15b4a1de6a
- Added detailed task completion records for KMS interface implementation and CLI support for file-based keys. - Documented security enhancements including Argon2id password hashing, audit event contracts, and rate limiting configurations. - Included scoped service support and integration updates for the Plugin platform, ensuring proper DI handling and testing coverage.
1.7 KiB
1.7 KiB
Completed Tasks
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|---|---|---|---|---|---|
| KMS-72-001 | DONE (2025-10-30) | KMS Guild | — | Implement KMS interface (sign, verify, metadata, rotate, revoke) and file-based key driver with encrypted at-rest storage. | Interface + file driver operational; unit tests cover sign/verify/rotation; lint passes. 2025-10-29: FileKmsClient (ES256) file driver scaffolding committed under StellaOps.Cryptography.Kms; includes disk encryption + unit tests. Follow-up: address PBKDF2/AesGcm warnings and wire into Authority services.2025-10-29 18:40Z: Hardened PBKDF2 iteration floor (≥600k), switched to tag-size explicit AesGcm usage, removed transient array allocations, and refreshed unit tests (StellaOps.Cryptography.Kms.Tests).2025-10-30: Cleared remaining PBKDF2/AesGcm analyser warnings, validated Authority host wiring for AddFileKms, reran dotnet test src/__Libraries/__Tests/StellaOps.Cryptography.Kms.Tests/StellaOps.Cryptography.Kms.Tests.csproj --no-build, and confirmed clean dotnet build (no warnings). |
| KMS-72-002 | DONE (2025-10-30) | KMS Guild | KMS-72-001 | Add CLI support for importing/exporting file-based keys with password protection. | CLI commands functional; docs updated; integration tests pass. 2025-10-30: CLI requirements reviewed; new stella kms verb planned for file driver import/export flow with Spectre prompts + tests.2025-10-30 20:15Z: Shipped `stella kms export |