under new folder go-tuf/kms/

kms.go

package kms

import "github.com/theupdateframework/go-tuf/data"

//Defer individual client structs to specific kms (eg Azure, gcp, hashicorp vault, etc)
type KMSClient interface {

	CreateKey(params map[string]interface{}) (publickey *data.Key, err error) //need to pass in key type too

	Sign()

	Verify()

	GetPublicKey()
}

vault.go

package kms

import(
	vault "github.com/hashicorp/vault/api"
	"github.com/theupdateframework/go-tuf/data"
)

func HVClient(keyResourceID string) (KMSClient, error) {
	hv, err := newHashiVaultClient(keyResourceID)
	if err != nil {
		return nil, err
	}
	return hv, nil
}

type hashiVaultClient struct {
	client	*vault.Client
	keyStoragePath string
	transitSecretEnginePath string
}

func newHashiVaultClient(keyResourceID string) (*hashiVaultClient, error) {

}

func (hv *hashiVaultClient) CreateKey(params map[string]interface{}) (*data.Key, error) {
	k, err := hv.client.Logical().Write(hv.keyStoragePath, params)
	if err != nil {
		return nil, err
	}

  return k.Data, nil //k.Data would have to be massaged into a Key type
}


func (hv *hashiVaultClient) Sign() string {
	return 
}


func (hv *hashiVaultClient) Verify() string {
	return 
}

func (hv *hashiVaultClient) GetPublicKey() string {
	return 
}