Starting with the AWS Encryption SDK for C, we moved from master keys/providers to keyrings as a configuration/framework primitive. We need to add corresponding keyrings to this client as well.

In order to maintain backwards compatibility, we need to retain the existing MKP framework and support the use of MKPs within the new keyring framework. After discussing several options, we decided that the best route to accomplish this is with a MKP keyring.

This MKP keyring will take a MKP as input and provide the MK/MKP management logic currently in DefaultCryptoMaterialsManager, along with necessary keyring logic (ex: adding keyring traces), all wrapped up in the new keyring interface.

As a temporary measure, in order to enable end-to-end keyring tests without tackling the MKP keyring and the updates to DefaultCryptoMaterialsManager, we will need to make a KeyringDefaultCryptoMaterialsManager that handles the signing/verification keys but only understands keyrings.

All keyring development PRs should be made to the keyring branch.