keyservice

package
v3.9.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 16, 2024 License: MPL-2.0 Imports: 18 Imported by: 0

Documentation

Overview

Package keyservice implements a gRPC API that can be used by SOPS to encrypt and decrypt the data key using remote master keys.

Index

Constants

This section is empty.

Variables

View Source
var File_keyservice_keyservice_proto protoreflect.FileDescriptor

Functions

func RegisterKeyServiceServer

func RegisterKeyServiceServer(s *grpc.Server, srv KeyServiceServer)

Types

type AgeKey

type AgeKey struct {
	Recipient string `protobuf:"bytes,1,opt,name=recipient,proto3" json:"recipient,omitempty"`
	// contains filtered or unexported fields
}

func (*AgeKey) Descriptor deprecated

func (*AgeKey) Descriptor() ([]byte, []int)

Deprecated: Use AgeKey.ProtoReflect.Descriptor instead.

func (*AgeKey) GetRecipient

func (x *AgeKey) GetRecipient() string

func (*AgeKey) ProtoMessage

func (*AgeKey) ProtoMessage()

func (*AgeKey) ProtoReflect

func (x *AgeKey) ProtoReflect() protoreflect.Message

func (*AgeKey) Reset

func (x *AgeKey) Reset()

func (*AgeKey) String

func (x *AgeKey) String() string

type AzureKeyVaultKey

type AzureKeyVaultKey struct {
	VaultUrl string `protobuf:"bytes,1,opt,name=vault_url,json=vaultUrl,proto3" json:"vault_url,omitempty"`
	Name     string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
	Version  string `protobuf:"bytes,3,opt,name=version,proto3" json:"version,omitempty"`
	// contains filtered or unexported fields
}

func (*AzureKeyVaultKey) Descriptor deprecated

func (*AzureKeyVaultKey) Descriptor() ([]byte, []int)

Deprecated: Use AzureKeyVaultKey.ProtoReflect.Descriptor instead.

func (*AzureKeyVaultKey) GetName

func (x *AzureKeyVaultKey) GetName() string

func (*AzureKeyVaultKey) GetVaultUrl

func (x *AzureKeyVaultKey) GetVaultUrl() string

func (*AzureKeyVaultKey) GetVersion

func (x *AzureKeyVaultKey) GetVersion() string

func (*AzureKeyVaultKey) ProtoMessage

func (*AzureKeyVaultKey) ProtoMessage()

func (*AzureKeyVaultKey) ProtoReflect

func (x *AzureKeyVaultKey) ProtoReflect() protoreflect.Message

func (*AzureKeyVaultKey) Reset

func (x *AzureKeyVaultKey) Reset()

func (*AzureKeyVaultKey) String

func (x *AzureKeyVaultKey) String() string

type DecryptRequest

type DecryptRequest struct {
	Key        *Key   `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
	Ciphertext []byte `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
	// contains filtered or unexported fields
}

func (*DecryptRequest) Descriptor deprecated

func (*DecryptRequest) Descriptor() ([]byte, []int)

Deprecated: Use DecryptRequest.ProtoReflect.Descriptor instead.

func (*DecryptRequest) GetCiphertext

func (x *DecryptRequest) GetCiphertext() []byte

func (*DecryptRequest) GetKey

func (x *DecryptRequest) GetKey() *Key

func (*DecryptRequest) ProtoMessage

func (*DecryptRequest) ProtoMessage()

func (*DecryptRequest) ProtoReflect

func (x *DecryptRequest) ProtoReflect() protoreflect.Message

func (*DecryptRequest) Reset

func (x *DecryptRequest) Reset()

func (*DecryptRequest) String

func (x *DecryptRequest) String() string

type DecryptResponse

type DecryptResponse struct {
	Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"`
	// contains filtered or unexported fields
}

func (*DecryptResponse) Descriptor deprecated

func (*DecryptResponse) Descriptor() ([]byte, []int)

Deprecated: Use DecryptResponse.ProtoReflect.Descriptor instead.

