Documentation ¶
Overview ¶
Package options defines options for KMS clients
Package options contains functional options for the various SignerVerifiers
Index ¶
- type NoOpOptionImpl
- func (NoOpOptionImpl) ApplyContext(_ *context.Context)
- func (NoOpOptionImpl) ApplyCryptoSignerOpts(_ *crypto.SignerOpts)
- func (NoOpOptionImpl) ApplyDigest(_ *[]byte)
- func (NoOpOptionImpl) ApplyED25519ph(_ *bool)
- func (NoOpOptionImpl) ApplyHash(_ *crypto.Hash)
- func (NoOpOptionImpl) ApplyKeyVersion(_ *string)
- func (NoOpOptionImpl) ApplyKeyVersionUsed(_ **string)
- func (NoOpOptionImpl) ApplyRPCAuthOpts(_ *RPCAuth)
- func (NoOpOptionImpl) ApplyRSAPSS(_ **rsa.PSSOptions)
- func (NoOpOptionImpl) ApplyRand(_ *io.Reader)
- func (NoOpOptionImpl) ApplyRemoteVerification(_ *bool)
- type RPCAuth
- type RPCAuthOIDC
- type RPCAuthOpts
- type RequestContext
- type RequestCryptoSignerOpts
- type RequestDigest
- type RequestED25519ph
- type RequestHash
- type RequestKeyVersion
- type RequestKeyVersionUsed
- type RequestPSSOptions
- type RequestRand
- type RequestRemoteVerification
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type NoOpOptionImpl ¶
type NoOpOptionImpl struct{}
NoOpOptionImpl implements the RPCOption, SignOption, VerifyOption interfaces as no-ops.
func (NoOpOptionImpl) ApplyContext ¶
func (NoOpOptionImpl) ApplyContext(_ *context.Context)
ApplyContext is a no-op required to fully implement the requisite interfaces
func (NoOpOptionImpl) ApplyCryptoSignerOpts ¶
func (NoOpOptionImpl) ApplyCryptoSignerOpts(_ *crypto.SignerOpts)
ApplyCryptoSignerOpts is a no-op required to fully implement the requisite interfaces
func (NoOpOptionImpl) ApplyDigest ¶
func (NoOpOptionImpl) ApplyDigest(_ *[]byte)
ApplyDigest is a no-op required to fully implement the requisite interfaces
func (NoOpOptionImpl) ApplyED25519ph ¶
func (NoOpOptionImpl) ApplyED25519ph(_ *bool)
ApplyED25519ph is a no-op required to fully implement the requisite interfaces
func (NoOpOptionImpl) ApplyHash ¶
func (NoOpOptionImpl) ApplyHash(_ *crypto.Hash)
ApplyHash is a no-op required to fully implement the requisite interfaces
func (NoOpOptionImpl) ApplyKeyVersion ¶
func (NoOpOptionImpl) ApplyKeyVersion(_ *string)
ApplyKeyVersion is a no-op required to fully implement the requisite interfaces
func (NoOpOptionImpl) ApplyKeyVersionUsed ¶
func (NoOpOptionImpl) ApplyKeyVersionUsed(_ **string)
ApplyKeyVersionUsed is a no-op required to fully implement the requisite interfaces
func (NoOpOptionImpl) ApplyRPCAuthOpts ¶
func (NoOpOptionImpl) ApplyRPCAuthOpts(_ *RPCAuth)
ApplyRPCAuthOpts is a no-op required to fully implement the requisite interfaces
func (NoOpOptionImpl) ApplyRSAPSS ¶
func (NoOpOptionImpl) ApplyRSAPSS(_ **rsa.PSSOptions)
ApplyRSAPSS is a no-op required to fully implement the requisite interfaces
func (NoOpOptionImpl) ApplyRand ¶
func (NoOpOptionImpl) ApplyRand(_ *io.Reader)
ApplyRand is a no-op required to fully implement the requisite interfaces
func (NoOpOptionImpl) ApplyRemoteVerification ¶
