encryption

package
v2.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 7, 2025 License: Apache-2.0 Imports: 18 Imported by: 13

Documentation

Index

Constants

View Source 
const (
	// EncryptKekName represents a kek name
	EncryptKekName = "encrypt.kek.name"
	// EncryptKmsKeyID represents a kms key ID
	EncryptKmsKeyID = "encrypt.kms.key.id"
	// EncryptKmsType represents a kms type
	EncryptKmsType = "encrypt.kms.type"
	// EncryptDekAlgorithm represents a dek algorithm
	EncryptDekAlgorithm = "encrypt.dek.algorithm"
	// EncryptDekExpiryDays represents dek expiry days
	EncryptDekExpiryDays = "encrypt.dek.expiry.days"

	// Aes128Gcm represents AES128_GCM algorithm
	Aes128Gcm = "AES128_GCM"
	// Aes256Gcm represents AES256_GCM algorithm
	Aes256Gcm = "AES256_GCM"
	// Aes256Siv represents AES256_SIV algorithm
	Aes256Siv = "AES256_SIV"

	// MillisInDay represents number of milliseconds in a day
	MillisInDay = 24 * 60 * 60 * 1000
)

Variables

This section is empty.

Functions

func NewExecutor added in v2.8.0 

func NewExecutor() serde.RuleExecutor

NewExecutor creates a new encryption rule executor

func Register 

func Register()

Register registers the encryption rule executor

func RegisterKMSDriver 

func RegisterKMSDriver(kmsDriver KMSDriver)

RegisterKMSDriver is used to register a new KMS driver.

Types

type Clock 

type Clock interface {
	NowUnixMilli() int64
}

Clock is a clock

type Cryptor 

type Cryptor struct {
	DekFormat   string
	KeyTemplate *tinkpb.KeyTemplate
}

Cryptor is a cryptor

type FieldEncryptionExecutor 

type FieldEncryptionExecutor struct {
	serde.AbstractFieldRuleExecutor
	Config map[string]string
	Client deks.Client
	Clock  Clock
}

FieldEncryptionExecutor is a field encryption executor

func NewExecutorWithClock added in v2.8.0 

func NewExecutorWithClock(c Clock) *FieldEncryptionExecutor

NewExecutorWithClock creates a new encryption rule executor with a given clock

func RegisterWithClock 

func RegisterWithClock(c Clock) *FieldEncryptionExecutor

RegisterWithClock registers the encryption rule executor with a given clock

func (*FieldEncryptionExecutor) Close 

func (f *FieldEncryptionExecutor) Close() error

Close closes the executor

func (*FieldEncryptionExecutor) Configure 

func (f *FieldEncryptionExecutor) Configure(clientConfig *schemaregistry.Config, config map[string]string) error

Configure configures the executor

func (*FieldEncryptionExecutor) NewTransform 

func (f *FieldEncryptionExecutor) NewTransform(ctx serde.RuleContext) (serde.FieldTransform, error)

NewTransform creates a new transform

func (*FieldEncryptionExecutor) Type 

func (f *FieldEncryptionExecutor) Type() string

Type returns the type of the executor

type FieldEncryptionExecutorTransform 

type FieldEncryptionExecutorTransform struct {
	Executor      FieldEncryptionExecutor
	Cryptor       Cryptor
	KekName       string
	Kek           deks.Kek
	DekExpiryDays int
}

FieldEncryptionExecutorTransform is a field encryption executor transform

func (*FieldEncryptionExecutorTransform) Transform 

func (f *FieldEncryptionExecutorTransform) Transform(ctx serde.RuleContext, fieldCtx serde.FieldContext, fieldValue interface{}) (interface{}, error)

Transform transforms the field value using the rule

type KMSDriver 

type KMSDriver interface {
	GetKeyURLPrefix() string
	NewKMSClient(config map[string]string, keyURL *string) (registry.KMSClient, error)
}

KMSDriver is a KMS driver

func GetKMSDriver 

func GetKMSDriver(keyURI string) (KMSDriver, error)

GetKMSDriver fetches a KMSDriver by a given URI.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.