Roadmap to leverage KMS abilities in Confidential Data Hub

[Xynnn007]

Confidential Data Hub makes it possible to use different KMS plugins. We can extend some functionalities in CoCo to be supported by KMSes. It will help different companies to integrate their own services in CoCo thus forming different whole resolutions. This issue shows the roadmap.

Roadmap upon CDH

• Unseal secret with KMS
• Image decryption with KMS CDH add unwrapkey API #349
• Image signature verification with KMS Support Cosign Image signature verification with KMS #360
• aliyun KMS support for signature verification
• intel eHSM-KMS support for signature verification
• intel eHSM-KMS support for decrypt/encrypt API of KMS crate CDH: add en/decrypt support for eHSM-KMS #359

Roadmap upon client side tools

• Seal secret by cli tool with KMS
• Image encryption by CoCo Keyprovider with KMS CoCoKeyprovider: Support Image Encryption with KMS #361
• Support aliyun KMS in cosign for image signing
• Support Intel eHSM KMS in cosign for image signing

As we are now using cosign to sign images now and also cosign supports aws, azure, gcp and hashicorp vault now, we do not list these KMSes for signing here.

Also, if any new KMS wants to be added, please feel free to open a new issue and link to this one.

cc @fitzthum @arronwy