func (NoOpOptionImpl) ApplyRemoteVerification(_ *bool)
ApplyRemoteVerification is a no-op required to fully implement the requisite interfaces
type RPCAuth ¶
type RPCAuth struct { Address string // address is the remote server address, e.g. https://vault:8200 Path string // path for the RPC, in vault this is the transit path which default to "transit" Token string // token used for RPC, in vault this is the VAULT_TOKEN value OIDC RPCAuthOIDC }
RPCAuth provides credentials for RPC calls, empty fields are ignored
type RPCAuthOIDC ¶
type RPCAuthOIDC struct { Path string // path defaults to "jwt" for vault Role string // role is required for jwt logins Token string // token is a jwt with vault }
RPCAuthOIDC is used to perform the RPC login using OIDC instead of a fixed token
type RPCAuthOpts ¶
type RPCAuthOpts struct { NoOpOptionImpl // contains filtered or unexported fields }
RPCAuthOpts includes authentication settings for RPC calls
func WithRPCAuthOpts ¶
func WithRPCAuthOpts(opts RPCAuth) RPCAuthOpts
WithRPCAuthOpts specifies RPCAuth settings to be used with RPC logins
func (RPCAuthOpts) ApplyRPCAuthOpts ¶
func (r RPCAuthOpts) ApplyRPCAuthOpts(opts *RPCAuth)
ApplyRPCAuthOpts sets the RPCAuth as a function option
type RequestContext ¶
type RequestContext struct { NoOpOptionImpl // contains filtered or unexported fields }
RequestContext implements the functional option pattern for including a context during RPC
func WithContext ¶
func WithContext(ctx context.Context) RequestContext
WithContext specifies that the given context should be used in RPC to external services
func (RequestContext) ApplyContext ¶
func (r RequestContext) ApplyContext(ctx *context.Context)
ApplyContext sets the specified context as the functional option
type RequestCryptoSignerOpts ¶
type RequestCryptoSignerOpts struct { NoOpOptionImpl // contains filtered or unexported fields }
RequestCryptoSignerOpts implements the functional option pattern for supplying crypto.SignerOpts when signing or verifying
func WithCryptoSignerOpts ¶
func WithCryptoSignerOpts(opts crypto.SignerOpts) RequestCryptoSignerOpts
WithCryptoSignerOpts specifies that provided crypto.SignerOpts be used during signing and verification operations
func (RequestCryptoSignerOpts) ApplyCryptoSignerOpts ¶
func (r RequestCryptoSignerOpts) ApplyCryptoSignerOpts(opts *crypto.SignerOpts)
ApplyCryptoSignerOpts sets crypto.SignerOpts as a functional option
type RequestDigest ¶
type RequestDigest struct { NoOpOptionImpl // contains filtered or unexported fields }
RequestDigest implements the functional option pattern for specifying a digest value
func WithDigest ¶
func WithDigest(digest []byte) RequestDigest
WithDigest specifies that the given digest can be used by underlying signature implementations WARNING: When verifying a digest with ECDSA, it is trivial to craft a valid signature over a random message given a public key. Do not use this unles you understand the implications and do not need to protect against malleability.
