keyprotect

package module
v0.0.0-...-714779a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 2, 2019 License: Apache-2.0 Imports: 21 Imported by: 0

README

Go API client for keyprotect

IBM Key Protect helps you provision encrypted keys for apps across IBM Cloud. As you manage the lifecycle of your keys, you can benefit from knowing that your keys are secured by cloud-based FIPS 140-2 Level 3 hardware security modules (HSMs) that protect against theft of information. You can use the Key Protect API to store, generate, and retrieve your key material. Keys within the service can protect any type of data in your symmetric key based encryption solution.

Overview

This API client was generated by the OpenAPI Generator project. By using the OpenAPI-spec from a remote server, you can easily generate an API client.

Installation

Install the following dependencies:

go get github.com/stretchr/testify/assert
go get golang.org/x/oauth2
go get golang.org/x/net/context
go get github.com/antihax/optional

Put the package under your project folder and add the following in import:

import "./keyprotect"

Documentation for API Endpoints

All URIs are relative to https://%7Bregion%7D.kms.cloud.ibm.com

Class Method HTTP request Description
ImportTokensApi GetImportToken Get /api/v2/import_token Retrieve an import token
ImportTokensApi PostImportToken Post /api/v2/import_token Create an import token
KeysApi ActionOnKey Post /api/v2/keys/{id} Invoke an action on a key
KeysApi CreateKey Post /api/v2/keys Create a new key
KeysApi DeleteKey Delete /api/v2/keys/{id} Delete a key by ID
KeysApi GetKey Get /api/v2/keys/{id} Retrieve a key by ID
KeysApi GetKeyCollectionMetadata Head /api/v2/keys Retrieve the number of keys
KeysApi GetKeys Get /api/v2/keys Retrieve a list of keys
PoliciesApi GetPolicy Get /api/v2/keys/{id}/policies Retrieve a list of policies
PoliciesApi PutPolicy Put /api/v2/keys/{id}/policies Replace an existing policy

Documentation For Models

Documentation For Authorization

BearerAuth

  • Type: API key

Example

auth := context.WithValue(context.Background(), sw.ContextAPIKey, sw.APIKey{
    Key: "APIKEY",
    Prefix: "Bearer", // Omit if not necessary.
})
r, err := client.Service.Operation(auth, args)

Author

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ContextOAuth2 takes an oauth2.TokenSource as authentication for the request.
	ContextOAuth2 = contextKey("token")

	// ContextBasicAuth takes BasicAuth as authentication for the request.
	ContextBasicAuth = contextKey("basic")

	// ContextAccessToken takes a string oauth2 access token as authentication for the request.
	ContextAccessToken = contextKey("accesstoken")

	// ContextAPIKey takes an APIKey as authentication for the request
	ContextAPIKey = contextKey("apikey")
)

Functions

func CacheExpires 

func CacheExpires(r *http.Response) time.Time

CacheExpires helper function to determine remaining time before repeating a request.

Types

type APIClient 

type APIClient struct {
	ImportTokensApi *ImportTokensApiService

	KeysApi *KeysApiService

	PoliciesApi *PoliciesApiService
	// contains filtered or unexported fields
}

APIClient manages communication with the IBM Key Protect API API v2.0.0 In most cases there should be only one, shared, APIClient.

func NewAPIClient 

func NewAPIClient(cfg *Configuration) *APIClient

NewAPIClient creates a new API client. Requires a userAgent string describing your application. optionally a custom http.Client to allow for advanced features such as caching.

func (*APIClient) ChangeBasePath 

func (c *APIClient) ChangeBasePath(path string)

ChangeBasePath changes base path to allow switching to mocks

func (*APIClient) GetConfig 

func (c *APIClient) GetConfig() *Configuration

Allow modification of underlying config for alternate implementations and testing Caution: modifying the configuration while live can cause data races and potentially unwanted behavior

type APIKey 

type APIKey struct {
	Key    string
	Prefix string
}

APIKey provides API key based authentication to a request passed via context using ContextAPIKey

type APIResponse 

type APIResponse struct {
	*http.Response `json:"-"`
	Message        string `json:"message,omitempty"`
	// Operation is the name of the OpenAPI operation.
	Operation string `json:"operation,omitempty"`
	// RequestURL is the request URL. This value is always available, even if the
	// embedded *http.Response is nil.
	RequestURL string `json:"url,omitempty"`
	// Method is the HTTP method used for the request.  This value is always
	// available, even if the embedded *http.Response is nil.
	Method string `json:"method,omitempty"`
	// Payload holds the contents of the response body (which may be nil or empty).
	// This is provided here as the raw response.Body() reader will have already
	// been drained.
	Payload []byte `json:"-"`
}

