cloudkms

package

v0.22.0 Latest Latest Go to latest Published: Aug 26, 2021 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation ¶

Overview ¶

Package cloudkms provides a Google Cloud Key Management Service (KMS) implementation of the crypto.Signer interface.

The documentation for Google Cloud KMS can be found here: https://cloud.google.com/kms/docs

Index ¶

type Client
- func NewClient(ctx context.Context, opts ...option.ClientOption) (*Client, error)
- func (c *Client) GetPublicKey(ctx context.Context, key Key) (crypto.PublicKey, crypto.HashAlgorithm, error)
- func (c *Client) SignerForKey(ctx context.Context, key Key) (*Signer, error)
type Key
- func KeyFromResourceID(resourceID string) (Key, error)
- func (k Key) ResourceID() string
type Signer
- func (s *Signer) Sign(message []byte) ([]byte, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client is a client for interacting with the Google Cloud KMS API using types native to the Flow Go SDK.

func NewClient ¶

func NewClient(ctx context.Context, opts ...option.ClientOption) (*Client, error)

NewClient creates a new KMS client.

func (*Client) GetPublicKey ¶

func (c *Client) GetPublicKey(ctx context.Context, key Key) (crypto.PublicKey, crypto.HashAlgorithm, error)

GetPublicKey fetches the public key portion of a KMS asymmetric signing key version.

ECDSA_P256 is currently the only Flow signature algorithm supported by Google Cloud KMS.

Ref: https://cloud.google.com/kms/docs/retrieve-public-key

func (*Client) SignerForKey ¶

func (c *Client) SignerForKey(
	ctx context.Context,
	key Key,
) (*Signer, error)

SignerForKey returns a new Google Cloud KMS signer for an asymmetric key version.

type Key ¶

type Key struct {
	ProjectID  string `json:"projectId"`
	LocationID string `json:"locationId"`
	KeyRingID  string `json:"keyRingId"`
	KeyID      string `json:"keyId"`
	KeyVersion string `json:"keyVersion"`
}

Key is a reference to a Google Cloud KMS asymmetric signing key version.

Ref: https://cloud.google.com/kms/docs/creating-asymmetric-keys#create_an_asymmetric_signing_key

func KeyFromResourceID ¶

func KeyFromResourceID(resourceID string) (Key, error)

func (Key) ResourceID ¶

func (k Key) ResourceID() string

ResourceID returns the resource ID for this KMS key version.

Ref: https://cloud.google.com/kms/docs/getting-resource-ids

type Signer ¶

type Signer struct {
	// contains filtered or unexported fields
}

Signer is a Google Cloud KMS implementation of crypto.Signer.

func (*Signer) Sign ¶

func (s *Signer) Sign(message []byte) ([]byte, error)

Sign signs the given message using the KMS signing key for this signer.

Reference: https://cloud.google.com/kms/docs/create-validate-signatures

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL