Documentation
¶
Overview ¶
Package kms provides Key Management Services support
Index ¶
- Variables
- func RegisterSecretProvider(scheme string, encryptedStatus sdkkms.SecretStatus, ...)
- type BaseSecret
- func (s *BaseSecret) GetAdditionalData() string
- func (s *BaseSecret) GetKey() string
- func (s *BaseSecret) GetMode() int
- func (s *BaseSecret) GetPayload() string
- func (s *BaseSecret) GetStatus() sdkkms.SecretStatus
- func (s *BaseSecret) SetAdditionalData(value string)
- func (s *BaseSecret) SetKey(value string)
- func (s *BaseSecret) SetStatus(value sdkkms.SecretStatus)
- type Configuration
- type Secret
- func (s *Secret) Clone() *Secret
- func (s *Secret) Decrypt() error
- func (s *Secret) Encrypt() error
- func (s *Secret) GetAdditionalData() string
- func (s *Secret) GetKey() string
- func (s *Secret) GetMode() int
- func (s *Secret) GetPayload() string
- func (s *Secret) GetStatus() sdkkms.SecretStatus
- func (s *Secret) Hide()
- func (s *Secret) IsEmpty() bool
- func (s *Secret) IsEncrypted() bool
- func (s *Secret) IsEqual(other *Secret) bool
- func (s *Secret) IsNotPlainAndNotEmpty() bool
- func (s *Secret) IsPlain() bool
- func (s *Secret) IsRedacted() bool
- func (s *Secret) IsValid() bool
- func (s *Secret) IsValidInput() bool
- func (s *Secret) MarshalJSON() ([]byte, error)
- func (s *Secret) SetAdditionalData(value string)
- func (s *Secret) SetKey(value string)
- func (s *Secret) SetStatus(value sdkkms.SecretStatus)
- func (s *Secret) TryDecrypt() error
- func (s *Secret) UnmarshalJSON(data []byte) error
- type SecretProvider
- type Secrets
Constants ¶
This section is empty.
Variables ¶
var ( // ErrWrongSecretStatus defines the error to return if the secret status is not appropriate // for the request operation ErrWrongSecretStatus = errors.New("wrong secret status") // ErrInvalidSecret defines the error to return if a secret is not valid ErrInvalidSecret = errors.New("invalid secret") )
Functions ¶
func RegisterSecretProvider ¶
func RegisterSecretProvider(scheme string, encryptedStatus sdkkms.SecretStatus, fn func(base BaseSecret, url, masterKey string) SecretProvider, )
RegisterSecretProvider register a new secret provider
Types ¶
type BaseSecret ¶
type BaseSecret struct {
Status sdkkms.SecretStatus `json:"status,omitempty"`
Payload string `json:"payload,omitempty"`
Key string `json:"key,omitempty"`
AdditionalData string `json:"additional_data,omitempty"`
// 1 means encrypted using a master key
Mode int `json:"mode,omitempty"`
}
BaseSecret defines the base struct shared among all the secret providers
func (*BaseSecret) GetAdditionalData ¶
func (s *BaseSecret) GetAdditionalData() string
GetAdditionalData returns the secret's additional data
func (*BaseSecret) GetPayload ¶
func (s *BaseSecret) GetPayload() string
GetPayload returns the secret's payload
func (*BaseSecret) GetStatus ¶
func (s *BaseSecret) GetStatus() sdkkms.SecretStatus
GetStatus returns the secret's status
func (*BaseSecret) SetAdditionalData ¶
func (s *BaseSecret) SetAdditionalData(value string)
SetAdditionalData sets the secret's additional data
func (*BaseSecret) SetStatus ¶
func (s *BaseSecret) SetStatus(value sdkkms.SecretStatus)
SetStatus sets the secret's status
type Configuration ¶
type Configuration struct {
Secrets Secrets `json:"secrets" mapstructure:"secrets"`
}
Configuration defines the KMS configuration
func (*Configuration) Initialize ¶
func (c *Configuration) Initialize() error
Initialize configures the KMS support
type Secret ¶
Secret defines the struct used to store confidential data
func NewPlainSecret ¶
NewPlainSecret stores the give payload in a plain text secret
func NewSecret ¶
func NewSecret(status sdkkms.SecretStatus, payload, key, data string) *Secret
NewSecret builds a new Secret using the provided arguments
func (*Secret) GetAdditionalData ¶
GetAdditionalData returns the secret additional data
func (*Secret) GetPayload ¶
GetPayload returns the secret payload
func (*Secret) GetStatus ¶
func (s *Secret) GetStatus() sdkkms.SecretStatus
GetStatus returns the secret status
func (*Secret) IsEncrypted ¶
IsEncrypted returns true if the secret is encrypted This isn't a pointer receiver because we don't want to pass a pointer to html template
func (*Secret) IsNotPlainAndNotEmpty ¶
IsNotPlainAndNotEmpty returns true if the secret is not plain and not empty. This is an utility method, we update the secret for an existing user if it is empty or plain
func (*Secret) IsRedacted ¶
IsRedacted returns true if the secret is redacted
func (*Secret) IsValidInput ¶
IsValidInput returns true if the secret is a valid user input
func (*Secret) MarshalJSON ¶
MarshalJSON return the JSON encoding of the Secret object
func (*Secret) SetAdditionalData ¶
SetAdditionalData sets the given additional data
func (*Secret) SetStatus ¶
func (s *Secret) SetStatus(value sdkkms.SecretStatus)
SetStatus sets the status for this secret
func (*Secret) TryDecrypt ¶
TryDecrypt decrypts a Secret object if encrypted. It returns a nil error if the object is not encrypted
func (*Secret) UnmarshalJSON ¶
UnmarshalJSON parses the JSON-encoded data and stores the result in the Secret object
type SecretProvider ¶
type SecretProvider interface {
Name() string
Encrypt() error
Decrypt() error
IsEncrypted() bool
GetStatus() sdkkms.SecretStatus
GetPayload() string
GetKey() string
GetAdditionalData() string
GetMode() int
SetKey(string)
SetAdditionalData(string)
SetStatus(sdkkms.SecretStatus)
Clone() SecretProvider
}
SecretProvider defines the interface for a KMS secrets provider
func NewLocalSecret ¶
func NewLocalSecret(base BaseSecret, url, masterKey string) SecretProvider
NewLocalSecret returns a SecretProvider that use a locally provided symmetric key
type Secrets ¶
type Secrets struct {
URL string `json:"url" mapstructure:"url"`
MasterKeyPath string `json:"master_key_path" mapstructure:"master_key_path"`
MasterKeyString string `json:"master_key" mapstructure:"master_key"`
// contains filtered or unexported fields
}
Secrets define the KMS configuration for encryption/decryption
Source Files