APIResponse stores the API response returned by the server.

func NewAPIResponse 

func NewAPIResponse(r *http.Response) *APIResponse

NewAPIResponse returns a new APIResonse object.

func NewAPIResponseWithError 

func NewAPIResponseWithError(errorMessage string) *APIResponse

NewAPIResponseWithError returns a new APIResponse object with the provided error message.

type ActionOnKeyOpts 

type ActionOnKeyOpts struct {
	CorrelationId optional.String
	Prefer        optional.String
}

ActionOnKeyOpts Optional parameters for the method 'ActionOnKey'

type BasicAuth 

type BasicAuth struct {
	UserName string `json:"userName,omitempty"`
	Password string `json:"password,omitempty"`
}

BasicAuth provides basic http authentication to a request passed via context using ContextBasicAuth

type CollectionMetadata 

type CollectionMetadata struct {
	// The number of elements in the resource array.
	CollectionTotal int64 `json:"collectionTotal"`
	// The type of resources in the resource array.
	CollectionType string `json:"collectionType"`
}

CollectionMetadata The metadata that describes the resource array.

type Configuration 

type Configuration struct {
	BasePath      string            `json:"basePath,omitempty"`
	Host          string            `json:"host,omitempty"`
	Scheme        string            `json:"scheme,omitempty"`
	DefaultHeader map[string]string `json:"defaultHeader,omitempty"`
	UserAgent     string            `json:"userAgent,omitempty"`
	HTTPClient    *http.Client
}

Configuration stores the configuration of the API client

func NewConfiguration 

func NewConfiguration() *Configuration

NewConfiguration returns a new Configuration object

func (*Configuration) AddDefaultHeader 

func (c *Configuration) AddDefaultHeader(key string, value string)

AddDefaultHeader adds a new HTTP header to the default header in the request

type CreateKey 

type CreateKey struct {
	Metadata CollectionMetadata `json:"metadata"`
	// An array of resources.
	Resources []Key `json:"resources"`
}

CreateKey The base schema for creating keys.

type CreateKeyOpts 

type CreateKeyOpts struct {
	CorrelationId optional.String
	Prefer        optional.String
}

CreateKeyOpts Optional parameters for the method 'CreateKey'

type CreatePolicy 

type CreatePolicy struct {
	Metadata CollectionMetadata `json:"metadata"`
	// An array of resources.
	Resources []Policy `json:"resources"`
}

CreatePolicy The base schema for creating policies.

type DeleteKey 

type DeleteKey struct {
	Metadata CollectionMetadata `json:"metadata"`
	// An array of resources.
	Resources []KeyMetadata `json:"resources"`
}

DeleteKey The base schema for deleting keys.

type DeleteKeyOpts 

type DeleteKeyOpts struct {
	CorrelationId optional.String
	Prefer        optional.String
}

DeleteKeyOpts Optional parameters for the method 'DeleteKey'

type Error 

type Error struct {
	// The conditions for an error response.
	ErrorMsg string `json:"errorMsg"`
}

Error struct for Error

type ErrorCollection 

type ErrorCollection struct {
	Metadata CollectionMetadata `json:"metadata"`
	// An array of resources.
	Resources []Error `json:"resources"`
}

ErrorCollection The base schema for error responses.

type GenericOpenAPIError 

type GenericOpenAPIError struct {
	// contains filtered or unexported fields
}

GenericOpenAPIError Provides access to the body, error and model on returned errors.

func (GenericOpenAPIError) Body 

func (e GenericOpenAPIError) Body() []byte

Body returns the raw bytes of the response

func (GenericOpenAPIError) Error 

func (e GenericOpenAPIError) Error() string

Error returns non-empty string if there was an error.

