kmsca

package

v1.0.0 Latest Latest Go to latest Published: Apr 28, 2021 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Skyscanner/kms-issuer

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type CreateKeyInput
type DeleteKeyInput
type GenerateCertificateAuthorityCertificateInput
type IssueCertificateInput
type KMSCA
- func NewKMSCA(p client.ConfigProvider, cfgs ...*aws.Config) *KMSCA
type Key

Constants ¶

View Source

const (
	// DefaultCertDuration is the default CA certificate validity duration
	DefaultCertDuration = time.Hour * 24 * 365 * 3 // 3 year
	// DefaultCertRenewalRatio is default ratio of time before the certificate
	// is expected to be renewed
	DefaultCertRenewalRatio = 2 / 3
)

Variables ¶

View Source

var (
	// ErrCodeNotFoundException The request was rejected because the specified entity or resource could not be found.
	ErrCodeNotFoundException = errors.New("notFoundException")

	// ErrUnknownKeyType The type of the of the public key is unknown.
	ErrUnknownKeyType = errors.New("unknownKeyType")
)

Functions ¶

This section is empty.

Types ¶

type CreateKeyInput ¶

type CreateKeyInput struct {
	// AliasName Specifies the alias name for the kms key. This value must begin with alias/ followed by a
	// name, such as alias/ExampleAlias.
	AliasName string
	// Description for the key
	Description string
	// CustomerMasterKeySpec determines the signing algorithms that the CMK supports.
	// Only RSA_2048 is currently supported.
	CustomerMasterKeySpec string
	// The key policy to attach to the CMK
	Policy string
	// Tags is a list of tags for the key
	Tags map[string]string
}

CreateKeyInput input for the CreateKey method

type DeleteKeyInput ¶

type DeleteKeyInput struct {
	// AliasName Specifies the alias name for the kms key. This value must begin with alias/ followed by a
	// name, such as alias/ExampleAlias.
	AliasName string
	// PendingWindowInDays. This value is optional. If you include a value, it must be between 7 and
	// 30, inclusive. If you do not include a value, it defaults to 30.
	PendingWindowInDays int
}

DeleteKeyInput input for the CreateKey method

type GenerateCertificateAuthorityCertificateInput ¶

type GenerateCertificateAuthorityCertificateInput struct {
	// KeyID is the KMS Key Id
	KeyID string
	// Subject of the CA certificate
	Subject pkix.Name
	// Duration is certificate validity duration
	Duration time.Duration
	// Rounding is used to round down the certificate NotBefore time.
	// For example, by setting the rounding period to 1h, all the certificates generated between the start
	// and in the end of an hour will be identical
	Rounding time.Duration
}

type IssueCertificateInput ¶

type IssueCertificateInput struct {
	// KeyID is the KMS Key Id
	KeyID string
	// CSR Certificate Request
	Cert *x509.Certificate
	// PublicKey
	PublicKey crypto.PublicKey
	// Parent Signing Certificate
	Parent *x509.Certificate
}

type KMSCA ¶

type KMSCA struct {
	Client kmsiface.KMSAPI
}

KMSCA KMS Certificate Authority provides the API operation methods for implementation a certificate authority on top of AWS KMS.

func NewKMSCA ¶

func NewKMSCA(p client.ConfigProvider, cfgs ...*aws.Config) *KMSCA

NewKMSCA creates a new instance of the KMSCA client with a session. If additional configuration is needed for the client instance use the optional aws.Config parameter to add your extra config.

func (*KMSCA) CreateKey ¶

func (ca *KMSCA) CreateKey(input *CreateKeyInput) (string, error)

CreateKey creates an asymetric KMS key used to sign certificates and a KMS Alias pointing at the key. The method only creates the key if the alias hasn't yet been created. Returns the KeyID string

func (*KMSCA) DeleteKey ¶

func (ca *KMSCA) DeleteKey(input *DeleteKeyInput) error

DeleteKey delete a KMS key alias and the underlying target KMS Key.

func (*KMSCA) GenerateAndSignCertificateAuthorityCertificate ¶

func (ca *KMSCA) GenerateAndSignCertificateAuthorityCertificate(input *GenerateCertificateAuthorityCertificateInput) (*x509.Certificate, error)

GenerateAndSignCertificateAuthorityCertificate returns the signed Certificate Authority Certificate

func (*KMSCA) GenerateCertificateAuthorityCertificate ¶

func (ca *KMSCA) GenerateCertificateAuthorityCertificate(input *GenerateCertificateAuthorityCertificateInput) *x509.Certificate

GenerateCertificateAuthorityCertificate returns the Certificate Authority Certificate

func (*KMSCA) SignCertificate ¶

func (ca *KMSCA) SignCertificate(input *IssueCertificateInput) (*x509.Certificate, error)

SignCertificate Signs a certificate request using KMS.

type Key ¶

type Key struct {
	// KeyID is the KMS Key Id
	KeyID string
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL