feat(KMS): cli integration by luxium30 · Pull Request #835 · exoscale/cli

luxium30 · 2026-05-15T12:38:26Z

Description

Commands added:

All commands have a --zone flag to easily target another zone.

key:

kms key show ID
kms key list --ignore-replica --status XXX
kms key create NAME --usage encrypt-decrypt --description XXX --multizone
kms key encrypt ID PLAINTEXT --encryption-context XXX
kms key decrypt ID CIPHERTEXT --encryption-context XXX
kms key generate-dek ID <--bytes-count XXX | --key-spec XXX> --encryption-context XXX
kms key reencrypt SRC_ID DEST_ID CIPHERTEXT --source-encryption-context XXX --dest-encryption-context XXX
kms key enable ID
kms key disable ID
kms key rotate ID
kms key delete ID --delay-days XXX
kms key cancel-delete ID
kms key replicate ID ZONE

rotation

kms rotation enable ID --rotation-period XXX
kms rotation disable ID
kms rotation list ID

Output

kms key list

┼──────────────────────────────────────┼──────────────────────────────────────────────────────┼────────────┼──────────────────┼───────────┼─────────────────────────────┼
│                  ID                  │                         NAME                         │ ORIGINZONE │      STATUS      │ MULTIZONE │          REPLICAS           │
┼──────────────────────────────────────┼──────────────────────────────────────────────────────┼────────────┼──────────────────┼───────────┼─────────────────────────────┼
│ 019e1783-a083-76b0-a903-73e883b94a1c │ a2                                                   │ ch-gva-2   │ enabled          │ false     │                             │
│ 019e1785-3642-773f-ba76-f19adb5467ba │ a3                                                   │ ch-gva-2   │ enabled          │ false     │                             │
│ 019e1cf6-7810-7512-9ba4-6d19cdd429e9 │ a4                                                   │ ch-gva-2   │ enabled          │ false     │                             │
│ 019e2023-23ac-75f7-a24d-31f0d1053fd2 │ kms-canary-keylifecycle-ch-gva-2-1778655634312805000 │ ch-gva-2   │ pending-deletion │ false     │                             │
│ 019e2029-d77b-7811-b2d4-2dca52f4ac5c │ kms-canary-keylifecycle-ch-gva-2-1778656073555519000 │ ch-gva-2   │ pending-deletion │ false     │                             │
│ 019e202b-3343-7b21-a1c6-320a6beb1196 │ kms-canary-keylifecycle-ch-gva-2-1778656162585813000 │ ch-gva-2   │ pending-deletion │ false     │                             │
│ 019e2034-7cdf-7151-8115-2e1947d00d18 │ kms-canary-keylifecycle-ch-gva-2-1778656771259583000 │ ch-gva-2   │ pending-deletion │ false     │                             │
│ 019e2034-d30c-7ec6-9190-0e364878f689 │ kms-canary-multizone-ch-gva-2-1778656793321428000    │ ch-gva-2   │ disabled         │ true      │ de-fra-1, at-vie-1, ch-dk-2 │
│ 019e2039-157e-7db8-8c86-ec5ddf65fafd │ Default                                              │ ch-gva-2   │ enabled          │ true      │ de-fra-1, at-vie-1, ch-dk-2 │
│ 019e2090-936e-7857-b03b-277cb09726eb │ kms-canary-keylifecycle-ch-gva-2-1778662806309327000 │ ch-gva-2   │ pending-deletion │ false     │                             │
│ 019e2090-e4f7-7975-bdc6-a67f3d92fc9a │ kms-canary-keylifecycle-ch-gva-2-1778662827181757000 │ ch-gva-2   │ pending-deletion │ false     │                             │
│ 019e20cb-6f0b-72c2-8e37-ce47c21afb6b │ kms-canary-keylifecycle-ch-gva-2-1778666663604396000 │ ch-gva-2   │ pending-deletion │ false     │                             │
│ 019e20cc-1963-7acf-a0ba-b3bf15bba25a │ kms-canary-keylifecycle-ch-gva-2-1778666707213761000 │ ch-gva-2   │ pending-deletion │ false     │                             │
│ 019e2318-ddfe-7871-a8f6-213137e94b9e │ hello123                                             │ ch-gva-2   │ enabled          │ false     │                             │
│ 019e2b73-2b29-7b01-9c22-f1b93a8757dd │ hello1233                                            │ ch-gva-2   │ enabled          │ false     │                             │
│ 019e2b7f-d48d-79be-8ff2-ecd9ce2a5f9b │ hello1233 usage: encrypt-decrypt                     │ ch-gva-2   │ enabled          │ false     │                             │
│ 019e3a93-7f49-730a-9e86-7927e6c52b84 │ byebye                                               │ ch-gva-2   │ enabled          │ false     │                             │
│ 019e3aa0-7fd9-7449-a93a-85578c57d628 │ byeby2e                                              │ ch-gva-2   │ enabled          │ false     │                             │
│ 019e3aa1-5281-74aa-88f7-c214531dfb45 │ byebye2                                              │ ch-gva-2   │ enabled          │ false     │                             │
│ 019e3ab8-ceb9-7e9f-941b-5db3c265427c │ blabla                                               │ ch-gva-2   │ enabled          │ true      │ de-fra-1, at-vie-1, ch-dk-2 │
┼──────────────────────────────────────┼──────────────────────────────────────────────────────┼────────────┼──────────────────┼───────────┼─────────────────────────────┼