func (RequestDigest) ApplyDigest ¶
func (r RequestDigest) ApplyDigest(digest *[]byte)
ApplyDigest sets the specified digest value as the functional option
type RequestED25519ph ¶
type RequestED25519ph struct { NoOpOptionImpl // contains filtered or unexported fields }
RequestED25519ph implements the functional option pattern for specifying ED25519ph (pre-hashed) should be used when loading a signer or verifier and a ED25519 key is
func WithED25519ph ¶
func WithED25519ph() RequestED25519ph
WithED25519ph specifies that the ED25519ph algorithm should be used when a ED25519 key is used
func (RequestED25519ph) ApplyED25519ph ¶
func (r RequestED25519ph) ApplyED25519ph(useED25519ph *bool)
ApplyED25519ph sets the ED25519ph flag as requested by the functional option
type RequestHash ¶
type RequestHash struct { NoOpOptionImpl // contains filtered or unexported fields }
RequestHash implements the functional option pattern for setting a Hash function when loading a signer or verifier
func WithHash ¶
func WithHash(hash crypto.Hash) RequestHash
WithHash specifies that the given hash function should be used when loading a signer or verifier
func (RequestHash) ApplyHash ¶
func (r RequestHash) ApplyHash(hash *crypto.Hash)
ApplyHash sets the hash as requested by the functional option
type RequestKeyVersion ¶
type RequestKeyVersion struct { NoOpOptionImpl // contains filtered or unexported fields }
RequestKeyVersion implements the functional option pattern for specifying the KMS key version during signing or verification
func WithKeyVersion ¶
func WithKeyVersion(keyVersion string) RequestKeyVersion
WithKeyVersion specifies that a specific KMS key version be used during signing and verification operations; a value of 0 will use the latest version of the key (default)
func (RequestKeyVersion) ApplyKeyVersion ¶
func (r RequestKeyVersion) ApplyKeyVersion(keyVersion *string)
ApplyKeyVersion sets the KMS's key version as a functional option
type RequestKeyVersionUsed ¶
type RequestKeyVersionUsed struct { NoOpOptionImpl // contains filtered or unexported fields }
RequestKeyVersionUsed implements the functional option pattern for obtaining the KMS key version used during signing
func ReturnKeyVersionUsed ¶
func ReturnKeyVersionUsed(keyVersionUsed *string) RequestKeyVersionUsed
ReturnKeyVersionUsed specifies that the specific KMS key version that was used during signing should be stored in the pointer provided
func (RequestKeyVersionUsed) ApplyKeyVersionUsed ¶
func (r RequestKeyVersionUsed) ApplyKeyVersionUsed(keyVersionUsed **string)
ApplyKeyVersionUsed requests to store the KMS's key version that was used as a functional option
type RequestPSSOptions ¶
type RequestPSSOptions struct { NoOpOptionImpl // contains filtered or unexported fields }
RequestPSSOptions implements the functional option pattern for specifying RSA PSS should be used when loading a signer or verifier and a RSA key is detected
func WithRSAPSS ¶
func WithRSAPSS(opts *rsa.PSSOptions) RequestPSSOptions
WithRSAPSS specifies that the RSAPSS algorithm should be used when a RSA key is used Note that the RSA PSSOptions contains an hash algorithm, which will override the hash function specified with WithHash.
func (RequestPSSOptions) ApplyRSAPSS ¶
func (r RequestPSSOptions) ApplyRSAPSS(opts **rsa.PSSOptions)
ApplyRSAPSS sets the RSAPSS options as requested by the functional option
type RequestRand ¶
type RequestRand struct { NoOpOptionImpl // contains filtered or unexported fields }
RequestRand implements the functional option pattern for using a specific source of entropy
func WithRand ¶
func WithRand(rand io.Reader) RequestRand
WithRand specifies that the given source of entropy should be used in signing operations
func (RequestRand) ApplyRand ¶
func (r RequestRand) ApplyRand(rand *io.Reader)
ApplyRand sets the specified source of entropy as the functional option
type RequestRemoteVerification ¶
type RequestRemoteVerification struct { NoOpOptionImpl // contains filtered or unexported fields }
RequestRemoteVerification implements the functional option pattern for remotely verifiying signatures when possible
func WithRemoteVerification ¶
func WithRemoteVerification(remoteVerification bool) RequestRemoteVerification
WithRemoteVerification specifies that the verification operation should be performed remotely (vs in the process of the caller)
func (RequestRemoteVerification) ApplyRemoteVerification ¶
func (r RequestRemoteVerification) ApplyRemoteVerification(remoteVerification *bool)
ApplyRemoteVerification sets remote verification as a functional option