Skip to content

Creating Key

The biggest issue we need to figure is who creates the key. ARM (acs-engine template) won't create the key. So the grpc server needs to create the key if it does not exist (handling all the race conditions that can happen from multiple create calls).

There are two choices here:

  • Default acs-engine (we need to make sure that masters have access to CREATE): key created automatically by gRPC server
  • Optional (we don't need top support this in first acs-engine phase): User reference an existing keyvault, key and version. in this case we don't need to add CREATE permission