kms key show ID

┼─────────────────┼───────────────────────────────────────────────────┼
│     KMS KEY     │                                                   │
┼─────────────────┼───────────────────────────────────────────────────┼
│ ID              │ 019e2039-157e-7db8-8c86-ec5ddf65fafd              │
│ Name            │ Default                                           │
│ Created At      │ 2026-05-13 07:24:32.51101951 +0000 UTC            │
│ Multizone       │ true                                              │
│ Origin Zone     │ ch-gva-2                                          │
│ Status          │ enabled                                           │
│ Replicas Status │ at-vie-1, ch-dk-2, de-fra-1                       │
│ Material        │ auto: false                                       │
│                 │ createdAt: 2026-05-13 07:24:32.51101951 +0000 UTC │
│                 │ version: 1                                        │
│ Rotation        │ auto: true                                        │
│                 │ count: 0                                          │
│                 │ nextAt: 2027-05-13 07:24:32.515024172 +0000 UTC   │
│                 │ rotationPeriod: 365                               │
│ Usage           │ encrypt-decrypt                                   │
│ Source          │ exoscale-kms                                      │
│ Description     │ Exoscale KMS default key.                         │
┼─────────────────┼───────────────────────────────────────────────────┼

kms rotation list ID

┼─────────┼─────────────────────────────────────────┼───────────┼
│ VERSION │               ROTATED AT                │ AUTOMATIC │
┼─────────┼─────────────────────────────────────────┼───────────┼
│ 2       │ 2026-05-18 13:54:02.348056112 +0000 UTC │ false     │
│ 3       │ 2026-05-18 13:54:08.274114393 +0000 UTC │ false     │
│ 4       │ 2026-05-18 16:08:40.611917076 +0000 UTC │ false     │
│ 5       │ 2026-05-18 16:08:41.78315071 +0000 UTC  │ false     │
│ 6       │ 2026-05-18 16:08:42.717906733 +0000 UTC │ false     │
┼─────────┼─────────────────────────────────────────┼───────────┼

Checklist

(For exoscale contributors)

Changelog updated (under Unreleased block, and add the Pull Request #number for each bit you add to the CHANGELOG.md)
Testing

Testing

Tested in preprod with go run main.go kms ...

luxium30 added 16 commits May 15, 2026 14:37

add kms key show

7e8e8fa

kms key create

209af2c

kms key disable

c34983b

kms key enable

7c1ddd0

kms key list

77e97be

kms key replicate

5d12ba2

kms key encrypt

c4215e0

kms key decrypt

895d5bc

short command uses single char

b9668b5

better formatting

893077c

add generate dek command

eb1f56a

add reencrypt

f47d4d3

add delete

ef01c89

add cancel-delete

18c866d

add rotation commands

445c005

add defaults in description

0d69e1b

luxium30 marked this pull request as draft May 19, 2026 07:00

luxium30 added 5 commits May 19, 2026 09:23

add cli-short

d7e58c5

add title to error message

3558ff5

add zone support

24c758e

add --ignore-replica --status filter

cb24b0c

typo

5928dd2

luxium30 marked this pull request as ready for review May 19, 2026 09:00

luxium30 requested review from emilehreich and jbelo May 19, 2026 09:00

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(KMS): cli integration#835

feat(KMS): cli integration#835
luxium30 wants to merge 21 commits into
masterfrom
leoloch/sc-175358/kms-integration-with-cli

luxium30 commented May 15, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

luxium30 commented May 15, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description

key:

rotation

Output

Checklist

Testing

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

luxium30 commented May 15, 2026 •

edited

Loading