func (GenericOpenAPIError) Model 

func (e GenericOpenAPIError) Model() interface{}

Model returns the unpacked model of the error

type GetImportToken 

type GetImportToken struct {
	// The date the import token was created. The date format follows RFC 3339.
	CreationDate time.Time `json:"creationDate,omitempty"`
	// The time in seconds from the creation of an import token that determines how long its associated public key  remains valid.     The minimum value is `300` seconds (5 minutes), and the maximum value is `86400` (24 hours). The default value is `600` (10 minutes).
	Expiration float32 `json:"expiration,omitempty"`
	// The date the import token expires. The date format follows RFC 3339.
	ExpirationDate time.Time `json:"expirationDate,omitempty"`
	// The number of times that an import token can be retrieved within its expiration time before it is no longer accessible.
	MaxAllowedRetrievals float32 `json:"maxAllowedRetrievals,omitempty"`
	// The number of retrievals that are available for the import token before it is no longer accessible.
	RemainingRetrievals float32 `json:"remainingRetrievals,omitempty"`
	// The nonce value that is used to verify a key import request. Encrypt and provide the encrypted nonce value when you use `POST /keys` to securely import a key to the service.
	Nonce *os.File `json:"nonce,omitempty"`
	// The public encryption key that you can use to encrypt key material before you import it into the service.     This value is a PEM-encoded public key in PKIX format. Because PEM encoding is a binary format, the value is base64 encoded.
	Payload *os.File `json:"payload,omitempty"`
}

GetImportToken The base schema for retrieving an import token.

type GetImportTokenAllOf 

type GetImportTokenAllOf struct {
	// The nonce value that is used to verify a key import request. Encrypt and provide the encrypted nonce value when you use `POST /keys` to securely import a key to the service.
	Nonce *os.File `json:"nonce,omitempty"`
	// The public encryption key that you can use to encrypt key material before you import it into the service.     This value is a PEM-encoded public key in PKIX format. Because PEM encoding is a binary format, the value is base64 encoded.
	Payload *os.File `json:"payload,omitempty"`
}

GetImportTokenAllOf struct for GetImportTokenAllOf

type GetImportTokenOpts 

type GetImportTokenOpts struct {
	CorrelationId optional.String
}

GetImportTokenOpts Optional parameters for the method 'GetImportToken'

type GetKey 

type GetKey struct {
	Metadata CollectionMetadata `json:"metadata"`
	// An array of resources.
	Resources []Key `json:"resources"`
}

GetKey The base schema for retrieving keys.

type GetKeyCollectionMetadataOpts 

type GetKeyCollectionMetadataOpts struct {
	CorrelationId optional.String
}

GetKeyCollectionMetadataOpts Optional parameters for the method 'GetKeyCollectionMetadata'

type GetKeyOpts 

type GetKeyOpts struct {
	CorrelationId optional.String
}

GetKeyOpts Optional parameters for the method 'GetKey'

type GetKeysOpts 

type GetKeysOpts struct {
	CorrelationId optional.String
	Limit         optional.Int32
	Offset        optional.Int32
}

GetKeysOpts Optional parameters for the method 'GetKeys'

type GetPolicyOpts 

type GetPolicyOpts struct {
	CorrelationId optional.String
}

GetPolicyOpts Optional parameters for the method 'GetPolicy'

type ImportKey 

type ImportKey struct {
	Metadata CollectionMetadata `json:"metadata"`
	// An array of resources.
	Resources []Key `json:"resources"`
}

ImportKey The base schema for importing keys.

type ImportKeyWithImportToken 

type ImportKeyWithImportToken struct {
	Metadata CollectionMetadata `json:"metadata"`
	// An array of resources.
	Resources []Key `json:"resources"`
}

ImportKeyWithImportToken The base schema for importing keys with an import token.

