Skip to content

feat: KeyPairService backed by HashiCorp Vault Transit Engine#988

Draft
paullatzelsperger wants to merge 2 commits into
eclipse-edc:mainfrom
paullatzelsperger:feat/982-use-transit-engine
Draft

feat: KeyPairService backed by HashiCorp Vault Transit Engine#988
paullatzelsperger wants to merge 2 commits into
eclipse-edc:mainfrom
paullatzelsperger:feat/982-use-transit-engine

Conversation

@paullatzelsperger
Copy link
Copy Markdown
Member

@paullatzelsperger paullatzelsperger commented May 19, 2026

Overview

Adds a new identity-hub-keypairs-transit module that implements KeyPairService backed by the HashiCorp Vault Transit Engine, enabling key pair lifecycle management (create, rotate, activate, revoke, delete) without ever exposing private key material.

Changes

  • TransitEngine / TransitEngineImpl: thin wrapper around the Vault Transit API — creates named keys, signs, verifies, and retrieves public keys.
  • TransitKeyPairService: full KeyPairService implementation delegating crypto operations to TransitEngine; emits the same domain events as the default implementation.
  • TransitKeyPairServiceExtension: wires the service into the EDC runtime.
  • Supporting types: TransitKeyConfig, TransitKeyDescriptor, SignResult, VerifyResult.
  • Tests: unit tests for TransitKeyPairService, integration tests for TransitEngineImpl (Testcontainers + Vault), and E2E coverage in KeyPairResourceApiEndToEndTest.
  • Dependencies: adds vault-hashicorp-spi, vault-hashicorp, and testcontainers-vault to libs.versions.toml.

🤖 Generated with Claude Code

@paullatzelsperger paullatzelsperger force-pushed the feat/982-use-transit-engine branch from 7e3c61f to 4eced54 Compare May 19, 2026 09:50
@paullatzelsperger paullatzelsperger added the enhancement New feature or request label May 19, 2026
github-advanced-security[bot]
github-advanced-security AI found potential problems May 19, 2026
View reviewed changes
Comment thread ...keypairs-transit/src/main/java/org/eclipse/edc/identityhub/transit/TransitKeyDescriptor.java Dismissed
@paullatzelsperger paullatzelsperger force-pushed the feat/982-use-transit-engine branch from 59d0d4c to f7d88eb Compare May 19, 2026 10:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@paullatzelsperger @github-advanced-security