plugin

package

v0.7.0 Latest Latest Go to latest Published: Apr 18, 2024 License: MIT Imports: 27 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/Azure/kubernetes-kms

Links

Open Source Insights

Documentation ¶

Index ¶

type Client
- func NewKeyVaultClient(config *config.AzureConfig, vaultName, keyName, keyVersion string, ...) (Client, error)
type Config
type HealthZ
- func (h *HealthZ) Serve()
- func (h *HealthZ) ServeHTTP(w http.ResponseWriter, _ *http.Request)
type KeyManagementServiceServer
- func NewKMSv1Server(kvClient Client) (*KeyManagementServiceServer, error)
type KeyManagementServiceV2Server
- func NewKMSv2Server(kvClient Client) (*KeyManagementServiceV2Server, error)
type KeyVaultClient

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client interface {
	Encrypt(
		ctx context.Context,
		plain []byte,
		encryptionAlgorithm kv.JSONWebKeyEncryptionAlgorithm,
	) (*service.EncryptResponse, error)
	Decrypt(
		ctx context.Context,
		cipher []byte,
		encryptionAlgorithm kv.JSONWebKeyEncryptionAlgorithm,
		apiVersion string,
		annotations map[string][]byte,
		decryptRequestKeyID string,
	) ([]byte, error)
	GetUserAgent() string
	GetVaultURL() string
}

Client interface for interacting with Keyvault.

func NewKeyVaultClient ¶ added in v0.5.0

func NewKeyVaultClient(
	config *config.AzureConfig,
	vaultName, keyName, keyVersion string,
	proxyMode bool,
	proxyAddress string,
	proxyPort int,
	managedHSM bool,
) (Client, error)

NewKeyVaultClient returns a new key vault client to use for kms operations.

type Config ¶ added in v0.3.0

type Config struct {
	ConfigFilePath string
	KeyVaultName   string
	KeyName        string
	KeyVersion     string
	ManagedHSM     bool
	ProxyMode      bool
	ProxyAddress   string
	ProxyPort      int
}

Config is the configuration for the KMS plugin.

type HealthZ ¶

type HealthZ struct {
	KMSv1Server    *KeyManagementServiceServer
	KMSv2Server    *KeyManagementServiceV2Server
	HealthCheckURL *url.URL
	UnixSocketPath string
	RPCTimeout     time.Duration
}

HealthZ is the health check server for the KMS plugin.

func (*HealthZ) Serve ¶

func (h *HealthZ) Serve()

Serve creates the http handler for serving health requests.

func (*HealthZ) ServeHTTP ¶

func (h *HealthZ) ServeHTTP(w http.ResponseWriter, _ *http.Request)

type KeyManagementServiceServer ¶

type KeyManagementServiceServer struct {
	// contains filtered or unexported fields
}

KeyManagementServiceServer is a gRPC server.

func NewKMSv1Server ¶ added in v0.5.0

func NewKMSv1Server(kvClient Client) (*KeyManagementServiceServer, error)

NewKMSv1Server creates an instance of the KMS Service Server.

func (*KeyManagementServiceServer) Decrypt ¶

func (s *KeyManagementServiceServer) Decrypt(ctx context.Context, request *kmsv1.DecryptRequest) (*kmsv1.DecryptResponse, error)

Decrypt message.

func (*KeyManagementServiceServer) Encrypt ¶

func (s *KeyManagementServiceServer) Encrypt(ctx context.Context, request *kmsv1.EncryptRequest) (*kmsv1.EncryptResponse, error)

Encrypt message.

func (*KeyManagementServiceServer) Version ¶

func (s *KeyManagementServiceServer) Version(_ context.Context, _ *kmsv1.VersionRequest) (*kmsv1.VersionResponse, error)

Version of kms.

type KeyManagementServiceV2Server ¶ added in v0.5.0

type KeyManagementServiceV2Server struct {
	// contains filtered or unexported fields
}

KeyManagementServiceV2Server is a gRPC server.

func NewKMSv2Server ¶ added in v0.5.0

func NewKMSv2Server(kvClient Client) (*KeyManagementServiceV2Server, error)

NewKMSv2Server creates an instance of the KMS Service Server with v2 apis.

func (*KeyManagementServiceV2Server) Decrypt ¶ added in v0.5.0

func (s *KeyManagementServiceV2Server) Decrypt(ctx context.Context, request *kmsv2.DecryptRequest) (*kmsv2.DecryptResponse, error)

Decrypt message.

func (*KeyManagementServiceV2Server) Encrypt ¶ added in v0.5.0

func (s *KeyManagementServiceV2Server) Encrypt(ctx context.Context, request *kmsv2.EncryptRequest) (*kmsv2.EncryptResponse, error)

Encrypt message.

func (*KeyManagementServiceV2Server) Status ¶ added in v0.5.0

func (s *KeyManagementServiceV2Server) Status(ctx context.Context, _ *kmsv2.StatusRequest) (*kmsv2.StatusResponse, error)

Status returns the health status of the KMS plugin.

type KeyVaultClient ¶ added in v0.5.0

type KeyVaultClient struct {
	// contains filtered or unexported fields
}

KeyVaultClient is a client for interacting with Keyvault.

func (*KeyVaultClient) Decrypt ¶ added in v0.5.0

func (kvc *KeyVaultClient) Decrypt(
	ctx context.Context,
	cipher []byte,
	encryptionAlgorithm kv.JSONWebKeyEncryptionAlgorithm,
	apiVersion string,
	annotations map[string][]byte,
	decryptRequestKeyID string,
) ([]byte, error)

Decrypt decrypts the given cipher text using the keyvault key.

func (*KeyVaultClient) Encrypt ¶ added in v0.5.0

func (kvc *KeyVaultClient) Encrypt(
	ctx context.Context,
	plain []byte,
	encryptionAlgorithm kv.JSONWebKeyEncryptionAlgorithm,
) (*service.EncryptResponse, error)

Encrypt encrypts the given plain text using the keyvault key.

func (*KeyVaultClient) GetUserAgent ¶ added in v0.5.0

func (kvc *KeyVaultClient) GetUserAgent() string

func (*KeyVaultClient) GetVaultURL ¶ added in v0.5.0

func (kvc *KeyVaultClient) GetVaultURL() string

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mock_keyvault

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL