kes

package
v0.0.0-...-435c516 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 8, 2023 License: AGPL-3.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ParseCertificate 

func ParseCertificate(cert []byte) (*x509.Certificate, error)

ParseCertificate parses a certificate

Types

type AdminIdentity 

type AdminIdentity struct {
	Identity Identity `yaml:"identity,omitempty" json:"identity,omitempty"`
}

AdminIdentity of KES

type AppRole 

type AppRole struct {
	EnginePath string        `yaml:"engine,omitempty" json:"engine,omitempty"`
	ID         string        `yaml:"id,omitempty" json:"id,omitempty"`
	Secret     string        `yaml:"secret,omitempty" json:"secret,omitempty"`
	Retry      time.Duration `yaml:"retry,omitempty" json:"retry,omitempty"`
}

AppRole to be used

type Aws 

type Aws struct {
	SecretsManager *AwsSecretManager `yaml:"secretsmanager,omitempty" json:"secretsmanager,omitempty"`
}

Aws kms configuration

type AwsSecretManager 

type AwsSecretManager struct {
	Endpoint string                 `yaml:"endpoint,omitempty" json:"endpoint,omitempty"`
	Region   string                 `yaml:"region,omitempty" json:"region,omitempty"`
	KmsKey   string                 `yaml:"kmskey,omitempty" json:"kmskey,omitempty"`
	Login    *AwsSecretManagerLogin `yaml:"credentials,omitempty" json:"credentials,omitempty"`
}

AwsSecretManager endpoint configuration

type AwsSecretManagerLogin 

type AwsSecretManagerLogin struct {
	AccessKey    string `yaml:"accesskey" json:"accesskey"`
	SecretKey    string `yaml:"secretkey" json:"secretkey"`
	SessionToken string `yaml:"token" json:"token"`
}

AwsSecretManagerLogin credentials

type Azure 

type Azure struct {
	KeyVault *AzureKeyVault `yaml:"keyvault,omitempty" json:"keyvault,omitempty"`
}

Azure kms config

type AzureCredentials 

type AzureCredentials struct {
	TenantID     string `yaml:"tenant_id" json:"tenant_id"`
	ClientID     string `yaml:"client_id" json:"client_id"`
	ClientSecret string `yaml:"client_secret" json:"client_secret"`
}

AzureCredentials credentials for the kms

type AzureKeyVault 

type AzureKeyVault struct {
	Endpoint    string            `yaml:"endpoint,omitempty" json:"endpoint,omitempty"`
	Credentials *AzureCredentials `yaml:"credentials,omitempty" json:"credentials,omitempty"`
}

AzureKeyVault endpoint config

type Cache 

type Cache struct {
	Expiry *Expiry `yaml:"expiry,omitempty" json:"expiry,omitempty"`
}

Cache expiry config

type CacheV2 

type CacheV2 struct {
	Expiry *ExpiryV2 `yaml:"expiry,omitempty" json:"expiry,omitempty"`
}

CacheV2 expiry config Starting 2023-04-03T16-41-28Z

type Expiry 

type Expiry struct {
	Any    time.Duration `yaml:"any,omitempty" json:"any,omitempty"`
	Unused time.Duration `yaml:"unused,omitempty" json:"unused,omitempty"`
}

Expiry expiration

type ExpiryV2 

type ExpiryV2 struct {
	Any     time.Duration `yaml:"any,omitempty" json:"any,omitempty"`
	Unused  time.Duration `yaml:"unused,omitempty" json:"unused,omitempty"`
	Offline time.Duration `yaml:"offline,omitempty" json:"offline,omitempty"`
}

ExpiryV2 expiration Starting 2023-04-03T16-41-28Z

type Fs 

type Fs struct {
	Path string `yaml:"path,omitempty" json:"path,omitempty"`
}

Fs kes fs mode

type Gcp 

type Gcp struct {
	SecretManager *GcpSecretManager `yaml:"secretmanager,omitempty" json:"secretmanager,omitempty"`
}

Gcp kms config

type GcpCredentials 

type GcpCredentials struct {
	ClientEmail  string `yaml:"client_email" json:"client_email"`
	ClientID     string `yaml:"client_id" json:"client_id"`
	PrivateKeyID string `yaml:"private_key_id" json:"private_key_id"`
	PrivateKey   string `yaml:"private_key" json:"private_key"`
}

GcpCredentials credentials struct

type GcpSecretManager 

type GcpSecretManager struct {
	ProjectID   string          `yaml:"project_id" json:"project_id"`
	Endpoint    string          `yaml:"endpoint,omitempty" json:"endpoint,omitempty"`
	Credentials *GcpCredentials `yaml:"credentials,omitempty" json:"credentials,omitempty"`
}

GcpSecretManager manager endpoint

type Gemalto 

type Gemalto struct {
	KeySecure *GemaltoKeySecure `yaml:"keysecure,omitempty" json:"keysecure,omitempty"`
}

Gemalto kms config

type GemaltoCredentials 

type GemaltoCredentials struct {
	Token  string        `yaml:"token,omitempty" json:"token,omitempty"`
	Domain string        `yaml:"domain,omitempty" json:"domain,omitempty"`
	Retry  time.Duration `yaml:"retry,omitempty" json:"retry,omitempty"`
}

GemaltoCredentials credentials

type GemaltoKeySecure 

type GemaltoKeySecure struct {
	Endpoint    string              `yaml:"endpoint,omitempty" json:"endpoint,omitempty"`
	Credentials *GemaltoCredentials `yaml:"credentials,omitempty" json:"credentials,omitempty"`
	TLS         *GemaltoTLS         `yaml:"tls,omitempty" json:"tls,omitempty"`
}

GemaltoKeySecure token

type GemaltoTLS 

type GemaltoTLS struct {
	CAPath string `yaml:"ca,omitempty"`
}

GemaltoTLS patch for CA cert

type Identity 

type Identity = kes.Identity

Identity of KES to use

type Keys 

type Keys struct {
	Fs      *Fs      `yaml:"fs,omitempty" json:"fs,omitempty"`
	Vault   *Vault   `yaml:"vault,omitempty" json:"vault,omitempty"`
	Aws     *Aws     `yaml:"aws,omitempty" json:"aws,omitempty"`
	Gemalto *Gemalto `yaml:"gemalto,omitempty" json:"gemalto,omitempty"`
	Gcp     *Gcp     `yaml:"gcp,omitempty" json:"gcp,omitempty"`
	Azure   *Azure   `yaml:"azure,omitempty" json:"azure,omitempty"`
}

Keys type of kes key

type Log 

type Log struct {
	Error string `yaml:"error,omitempty" json:"error,omitempty"`
	Audit string `yaml:"audit,omitempty" json:"audit,omitempty"`
}

Log emitted by kes

type Policy 

type Policy struct {
	Paths      []string   `yaml:"paths,omitempty" json:"paths,omitempty"`
	Identities []Identity `yaml:"identities,omitempty" json:"identities,omitempty"`
}

Policy policy identities

type PolicyV2 

type PolicyV2 struct {
	Allow      []string   `yaml:"allow,omitempty" json:"paths,omitempty"`
	Deny       []string   `yaml:"deny,omitempty" json:"deny,omitempty"`
	Identities []Identity `yaml:"identities,omitempty" json:"identities,omitempty"`
}

PolicyV2 policy identities for KES Edge after release 2023-04-03T16-41-28Z

type ServerConfigV1 

type ServerConfigV1 struct {
	Addr     string            `yaml:"address,omitempty" json:"address,omitempty"`
	Root     Identity          `yaml:"root,omitempty" json:"root,omitempty"`
	TLS      TLS               `yaml:"tls,omitempty" json:"tls,omitempty"`
	Policies map[string]Policy `yaml:"policy,omitempty" json:"policy,omitempty"`
	Cache    Cache             `yaml:"cache,omitempty" json:"cache,omitempty"`
	Log      Log               `yaml:"log,omitempty" json:"log,omitempty"`
	Keys     Keys              `yaml:"keys,omitempty" json:"keys,omitempty"`
}

ServerConfigV1 holds the kes server config

func (ServerConfigV1) Marshal 

func (c ServerConfigV1) Marshal() ([]byte, error)

Marshal ServerConfigV1

type ServerConfigV2 

type ServerConfigV2 struct {
	Admin    AdminIdentity       `yaml:"admin,omitempty" json:"admin,omitempty"`
	Addr     string              `yaml:"address,omitempty" json:"address,omitempty"`
	TLS      TLS                 `yaml:"tls,omitempty" json:"tls,omitempty"`
	Policies map[string]PolicyV2 `yaml:"policy,omitempty" json:"policy,omitempty"`
	Cache    CacheV2             `yaml:"cache,omitempty" json:"cache,omitempty"`
	Log      Log                 `yaml:"log,omitempty" json:"log,omitempty"`
	Keystore Keys                `yaml:"keystore,omitempty" json:"keystore,omitempty"`
}

ServerConfigV2 holds the kes server config Starting 2023-04-03T16-41-28Z "keys" field changed to "keystore" for Edge And Admin is required

func (ServerConfigV2) Marshal 

func (c ServerConfigV2) Marshal() ([]byte, error)

Marshal ServerConfigV2

type TLS 

type TLS struct {
	KeyPath  string    `yaml:"key,omitempty" json:"key,omitempty"`
	CertPath string    `yaml:"cert,omitempty" json:"cert,omitempty"`
	Proxy    *TLSProxy `yaml:"proxy,omitempty" json:"proxy,omitempty"`
}

TLS config

type TLSProxy 

type TLSProxy struct {
	Identities *[]Identity     `yaml:"identities,omitempty" json:"identities,omitempty"`
	Header     *TLSProxyHeader `yaml:"header,omitempty" json:"header,omitempty"`
}

TLSProxy proxy config

type TLSProxyHeader 

type TLSProxyHeader struct {
	ClientCert string `yaml:"cert,omitempty"`
}

TLSProxyHeader headers for proxy

type Vault 

type Vault struct {
	Endpoint   string       `yaml:"endpoint,omitempty" json:"endpoint,omitempty"`
	EnginePath string       `yaml:"engine,omitempty" json:"engine,omitempty"`
	Namespace  string       `yaml:"namespace,omitempty" json:"namespace,omitempty"`
	Prefix     string       `yaml:"prefix,omitempty" json:"prefix,omitempty"`
	AppRole    *AppRole     `yaml:"approle,omitempty" json:"approle,omitempty"`
	TLS        *VaultTLS    `yaml:"tls,omitempty" json:"tls,omitempty"`
	Status     *VaultStatus `yaml:"status,omitempty" json:"status,omitempty"`
}

Vault kms config

type VaultStatus 

type VaultStatus struct {
	Ping time.Duration `yaml:"ping,omitempty" json:"ping,omitempty"`
}

VaultStatus ping config

type VaultTLS 

type VaultTLS struct {
	KeyPath  string `yaml:"key,omitempty" json:"key,omitempty"`
	CertPath string `yaml:"cert,omitempty" json:"cert,omitempty"`
	CAPath   string `yaml:"ca,omitempty" json:"ca,omitempty"`
}

VaultTLS tls config

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.