docs: update AWS KMS guide for op-alt-da v0.12.0#2398
Conversation
- Update guide to use v0.12.0+ which changes KMS configuration - Remove cel-key workflow (no longer needed for key import) - Remove deprecated config fields: alias_prefix, auto_create, import_key_name, import_key_hex - Add new workflow: create KMS key directly via AWS CLI - Update default_key_name to use full alias path format - Use "POST and get error" approach to discover Celestia address - Fix curl commands to suppress binary output warnings (-s -o /dev/null) - Add IAM policy and production setup instructions Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Summary of ChangesHello @jcstein, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request significantly refines the AWS KMS integration guide for Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request provides a significant update to the AWS KMS guide for op-alt-da, aligning it with the changes in v0.12.0. The new workflow is much clearer and simpler, especially the method for discovering the Celestia address. The removal of deprecated fields and the addition of production setup instructions, including an IAM policy example, are excellent improvements.
I've added a few minor suggestions to improve the clarity and correctness of the code examples in the documentation. These are mostly related to removing unnecessary trailing backslashes in shell commands and clarifying a point about AWS KMS alias naming conventions.
| KEY_ID=$(aws --endpoint-url=http://localhost:4566 kms create-key \ | ||
| --key-spec ECC_SECG_P256K1 \ | ||
| --key-usage SIGN_VERIFY \ | ||
| --query 'KeyMetadata.KeyId' \ |
There was a problem hiding this comment.
The trailing backslash \ is unnecessary on the last line of options within a command substitution. It's best to remove it for correctness and clarity.
--query 'KeyMetadata.KeyId'
| --output text) | ||
|
|
||
| aws --endpoint-url=http://localhost:4566 kms create-alias \ | ||
| --alias-name alias/op-alt-da/celestia_key \ |
There was a problem hiding this comment.
The trailing backslash \ is unnecessary here as --target-key-id is the last argument in the command. Removing it will make the command cleaner.
--alias-name alias/op-alt-da/celestia_key
| ```bash | ||
| curl -s -X POST http://127.0.0.1:3100/put \ | ||
| -H "Content-Type: application/octet-stream" \ | ||
| -d "hello celestia" \ |
There was a problem hiding this comment.
The trailing backslash \ is not needed on the last option of this multi-line curl command. It should be removed.
-d "hello celestia"
| curl -s -X POST http://127.0.0.1:3100/put \ | ||
| -H "Content-Type: application/octet-stream" \ | ||
| -d "hello celestia" | ||
| -d "hello celestia" \ |
There was a problem hiding this comment.
Similar to the previous curl command, this trailing backslash \ is unnecessary and should be removed.
-d "hello celestia"
| ``` | ||
| 1. Create a KMS keypair in AWS with key spec `ECC_SECG_P256K1` and key usage `SIGN_VERIFY`. | ||
|
|
||
| 2. Create an alias for your key (e.g., `alias/op-alt-da/my_celes_key`). The alias can be any name you choose. |
There was a problem hiding this comment.
The phrase 'The alias can be any name you choose' could be misinterpreted. AWS requires alias names to start with alias/. Clarifying this would help users avoid errors.
2. Create an alias for your key (e.g., `alias/op-alt-da/my_celes_key`). Per AWS requirements, the alias name must start with `alias/`.
1 participant
Summary
Updates the AWS KMS guide for op-alt-da to reflect changes in v0.12.0:
alias_prefix,auto_create,import_key_name,import_key_hexECC_SECG_P256K1specdefault_key_nameto use full alias path format (e.g.,alias/op-alt-da/celestia_key)-s -o /dev/null)Test plan
🤖 Generated with Claude Code