func (*DecryptResponse) GetPlaintext

func (x *DecryptResponse) GetPlaintext() []byte

func (*DecryptResponse) ProtoMessage

func (*DecryptResponse) ProtoMessage()

func (*DecryptResponse) ProtoReflect

func (x *DecryptResponse) ProtoReflect() protoreflect.Message

func (*DecryptResponse) Reset

func (x *DecryptResponse) Reset()

func (*DecryptResponse) String

func (x *DecryptResponse) String() string

type EncryptRequest

type EncryptRequest struct {
	Key       *Key   `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
	Plaintext []byte `protobuf:"bytes,2,opt,name=plaintext,proto3" json:"plaintext,omitempty"`
	// contains filtered or unexported fields
}

func (*EncryptRequest) Descriptor deprecated

func (*EncryptRequest) Descriptor() ([]byte, []int)

Deprecated: Use EncryptRequest.ProtoReflect.Descriptor instead.

func (*EncryptRequest) GetKey

func (x *EncryptRequest) GetKey() *Key

func (*EncryptRequest) GetPlaintext

func (x *EncryptRequest) GetPlaintext() []byte

func (*EncryptRequest) ProtoMessage

func (*EncryptRequest) ProtoMessage()

func (*EncryptRequest) ProtoReflect

func (x *EncryptRequest) ProtoReflect() protoreflect.Message

func (*EncryptRequest) Reset

func (x *EncryptRequest) Reset()

func (*EncryptRequest) String

func (x *EncryptRequest) String() string

type EncryptResponse

type EncryptResponse struct {
	Ciphertext []byte `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
	// contains filtered or unexported fields
}

func (*EncryptResponse) Descriptor deprecated

func (*EncryptResponse) Descriptor() ([]byte, []int)

Deprecated: Use EncryptResponse.ProtoReflect.Descriptor instead.

func (*EncryptResponse) GetCiphertext

func (x *EncryptResponse) GetCiphertext() []byte

func (*EncryptResponse) ProtoMessage

func (*EncryptResponse) ProtoMessage()

func (*EncryptResponse) ProtoReflect

func (x *EncryptResponse) ProtoReflect() protoreflect.Message

func (*EncryptResponse) Reset

func (x *EncryptResponse) Reset()

func (*EncryptResponse) String

func (x *EncryptResponse) String() string

type GcpKmsKey

type GcpKmsKey struct {
	ResourceId string `protobuf:"bytes,1,opt,name=resource_id,json=resourceId,proto3" json:"resource_id,omitempty"`
	// contains filtered or unexported fields
}

func (*GcpKmsKey) Descriptor deprecated

func (*GcpKmsKey) Descriptor() ([]byte, []int)

Deprecated: Use GcpKmsKey.ProtoReflect.Descriptor instead.

func (*GcpKmsKey) GetResourceId

func (x *GcpKmsKey) GetResourceId() string

func (*GcpKmsKey) ProtoMessage

func (*GcpKmsKey) ProtoMessage()

func (*GcpKmsKey) ProtoReflect

func (x *GcpKmsKey) ProtoReflect() protoreflect.Message

func (*GcpKmsKey) Reset

func (x *GcpKmsKey) Reset()

func (*GcpKmsKey) String

func (x *GcpKmsKey) String() string

type Key

type Key struct {

	// Types that are assignable to KeyType:
	//	*Key_KmsKey
	//	*Key_PgpKey
	//	*Key_GcpKmsKey
	//	*Key_AzureKeyvaultKey
	//	*Key_VaultKey
	//	*Key_AgeKey
	KeyType isKey_KeyType `protobuf_oneof:"key_type"`
	// contains filtered or unexported fields
}

func KeyFromMasterKey

func KeyFromMasterKey(mk keys.MasterKey) Key

KeyFromMasterKey converts a SOPS internal MasterKey to an RPC Key that can be serialized with Protocol Buffers

func (*Key) Descriptor deprecated

func (*Key) Descriptor() ([]byte, []int)

