with Google Cloud KMS.
Pavel Kalinnikov commented
@gdbelvin recommends using tink.