Is there a way to make HTTP requests over mTLS with private keys stored in Google Cloud Key Management Service?
In this blog post what we need is done in Go. Is it possible to achieve the same in Python? I was hoping that Tink library provides some ready-made solution, but can't find.
After diving into the topic I've made the following "discoveries":
urlopen, which would use a custom OpenSSL engine. Here is an example: https://github.com/pyca/pyopenssl/issues/203#issuecomment-454900850So this seems solvable but requires some efforts.
At the same time I finding that Amazon provides ready-made OpenSSL engine for their AWS CloudHSM, so it should be fairly easy to use for mTLS in Python. But CloudHSM prices are quite high (which is understandable due to custom hardware). Also I found this Rust implementation of OpenSSL engine for AWS KMS, which looks great. And perhaps it's also possible to rework it for Google Cloud KMS... But we may end up switching to AWS KMS or CloudHSM.
Although this is not a very complete answer, I hope it will help others facing with the issue.