Deprecated: Use Key.ProtoReflect.Descriptor instead.

func (*Key) GetAgeKey

func (x *Key) GetAgeKey() *AgeKey

func (*Key) GetAzureKeyvaultKey

func (x *Key) GetAzureKeyvaultKey() *AzureKeyVaultKey

func (*Key) GetGcpKmsKey

func (x *Key) GetGcpKmsKey() *GcpKmsKey

func (*Key) GetKeyType

func (m *Key) GetKeyType() isKey_KeyType

func (*Key) GetKmsKey

func (x *Key) GetKmsKey() *KmsKey

func (*Key) GetPgpKey

func (x *Key) GetPgpKey() *PgpKey

func (*Key) GetVaultKey

func (x *Key) GetVaultKey() *VaultKey

func (*Key) ProtoMessage

func (*Key) ProtoMessage()

func (*Key) ProtoReflect

func (x *Key) ProtoReflect() protoreflect.Message

func (*Key) Reset

func (x *Key) Reset()

func (*Key) String

func (x *Key) String() string

type KeyServiceClient

type KeyServiceClient interface {
	Encrypt(ctx context.Context, in *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error)
	Decrypt(ctx context.Context, in *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error)
}

KeyServiceClient is the client API for KeyService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewKeyServiceClient

func NewKeyServiceClient(cc grpc.ClientConnInterface) KeyServiceClient

type KeyServiceServer

type KeyServiceServer interface {
	Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error)
	Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error)
}

KeyServiceServer is the server API for KeyService service.

type Key_AgeKey

type Key_AgeKey struct {
	AgeKey *AgeKey `protobuf:"bytes,6,opt,name=age_key,json=ageKey,proto3,oneof"`
}

type Key_AzureKeyvaultKey

type Key_AzureKeyvaultKey struct {
	AzureKeyvaultKey *AzureKeyVaultKey `protobuf:"bytes,4,opt,name=azure_keyvault_key,json=azureKeyvaultKey,proto3,oneof"`
}

type Key_GcpKmsKey

type Key_GcpKmsKey struct {
	GcpKmsKey *GcpKmsKey `protobuf:"bytes,3,opt,name=gcp_kms_key,json=gcpKmsKey,proto3,oneof"`
}

type Key_KmsKey

type Key_KmsKey struct {
	KmsKey *KmsKey `protobuf:"bytes,1,opt,name=kms_key,json=kmsKey,proto3,oneof"`
}

type Key_PgpKey

type Key_PgpKey struct {
	PgpKey *PgpKey `protobuf:"bytes,2,opt,name=pgp_key,json=pgpKey,proto3,oneof"`
}

type Key_VaultKey

type Key_VaultKey struct {
	VaultKey *VaultKey `protobuf:"bytes,5,opt,name=vault_key,json=vaultKey,proto3,oneof"`
}

type KmsKey

type KmsKey struct {
	Arn        string            `protobuf:"bytes,1,opt,name=arn,proto3" json:"arn,omitempty"`
	Role       string            `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"`
	Context    map[string]string `` /* 155-byte string literal not displayed */
	AwsProfile string            `protobuf:"bytes,4,opt,name=aws_profile,json=awsProfile,proto3" json:"aws_profile,omitempty"`
	// contains filtered or unexported fields
}

func (*KmsKey) Descriptor deprecated

func (*KmsKey) Descriptor() ([]byte, []int)

Deprecated: Use KmsKey.ProtoReflect.Descriptor instead.

