Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RepoForPath ¶
Types ¶
type KMSClient ¶
type KMSClient interface {
Sign(ctx context.Context, in *kms.SignInput, optFns ...func(*kms.Options)) (*kms.SignOutput, error)
}
KMSClient defines the AWS API surface required by the KMSSigner.
type KMSSigner ¶
type KMSSigner struct {
ARN string
Method jwt.SigningMethod
}
KMSSigner defines a Signer compatible with the ghinstallation plugin that uses KMS to sign the JWT. KMS signing ensures that the private key is never exposed to the application.
func NewKMSSigner ¶
type KMSSigningMethod ¶
type KMSSigningMethod struct {
// contains filtered or unexported fields
}
Defines a golang-jwt compatible signing method that uses AWS KMS.
func NewSigningMethod ¶
func NewSigningMethod(client KMSClient) KMSSigningMethod
func (KMSSigningMethod) Alg ¶
func (k KMSSigningMethod) Alg() string
Alg returns the signing algorithm allowed for this method, which is "RS256".
func (KMSSigningMethod) Sign ¶
func (k KMSSigningMethod) Sign(signingString string, key any) (string, error)
Sign uses AWS KMS to sign the given string with the provided key (the string ARN of the KMS key to use). This will fail if the current AWS user does not have permission to sign the key, or if KMS cannot be reached, or if the key doesn't exist.
Source Files
Click to show internal directories.
Click to hide internal directories.