type ImportToken 

type ImportToken struct {
	// The date the import token was created. The date format follows RFC 3339.
	CreationDate time.Time `json:"creationDate,omitempty"`
	// The time in seconds from the creation of an import token that determines how long its associated public key  remains valid.     The minimum value is `300` seconds (5 minutes), and the maximum value is `86400` (24 hours). The default value is `600` (10 minutes).
	Expiration float32 `json:"expiration,omitempty"`
	// The date the import token expires. The date format follows RFC 3339.
	ExpirationDate time.Time `json:"expirationDate,omitempty"`
	// The number of times that an import token can be retrieved within its expiration time before it is no longer accessible.
	MaxAllowedRetrievals float32 `json:"maxAllowedRetrievals,omitempty"`
	// The number of retrievals that are available for the import token before it is no longer accessible.
	RemainingRetrievals float32 `json:"remainingRetrievals,omitempty"`
}

ImportToken Properties that are associated with import tokens.

type ImportTokensApiService 

type ImportTokensApiService service

ImportTokensApiService ImportTokensApi service

func (*ImportTokensApiService) GetImportToken 

func (a *ImportTokensApiService) GetImportToken(ctx _context.Context, bluemixInstance string, localVarOptionals *GetImportTokenOpts) (GetImportToken, *_nethttp.Response, error)

GetImportToken Retrieve an import token Retrieves the import token that is associated with your service instance. When you call `GET /import_token`, Key Protect returns the public key that you can use to encrypt and import key material to the service, along with details about the key. **Note:** After you reach the `maxAllowedRetrievals` or `expirationDate` for the import token, the import token and its associated public key can no longer be used for key operations. To create a new import token, use `POST /import_token`.

  • @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
  • @param bluemixInstance The IBM Cloud instance ID that identifies your Key Protect service instance.
  • @param optional nil or *GetImportTokenOpts - Optional Parameters:
  • @param "CorrelationId" (optional.String) - The v4 UUID used to correlate and track transactions.

@return GetImportToken

func (*ImportTokensApiService) PostImportToken 

func (a *ImportTokensApiService) PostImportToken(ctx _context.Context, bluemixInstance string, body ImportToken, localVarOptionals *PostImportTokenOpts) (ImportToken, *_nethttp.Response, error)

PostImportToken Create an import token Creates an import token that you can use to encrypt and import root keys into the service. [Learn more](/docs/services/key-protect?topic=key-protect-importing-keys#using-import-tokens) When you call `POST /import_token`, Key Protect creates an RSA key-pair from its HSMs. The service encrypts and stores the private key in the HSM, and returns the corresponding public key when you call `GET /import_token`. You can create only one import token per service instance.

  • @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
  • @param bluemixInstance The IBM Cloud instance ID that identifies your Key Protect service instance.
  • @param body The base request to create an import token.
  • @param optional nil or *PostImportTokenOpts - Optional Parameters:
  • @param "CorrelationId" (optional.String) - The v4 UUID used to correlate and track transactions.

@return ImportToken

type Key 

type Key struct {
	// Up to 30 tags can be created. Tags can be between 2-30 characters, including spaces. Special characters not permitted include the angled bracket, comma, colon, ampersand, and vertical pipe character (|).    To protect your privacy, do not use personal data, such as your name or location, as a tag for your key.
	Tags []string `json:"tags,omitempty"`
	// The Cloud Resource Name (CRN) that uniquely identifies your cloud network resources.
	Crn string `json:"crn,omitempty"`
	// A text field used to provide a more detailed description of the key. The maximum length is 240 characters.    To protect your privacy, do not use personal data, such as your name or location, as a description for your  key.
	Description string `json:"description,omitempty"`
	// The date the key material expires. The date format follows RFC 3339. You can set an expiration date on any  key on its creation. If you create a key without specifying an expiration date, the key does not expire.
	ExpirationDate time.Time `json:"expirationDate,omitempty"`
	// A boolean value that determines whether the key material can leave the service.       If set to `false`, Key Protect designates the key as a nonextractable root key used for `wrap` and `unwrap` actions. If set to `true`, Key Protect designates the key as a standard key that you can store in your apps and services. Once set to `false` it cannot be changed to `true`.
	Extractable bool `json:"extractable,omitempty"`
	// The v4 UUID used to uniquely identify the resource, as specified by RFC 4122.
	Id string `json:"id,omitempty"`
	// A boolean value that shows whether your key was originally imported or generated in Key Protect. The value is set by Key Protect based on how the key material is initially added to the service.    A value of `true` indicates that you must provide new key material when it's time to rotate the key. A value  of `false` indicates that Key Protect will generate the new key material on a `rotate` operation, as it did in key creation.
	Imported bool `json:"imported,omitempty"`
	// A unique, human-readable alias to assign to your key.    To protect your privacy, do not use personal data, such as your name or location, as an alias for your key.
	Name string `json:"name"`
	// The key state based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0, Active = 1, Deactivated = 3, and Destroyed = 5 values.
	State int32 `json:"state,omitempty"`
	// Specifies the MIME type that represents the key resource. Currently, only the default is supported.
	Type string `json:"type"`
}

