Documentation
¶
Index ¶
- Constants
- type BatchRequestItem
- type DecryptBatchResponseItem
- type EncryptBatchResponseItem
- type GenerateRequest
- type GenerateResponse
- type KeyConfiguration
- type Transit
- func (t Transit) Backup(ctx context.Context, keyName, engineName string) (string, error)
- func (t Transit) CheckEngine(engineName string) (bool, error)
- func (t Transit) CreateKey(ctx context.Context, name, keyType, engineName string) error
- func (t Transit) Decrypt(ctx context.Context, key, engineName string, req BatchRequestItem) (DecryptBatchResponseItem, error)
- func (t Transit) DeleteKey(ctx context.Context, name, engineName string) error
- func (t Transit) Encrypt(ctx context.Context, key, engineName string, req BatchRequestItem) (EncryptBatchResponseItem, error)
- func (t Transit) Export(ctx context.Context, keyName, engineName, exportType, version string) (map[string]string, error)
- func (t Transit) GenerateKey(ctx context.Context, engineName string, req GenerateRequest) (GenerateResponse, error)
- func (t Transit) GenerateRandomBytes(ctx context.Context, urlBytes, format string, bytesCount int) (string, error)
- func (t Transit) GetKey(ctx context.Context, name, engineName string) (*keysutil.Policy, error)
- func (t Transit) HMAC(ctx context.Context, keyName, inputB64, algo string, keyVersion int, ...) (string, error)
- func (t Transit) Hash(ctx context.Context, inputB64 string, algo structs.HashType, format string) (string, error)
- func (t Transit) ListKeys(ctx context.Context, engineName string) ([]string, error)
- func (t Transit) Restore(ctx context.Context, keyName, engineName, backup64 string, force bool) error
- func (t Transit) Rewrap(ctx context.Context, key, engineName string, req BatchRequestItem) (EncryptBatchResponseItem, error)
- func (t Transit) Rotate(ctx context.Context, keyName, engineName string) error
- func (t *Transit) Sign(ctx context.Context, req *structs.SignParameters, engineName string) (*structs.SignResponse, error)
- func (t Transit) UpdateKeyConfiguration(ctx context.Context, name, engineName string, config KeyConfiguration) error
- func (t *Transit) VerifySign(ctx context.Context, req *structs.VerificationRequest, engineName string) (*structs.VerificationResponse, error)
Constants ¶
View Source
const ( ExportTypeEncryptionKey = "encryption-key" ExportTypeSigningKey = "signing-key" ExportTypeHMACKey = "hmac-key" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type BatchRequestItem ¶
type BatchRequestItem struct {
// Context for key derivation. This is required for derived keys.
Context string `json:"context" structs:"context" mapstructure:"context"`
// DecodedContext is the base64 decoded version of Context
DecodedContext []byte
// Plaintext for encryption
Plaintext string `json:"plaintext" structs:"plaintext" mapstructure:"plaintext"`
// Ciphertext for decryption
Ciphertext string `json:"ciphertext" structs:"ciphertext" mapstructure:"ciphertext"`
// Nonce to be used when v1 convergent encryption is used
Nonce string `json:"nonce" structs:"nonce" mapstructure:"nonce"`
// The key version to be used for encryption
KeyVersion int `json:"key_version" structs:"key_version" mapstructure:"key_version"`
// DecodedNonce is the base64 decoded version of Nonce
DecodedNonce []byte
}
BatchRequestItem represents a request item for batch processing
type DecryptBatchResponseItem ¶
type DecryptBatchResponseItem struct {
// Plaintext for the ciphertext present in the corresponding batch
// request item
Plaintext string `json:"plaintext" structs:"plaintext" mapstructure:"plaintext"`
}
type EncryptBatchResponseItem ¶
type EncryptBatchResponseItem struct {
// Ciphertext for the plaintext present in the corresponding batch
// request item
Ciphertext string `json:"ciphertext,omitempty" structs:"ciphertext" mapstructure:"ciphertext"`
// KeyVersion defines the key version used to encrypt plaintext.
KeyVersion int `json:"key_version,omitempty" structs:"key_version" mapstructure:"key_version"`
}
EncryptBatchResponseItem represents a response item for batch processing
type GenerateRequest ¶ added in v0.2.0
type GenerateResponse ¶ added in v0.2.0
type KeyConfiguration ¶ added in v0.2.0
type KeyConfiguration struct {
// MinDecryptionVersion if set, the minimum version of the key allowed to be decrypted.
// For signing keys, the minimum version allowed to be used for verification.
MinDecryptionVersion null.Int64 `json:"min_decryption_version"`
// MinEncryptionVersion if set, the minimum version of the key allowed to be used for encryption;
// or for signing keys, to be used for signing.
// If set to zero, only the latest version of the key is allowed.
MinEncryptionVersion null.Int64 `json:"min_encryption_version"`
// DeletionAllowed whether to allow deletion of the key
DeletionAllowed null.Bool `json:"deletion_allowed"`
// Exportable enables export of the key. Once set, this cannot be disabled.
Exportable null.Bool `json:"exportable"`
// AllowPlaintextBackup Enables taking a backup of the named key in plaintext format.
// Once set, this cannot be disabled.
AllowPlaintextBackup null.Bool `json:"allow_plaintext_backup"`
}
type Transit ¶
type Transit struct {
// contains filtered or unexported fields
}
func (Transit) Decrypt ¶
func (t Transit) Decrypt(ctx context.Context, key, engineName string, req BatchRequestItem) (DecryptBatchResponseItem, error)
func (Transit) Encrypt ¶
func (t Transit) Encrypt(ctx context.Context, key, engineName string, req BatchRequestItem) (EncryptBatchResponseItem, error)
func (Transit) GenerateKey ¶ added in v0.2.0
func (t Transit) GenerateKey(ctx context.Context, engineName string, req GenerateRequest) (GenerateResponse, error)
func (Transit) GenerateRandomBytes ¶ added in v0.2.0
func (Transit) Rewrap ¶ added in v0.2.0
func (t Transit) Rewrap(ctx context.Context, key, engineName string, req BatchRequestItem) (EncryptBatchResponseItem, error)
func (*Transit) Sign ¶
func (t *Transit) Sign(ctx context.Context, req *structs.SignParameters, engineName string) (*structs.SignResponse, error)
func (Transit) UpdateKeyConfiguration ¶ added in v0.2.0
func (*Transit) VerifySign ¶
func (t *Transit) VerifySign(ctx context.Context, req *structs.VerificationRequest, engineName string) (*structs.VerificationResponse, error)
Source Files
Click to show internal directories.
Click to hide internal directories.