Skip to content

feat: PEP-3172 update scripts to support KAS#31

Open
dillonthompson wants to merge 10 commits intomainfrom
feature/PEP-3172-support-kas
Open

feat: PEP-3172 update scripts to support KAS#31
dillonthompson wants to merge 10 commits intomainfrom
feature/PEP-3172-support-kas

Conversation

@dillonthompson
Copy link
Copy Markdown

@dillonthompson dillonthompson commented Feb 10, 2026

No description provided.

@dillonthompson dillonthompson marked this pull request as draft March 10, 2026 18:09
@dillonthompson dillonthompson marked this pull request as ready for review March 20, 2026 20:20
@nwilliamsgit
Copy link
Copy Markdown
Contributor

nwilliamsgit commented May 6, 2026
edited
Loading

Proposed script updates for KAS KEY_ID support, let me know your thoughts

  1. In setup-cks-latest.sh, add a default KEY_ID variable near the KAS defaults:
# KAS defaults
KAS_ENABLED=false
KEY_ID=""
  1. In setup-cks-latest.sh, when KAS is enabled, prompt for the Virtru SaaS DSP-provisioned KEY_ID:
if prompt "Do you want to enable KAS [yes/no]?"; then
  KAS_ENABLED=true

  KAS_AUTH_ISSUER="https://login.virtru.com/oauth2/default"
  KAS_AUTH_AUDIENCE="https://api.virtru.com"
  KAS_URI="https://${CKS_FQDN}"

  while [ -z "$KEY_ID" ]; do
    read -p "Enter the Virtru SaaS DSP Key ID for this KAS deployment: " KEY_ID

    if [ -z "$KEY_ID" ]; then
      printf "KEY_ID is required for KAS deployments.\n"
    fi
  done
fi
  1. In setup-cks-latest.sh, write KEY_ID into env/cks.env with the other KAS env vars:
printf "KAS_ROOT_KEY=%s\n" "$KAS_ROOT_KEY" >> ./env/cks.env
printf "KEY_ID=%s\n" "$KEY_ID" >> ./env/cks.env
printf "ORG_ID=%s\n" "$JWT_AUTH_AUDIENCE" >> ./env/cks.env
  1. In setup-cks-latest.sh, keep PORT at 9000:
printf "PORT=9000\n" >> ./env/cks.env
  1. In update.sh, when enabling KAS, preserve an existing KEY_ID if present; otherwise require the user to enter it:
EXISTING_KEY_ID=$(grep '^KEY_ID=' "$WORKING_DIR"/env/cks.env 2>/dev/null | cut -d "=" -f2-)

if [ -z "$EXISTING_KEY_ID" ]; then
  KEY_ID=""
  while [ -z "$KEY_ID" ]; do
    read -p "Enter the Virtru SaaS DSP Key ID for this KAS deployment: " KEY_ID

    if [ -z "$KEY_ID" ]; then
      printf "KEY_ID is required for KAS deployments.\n"
    fi
  done
else
  KEY_ID="$EXISTING_KEY_ID"
fi
  1. In update.sh, write/preserve KEY_ID with the other KAS env vars:
updateEnvVariable "KAS_ROOT_KEY" "$KAS_ROOT_KEY"
updateEnvVariable "KEY_ID" "$KEY_ID"
updateEnvVariable "ORG_ID" "$EXISTING_ORG_ID"
  1. In update.sh, keep PORT at 9000:
updateEnvVariable "PORT" "9000"

Rationale: KEY_ID is required for KAS deployments because it is the key identifier provisioned in Virtru SaaS DSP. Without it, the generated KAS env file is incomplete. Current deployments use
PORT=9000, so the update path should preserve that expectation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dillonthompson @nwilliamsgit