Key Properties that describe a key.

type KeyMetadata 

type KeyMetadata struct {
	AlgorithmMetadata KeyMetadataAlgorithmMetadata `json:"algorithmMetadata,omitempty"`
	// The algorithm type used to generate the key. Currently, AES is supported.
	AlgorithmType string `json:"algorithmType,omitempty"`
	// The unique identifier for the resource that created the key.
	CreatedBy string `json:"createdBy,omitempty"`
	// The date the key material was created. The date format follows RFC 3339.
	CreationDate time.Time `json:"creationDate,omitempty"`
	// Updates to show when the key was last rotated. The date format follows RFC 3339.
	LastRotateDate time.Time `json:"lastRotateDate,omitempty"`
	// Updates when any part of the key metadata is modified. The date format follows RFC 3339.
	LastUpdateDate time.Time `json:"lastUpdateDate,omitempty"`
	// A code indicating the reason the key is not in the activation state.
	NonactiveStateReason int32 `json:"nonactiveStateReason,omitempty"`
}

KeyMetadata Additional properties that describe a key.

type KeyMetadataAlgorithmMetadata 

type KeyMetadataAlgorithmMetadata struct {
	// The algorithm bit size used for key encryption.
	BitLength string `json:"bitLength,omitempty"`
	// The encryption scheme used to generate the key. Currently, `CBC_PAD` is supported.
	Mode string `json:"mode,omitempty"`
}

KeyMetadataAlgorithmMetadata The metadata for the key algorithm.

type KeysApiService 

type KeysApiService service

KeysApiService KeysApi service

func (*KeysApiService) ActionOnKey 

func (a *KeysApiService) ActionOnKey(ctx _context.Context, id string, action string, bluemixInstance string, body map[string]interface{}, localVarOptionals *ActionOnKeyOpts) (map[string]interface{}, *_nethttp.Response, error)

ActionOnKey Invoke an action on a key Invokes an action, such as a `wrap`, `unwrap`, or `rotate` operation, on a specified root key. **Note:** When you unwrap a wrapped data encryption key (WDEK) by using a rotated root key, the service returns a new ciphertext in the response entity-body. Each ciphertext remains available for `unwrap` actions. If you unwrap a DEK with a previous ciphertext, the service also returns the latest ciphertext in the response. Use the latest ciphertext for future unwrap operations.

  • @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
  • @param id The root key that is used as the wrapping key. It must be a v4 UUID for an active key.
  • @param action The action to perform on the specified key.
  • @param bluemixInstance The IBM Cloud instance ID that identifies your Key Protect service instance.
  • @param body The base request for key actions.
  • @param optional nil or *ActionOnKeyOpts - Optional Parameters:
  • @param "CorrelationId" (optional.String) - The v4 UUID used to correlate and track transactions.
  • @param "Prefer" (optional.String) - Alters server behavior for POST or DELETE operations. A header with `return=minimal` causes the service to return only the key identifier, or metadata. A header containing `return=representation` returns both the key material and metadata in the response entity-body. If the key has been designated as a root key, the system cannot return the key material. **Note:** During POST operations, Key Protect may not immediately return the key material due to key generation time. To retrieve the key material, you can perform a subsequent `GET /keys/{id}` request.

@return map[string]interface{}

func (*KeysApiService) CreateKey 

func (a *KeysApiService) CreateKey(ctx _context.Context, bluemixInstance string, body map[string]interface{}, localVarOptionals *CreateKeyOpts) (map[string]interface{}, *_nethttp.Response, error)

CreateKey Create a new key Creates a new key with specified key material. Key Protect designates the resource as either a root key or a standard key based on the `extractable` value that you specify. A successful `POST /keys` operation adds the key to the service and returns the details of the request in the response entity-body, if the Prefer header is set to `return=representation`.

  • @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
  • @param bluemixInstance The IBM Cloud instance ID that identifies your Key Protect service instance.
  • @param body The base request for creating a new key.
  • @param optional nil or *CreateKeyOpts - Optional Parameters:
  • @param "CorrelationId" (optional.String) - The v4 UUID used to correlate and track transactions.
  • @param "Prefer" (optional.String) - Alters server behavior for POST or DELETE operations. A header with `return=minimal` causes the service to return only the key identifier, or metadata. A header containing `return=representation` returns both the key material and metadata in the response entity-body. If the key has been designated as a root key, the system cannot return the key material. **Note:** During POST operations, Key Protect may not immediately return the key material due to key generation time. To retrieve the key material, you can perform a subsequent `GET /keys/{id}` request.

@return map[string]interface{}

func (*KeysApiService) DeleteKey 

func (a *KeysApiService) DeleteKey(ctx _context.Context, id string, bluemixInstance string, localVarOptionals *DeleteKeyOpts) (DeleteKey, *_nethttp.Response, error)

DeleteKey Delete a key by ID Deletes a key by specifying the ID of the key. **Important:** When you delete a key, you permanently shred its contents and associated data. The action cannot be reversed.

  • @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
  • @param id The v4 UUID that uniquely identifies the key.
  • @param bluemixInstance The IBM Cloud instance ID that identifies your Key Protect service instance.
  • @param optional nil or *DeleteKeyOpts - Optional Parameters:
  • @param "CorrelationId" (optional.String) - The v4 UUID used to correlate and track transactions.
  • @param "Prefer" (optional.String) - Alters server behavior for POST or DELETE operations. A header with `return=minimal` causes the service to return only the key identifier, or metadata. A header containing `return=representation` returns both the key material and metadata in the response entity-body. If the key has been designated as a root key, the system cannot return the key material. **Note:** During POST operations, Key Protect may not immediately return the key material due to key generation time. To retrieve the key material, you can perform a subsequent `GET /keys/{id}` request.

@return DeleteKey

func (*KeysApiService) GetKey 

func (a *KeysApiService) GetKey(ctx _context.Context, id string, bluemixInstance string, localVarOptionals *GetKeyOpts) (GetKey, *_nethttp.Response, error)

GetKey Retrieve a key by ID Retrieves the details of a key by specifying the ID of the key.

  • @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
  • @param id The v4 UUID that uniquely identifies the key.
  • @param bluemixInstance The IBM Cloud instance ID that identifies your Key Protect service instance.
  • @param optional nil or *GetKeyOpts - Optional Parameters:
  • @param "CorrelationId" (optional.String) - The v4 UUID used to correlate and track transactions.

@return GetKey

func (*KeysApiService) GetKeyCollectionMetadata 

func (a *KeysApiService) GetKeyCollectionMetadata(ctx _context.Context, bluemixInstance string, localVarOptionals *GetKeyCollectionMetadataOpts) (*_nethttp.Response, error)

GetKeyCollectionMetadata Retrieve the number of keys Returns the same HTTP headers as a GET request without returning the entity-body. This operation returns the number of keys in your instance in a header called `Key-Total`.

  • @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
  • @param bluemixInstance The IBM Cloud instance ID that identifies your Key Protect service instance.
  • @param optional nil or *GetKeyCollectionMetadataOpts - Optional Parameters:
  • @param "CorrelationId" (optional.String) - The v4 UUID used to correlate and track transactions.

func (*KeysApiService) GetKeys 

func (a *KeysApiService) GetKeys(ctx _context.Context, bluemixInstance string, localVarOptionals *GetKeysOpts) (ListKeys, *_nethttp.Response, error)

GetKeys Retrieve a list of keys Retrieves a list of keys that are stored in your Key Protect service instance. **Note:** `GET /keys` will not return the key material in the response body. You can retrieve the key material for a standard key with a subsequent `GET /keys/{id}` request.