func (*KmsKey) GetArn

func (x *KmsKey) GetArn() string

func (*KmsKey) GetAwsProfile

func (x *KmsKey) GetAwsProfile() string

func (*KmsKey) GetContext

func (x *KmsKey) GetContext() map[string]string

func (*KmsKey) GetRole

func (x *KmsKey) GetRole() string

func (*KmsKey) ProtoMessage

func (*KmsKey) ProtoMessage()

func (*KmsKey) ProtoReflect

func (x *KmsKey) ProtoReflect() protoreflect.Message

func (*KmsKey) Reset

func (x *KmsKey) Reset()

func (*KmsKey) String

func (x *KmsKey) String() string

type LocalClient

type LocalClient struct {
	Server KeyServiceServer
}

LocalClient is a key service client that performs all operations locally

func NewCustomLocalClient

func NewCustomLocalClient(server KeyServiceServer) LocalClient

NewCustomLocalClient creates a new local client with a non-default backing KeyServiceServer implementation

func NewLocalClient

func NewLocalClient() LocalClient

NewLocalClient creates a new local client

func (LocalClient) Decrypt

func (c LocalClient) Decrypt(ctx context.Context,
	req *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error)

Decrypt processes a decrypt request locally See keyservice/server.go for more details

func (LocalClient) Encrypt

func (c LocalClient) Encrypt(ctx context.Context,
	req *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error)

Encrypt processes an encrypt request locally See keyservice/server.go for more details

type PgpKey

type PgpKey struct {
	Fingerprint string `protobuf:"bytes,1,opt,name=fingerprint,proto3" json:"fingerprint,omitempty"`
	// contains filtered or unexported fields
}

func (*PgpKey) Descriptor deprecated

func (*PgpKey) Descriptor() ([]byte, []int)

Deprecated: Use PgpKey.ProtoReflect.Descriptor instead.

func (*PgpKey) GetFingerprint

func (x *PgpKey) GetFingerprint() string

func (*PgpKey) ProtoMessage

func (*PgpKey) ProtoMessage()

func (*PgpKey) ProtoReflect

func (x *PgpKey) ProtoReflect() protoreflect.Message

func (*PgpKey) Reset

func (x *PgpKey) Reset()

func (*PgpKey) String

func (x *PgpKey) String() string

type Server

type Server struct {
	// Prompt indicates whether the server should prompt before decrypting or encrypting data
	Prompt bool
}

Server is a key service server that uses SOPS MasterKeys to fulfill requests

func (Server) Decrypt

func (ks Server) Decrypt(ctx context.Context,
	req *DecryptRequest) (*DecryptResponse, error)

Decrypt takes a decrypt request and decrypts the provided ciphertext with the provided key, returning the decrypted result

func (Server) Encrypt

func (ks Server) Encrypt(ctx context.Context,
	req *EncryptRequest) (*EncryptResponse, error)

Encrypt takes an encrypt request and encrypts the provided plaintext with the provided key, returning the encrypted result

type UnimplementedKeyServiceServer

type UnimplementedKeyServiceServer struct {
}

UnimplementedKeyServiceServer can be embedded to have forward compatible implementations.

func (*UnimplementedKeyServiceServer) Decrypt

func (*UnimplementedKeyServiceServer) Encrypt

type VaultKey

type VaultKey struct {
	VaultAddress string `protobuf:"bytes,1,opt,name=vault_address,json=vaultAddress,proto3" json:"vault_address,omitempty"`
	EnginePath   string `protobuf:"bytes,2,opt,name=engine_path,json=enginePath,proto3" json:"engine_path,omitempty"`
	KeyName      string `protobuf:"bytes,3,opt,name=key_name,json=keyName,proto3" json:"key_name,omitempty"`
	// contains filtered or unexported fields
}

func (*VaultKey) Descriptor deprecated

func (*VaultKey) Descriptor() ([]byte, []int)

Deprecated: Use VaultKey.ProtoReflect.Descriptor instead.

func (*VaultKey) GetEnginePath

func (x *VaultKey) GetEnginePath() string

func (*VaultKey) GetKeyName

func (x *VaultKey) GetKeyName() string

func (*VaultKey) GetVaultAddress

func (x *VaultKey) GetVaultAddress() string

func (*VaultKey) ProtoMessage

func (*VaultKey) ProtoMessage()

func (*VaultKey) ProtoReflect

func (x *VaultKey) ProtoReflect() protoreflect.Message

func (*VaultKey) Reset

func (x *VaultKey) Reset()

func (*VaultKey) String

func (x *VaultKey) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL