We need a Keymaker proxy that semaphores incoming requests so there's only one in flight to the enclave. The enclave should be a self-nuking Keymaker instance that's only accessible from API. This would mean we need to configure ingress {} blocks in caution.hcl to actually make use of the cidr_ipv4. Currently, we deploy a resource "aws_security_group" in deployment.rs. Short term, what we can do, is replace the cidr_blocks in the Terraform with the provided CIDR from cidr_ipv4 from caution.hcl, for HTTP, platform_internal_ingress, and dynamic "ingress".
When a client wants to generate a key:
- cli verifies the bundle
- cli sends a request to api
- api holds onto the request until it gets permission from the semaphore
- api contacts the keymaker instance, waits until it's ready, and sends one request
- keymaker receives the request, generates entropy, and then reboots
- NOTE: we need to implement rebootable enclaves. we don't have that feature currently.
- api receives the bundle and sends it to cli
- when api returns it to cli, the semaphore is dropped, and the request awaiting the next semaphore may commence
- cli handles the response using existing code