  • @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
  • @param bluemixInstance The IBM Cloud instance ID that identifies your Key Protect service instance.
  • @param optional nil or *GetKeysOpts - Optional Parameters:
  • @param "CorrelationId" (optional.String) - The v4 UUID used to correlate and track transactions.
  • @param "Limit" (optional.Int32) - The number of keys to retrieve. By default, `GET /keys` returns the first 200 keys. To retrieve a different set of keys, use `limit` with `offset` to page through your available resources. The maximum value for `limit` is 5000. **Usage:** If you have 20 keys in your instance, and you want to retrieve only the first 5 keys, use `../keys?limit=5`.
  • @param "Offset" (optional.Int32) - The number of keys to skip. By specifying `offset`, you retrieve a subset of keys that starts with the `offset` value. Use `offset` with `limit` to page through your available resources. **Usage:** If you have 100 keys in your instance, and you want to retrieve keys 26 through 50, use `../keys?offset=25&limit=25`.

@return ListKeys

type ListKeys 

type ListKeys struct {
	Metadata CollectionMetadata `json:"metadata"`
	// An array of resources.
	Resources []Key `json:"resources"`
}

ListKeys The base schema for listing keys.

type PoliciesApiService 

type PoliciesApiService service

PoliciesApiService PoliciesApi service

func (*PoliciesApiService) GetPolicy 

func (a *PoliciesApiService) GetPolicy(ctx _context.Context, id string, bluemixInstance string, localVarOptionals *GetPolicyOpts) (CreatePolicy, *_nethttp.Response, error)

GetPolicy Retrieve a list of policies Retrieves a list of policies that are associated with a specified key.

  • @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
  • @param id The v4 UUID that uniquely identifies the key.
  • @param bluemixInstance The IBM Cloud instance ID that identifies your Key Protect service instance.
  • @param optional nil or *GetPolicyOpts - Optional Parameters:
  • @param "CorrelationId" (optional.String) - The v4 UUID used to correlate and track transactions.

@return CreatePolicy

func (*PoliciesApiService) PutPolicy 

func (a *PoliciesApiService) PutPolicy(ctx _context.Context, id string, bluemixInstance string, body CreatePolicy, localVarOptionals *PutPolicyOpts) (CreatePolicy, *_nethttp.Response, error)

PutPolicy Replace an existing policy Replaces the policy that is associated with a specified key

  • @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
  • @param id The v4 UUID that uniquely identifies the key.
  • @param bluemixInstance The IBM Cloud instance ID that identifies your Key Protect service instance.
  • @param body The base request for creating a new policies resource.
  • @param optional nil or *PutPolicyOpts - Optional Parameters:
  • @param "CorrelationId" (optional.String) - The v4 UUID used to correlate and track transactions.

@return CreatePolicy

type Policy 

type Policy struct {
	// The unique identifier for the resource that created the policy.
	CreatedBy string `json:"createdBy,omitempty"`
	// The date the policy was created. The date format follows RFC 3339.
	CreationDate time.Time `json:"creationDate,omitempty"`
	// The Cloud Resource Name (CRN) that uniquely identifies your cloud network resources.
	Crn string `json:"crn,omitempty"`
	// Updates when the policy is replaced or modified. The date format follows RFC 3339.
	LastUpdateDate time.Time      `json:"lastUpdateDate,omitempty"`
	Rotation       PolicyRotation `json:"rotation"`
	// Specifies the MIME type that represents the policy resource. Currently, only the default is supported.
	Type string `json:"type"`
	// The unique identifier for the resource that updated the policy.
	UpdatedBy string `json:"updatedBy,omitempty"`
}

Policy Properties that are associated with policies.

type PolicyRotation 

type PolicyRotation struct {
	// Specifies the key rotation time interval in months
	IntervalMonth int32 `json:"interval_month,omitempty"`
}

PolicyRotation Specifies the key rotation time interval in months, with a minimum of 1, and a maximum of 12.

type PostImportTokenOpts 

type PostImportTokenOpts struct {
	CorrelationId optional.String
}

PostImportTokenOpts Optional parameters for the method 'PostImportToken'

type PutPolicyOpts 

type PutPolicyOpts struct {
	CorrelationId optional.String
}

PutPolicyOpts Optional parameters for the method 'PutPolicy'

type RotateKey 

type RotateKey struct {
	// The key material that you want to import into the service for rotating an existing root key. This value is  required for a `rotate` action if you initially imported the key material when you created the key.     To rotate an imported root key, provide a base64 encoded payload in the request entity-body. To rotate a root key that was initially generated by Key Protect, omit the `payload` property and pass in an empty request entity-body.
	Payload string `json:"payload,omitempty"`
}

RotateKey Properties that are associated with wrap actions.

type SecureImport 

type SecureImport struct {
	// The encrypted nonce value that protects a key import request against replay attacks. This value must be encrypted by using the encrypted `payload` value that represents the key that you want to import into the service.    To retrieve a nonce value, use `GET /import_token`. Then, encrypt the value by using an AES-GCM encryption  method that is compatible with your environment.
	EncryptedNonce *os.File `json:"encryptedNonce"`
	// The RSA encryption algorithm that is used to encrypt the key material that you want to import into the  service. Currently, `RSAES_OAEP_SHA_256` is supported.
	EncryptionAlgorithm string `json:"encryptionAlgorithm"`
	// The initialization vector (IV) that is generated by the AES-GCM algorithm when you encrypt a nonce. The IV  value is required to decrypt the encrypted nonce value that you provide when you make a key import request  to the service.    To generate an IV, encrypt the `nonce` value by using an AES-GCM encryption method that is compatible with your environment. Then, supply the generated IV value when you import a key to the service.
	Iv *os.File `json:"iv"`
	// The encrypted key material that you want to store and manage in the service. The value must be base64 encoded.    First, retrieve the public key that is associated with your service instance by calling `GET /import_token`.  Then, use the public key to run RSA encryption on the key material that you want to import to the service.
	Payload *os.File `json:"payload"`
}

SecureImport Additional properties that are associated with importing a key with an import token.

type UnwrapKey 

type UnwrapKey struct {
	// The additional authentication data (AAD) used to further secure the key.     If you supply AAD when you make a `wrap` call, you must specify the same AAD during a subsequent `unwrap` call.
	Aad []string `json:"aad,omitempty"`
	// The wrapped data encryption key (DEK) used in wrap actions when the query parameter is set to `unwrap`. The system requires a base64 encoded ciphertext and returns a base64 encoded plaintext in the response entity-body when you perform an `unwrap` action on a key.       **Note:** When you unwrap a wrapped data encryption key (WDEK) by using a rotated root key, the service returns a new ciphertext in the response entity-body. Each ciphertext remains available for `unwrap` actions.  If you unwrap a DEK with a previous ciphertext, the service also returns the latest ciphertext in the response.  Use the latest ciphertext for future unwrap operations.
	Ciphertext string `json:"ciphertext"`
	// The original data encryption key (DEK) that was used in wrap action. The value is base64 encoded.
	Plaintext string `json:"plaintext,omitempty"`
}

UnwrapKey Properties that are associated with unwrap actions.

type WrapKey 

type WrapKey struct {
	// The additional authentication data (AAD) used to further secure the key.     If you supply AAD when you make a `wrap` call, you must specify the same AAD during a subsequent `unwrap` call.
	Aad []string `json:"aad,omitempty"`
	// The wrapped data encryption key (DEK) that you can export to your app or service. The value is base64 encoded.
	Ciphertext string `json:"ciphertext,omitempty"`
	// The data encryption key (DEK) used in wrap actions when the query parameter is set to `wrap`. The system returns a base64 encoded plaintext in the response entity-body when you perform an `unwrap` action on a key.     To wrap an existing DEK, provide a base64 encoded plaintext during a `wrap` action. To generate a new DEK, omit the `plaintext` property. Key Protect generates a random plaintext (32 bytes) that is rooted in an HSM and then wraps that value.
	Plaintext string `json:"plaintext"`
}

WrapKey Properties that are associated with wrap actions.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.