Documentation
¶
Index ¶
- Constants
- type CredentialJSON
- type MasterKey
- func (key *MasterKey) Decrypt() ([]byte, error)
- func (key *MasterKey) Encrypt(dataKey []byte) error
- func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error
- func (key *MasterKey) EncryptedDataKey() []byte
- func (key *MasterKey) NeedsRotation() bool
- func (key *MasterKey) SetEncryptedDataKey(enc []byte)
- func (key MasterKey) ToMap() map[string]interface{}
- func (key *MasterKey) ToString() string
- func (key *MasterKey) TypeToIdentifier() string
Constants ¶
const ( // SopsGoogleCredentialsEnv can be set as an environment variable as either // a path to a credentials file, or directly as the variable's value in JSON // format. SopsGoogleCredentialsEnv = "GOOGLE_CREDENTIALS" // KeyTypeIdentifier is the string used to identify a GCP KMS MasterKey. KeyTypeIdentifier = "gcp_kms" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CredentialJSON ¶
type CredentialJSON []byte
CredentialJSON is the Service Account credentials JSON used for authenticating towards the GCP KMS service.
func (CredentialJSON) ApplyToMasterKey ¶
func (c CredentialJSON) ApplyToMasterKey(key *MasterKey)
ApplyToMasterKey configures the CredentialJSON on the provided key.
type MasterKey ¶
type MasterKey struct {
// ResourceID is the resource id used to refer to the gcp kms key.
// It can be retrieved using the `gcloud` command.
ResourceID string
// EncryptedKey is the string returned after encrypting with GCP KMS.
EncryptedKey string
// CreationDate is the creation timestamp of the MasterKey. Used
// for NeedsRotation.
CreationDate time.Time
// contains filtered or unexported fields
}
MasterKey is a GCP KMS key used to encrypt and decrypt the SOPS data key.
func MasterKeysFromResourceIDString ¶
MasterKeysFromResourceIDString takes a comma separated list of GCP KMS resource IDs and returns a slice of new MasterKeys for them.
func NewMasterKeyFromResourceID ¶
NewMasterKeyFromResourceID creates a new MasterKey with the provided resource ID.
func (*MasterKey) Decrypt ¶
Decrypt decrypts the EncryptedKey field with GCP KMS and returns the result.
func (*MasterKey) Encrypt ¶
Encrypt takes a SOPS data key, encrypts it with GCP KMS, and stores the result in the EncryptedKey field.
func (*MasterKey) EncryptIfNeeded ¶
EncryptIfNeeded encrypts the provided SOPS data key, if it has not been encrypted yet.
func (*MasterKey) EncryptedDataKey ¶
EncryptedDataKey returns the encrypted data key this master key holds.
func (*MasterKey) NeedsRotation ¶
NeedsRotation returns whether the data key needs to be rotated or not.
func (*MasterKey) SetEncryptedDataKey ¶
SetEncryptedDataKey sets the encrypted data key for this master key.
func (*MasterKey) TypeToIdentifier ¶
TypeToIdentifier returns the string identifier for the MasterKey type.
Source Files