Documentation ¶
Index ¶
- Constants
- type MasterKey
- func (key *MasterKey) Decrypt() ([]byte, error)
- func (key *MasterKey) Encrypt(dataKey []byte) error
- func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error
- func (key *MasterKey) EncryptedDataKey() []byte
- func (key *MasterKey) NeedsRotation() bool
- func (key *MasterKey) SetEncryptedDataKey(enc []byte)
- func (key *MasterKey) ToMap() map[string]interface{}
- func (key *MasterKey) ToString() string
- func (key *MasterKey) TypeToIdentifier() string
- type ParsedIdentities
Constants ¶
const ( // SopsAgeKeyEnv can be set as an environment variable with a string list // of age keys as value. SopsAgeKeyEnv = "SOPS_AGE_KEY" // SopsAgeKeyFileEnv can be set as an environment variable pointing to an // age keys file. SopsAgeKeyFileEnv = "SOPS_AGE_KEY_FILE" // SopsAgeKeyUserConfigPath is the default age keys file path in // getUserConfigDir(). SopsAgeKeyUserConfigPath = "sops/age/keys.txt" // KeyTypeIdentifier is the string used to identify an age MasterKey. KeyTypeIdentifier = "age" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type MasterKey ¶
type MasterKey struct { // Identity used to contain a Bench32-encoded private key. // Deprecated: private keys are no longer publicly exposed. // Instead, they are either injected by a (local) key service server // using ParsedIdentities.ApplyToMasterKey, or loaded from the runtime // environment (variables) as defined by the `SopsAgeKey*` constants. Identity string // Recipient contains the Bench32-encoded age public key used to Encrypt. Recipient string // EncryptedKey contains the SOPS data key encrypted with age. EncryptedKey string // contains filtered or unexported fields }
MasterKey is an age key used to Encrypt and Decrypt SOPS' data key.
func MasterKeyFromRecipient ¶
MasterKeyFromRecipient takes a Bech32-encoded age public key, parses it, and returns a new MasterKey.
func MasterKeysFromRecipients ¶
MasterKeysFromRecipients takes a comma-separated list of Bech32-encoded public keys, parses them, and returns a slice of new MasterKeys.
func (*MasterKey) Decrypt ¶
Decrypt decrypts the EncryptedKey with the parsed or loaded identities, and returns the result.
func (*MasterKey) Encrypt ¶
Encrypt takes a SOPS data key, encrypts it with the Recipient, and stores the result in the EncryptedKey field.
func (*MasterKey) EncryptIfNeeded ¶
EncryptIfNeeded encrypts the provided SOPS data key, if it has not been encrypted yet.
func (*MasterKey) EncryptedDataKey ¶
EncryptedDataKey returns the encrypted SOPS data key this master key holds.
func (*MasterKey) NeedsRotation ¶
NeedsRotation returns whether the data key needs to be rotated or not.
func (*MasterKey) SetEncryptedDataKey ¶
SetEncryptedDataKey sets the encrypted SOPS data key for this master key.
func (*MasterKey) TypeToIdentifier ¶
TypeToIdentifier returns the string identifier for the MasterKey type.
type ParsedIdentities ¶
ParsedIdentities contains a set of parsed age identities. It allows for creating a (local) keyservice.KeyServiceServer which parses identities only once, to then inject them using ApplyToMasterKey() for all requests.
func (ParsedIdentities) ApplyToMasterKey ¶
func (i ParsedIdentities) ApplyToMasterKey(key *MasterKey)
ApplyToMasterKey configures the ParsedIdentities on the provided key.
func (*ParsedIdentities) Import ¶
func (i *ParsedIdentities) Import(identity ...string) error
Import attempts to parse the given identities, to then add them to itself. It returns any parsing error. A single identity argument is allowed to be a multiline string containing multiple identities. Empty lines and lines starting with "#" are ignored. It is not thread safe, and parallel importing would better be done by parsing (using age.ParseIdentities) and appending to the slice yourself, in combination with e.g. a sync.Mutex.