gcpkms

package
v0.17.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 26, 2019 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Overview

Package gcpkms provides a secrets implementation backed by Google Cloud KMS. Use OpenKeeper to construct a *secrets.Keeper.

URLs

For secrets.OpenKeeper, gcpkms registers for the scheme "gcpkms". The default URL opener will create a connection using use default credentials from the environment, as described in https://cloud.google.com/docs/authentication/production. To customize the URL opener, or for more details on the URL format, see URLOpener. See https://github.com/cornelk/go-cloud/concepts/urls/ for background information.

As

gcpkms exposes the following type for As:

  • Error: *google.golang.org/grpc/status.Status
Example (OpenFromURL)
package main

import (
	"context"
	"log"

	"github.com/cornelk/go-cloud/secrets"
)

func main() {
	// PRAGMA: This example is used on github.com/cornelk/go-cloud; PRAGMA comments adjust how it is shown and can be ignored.
	// PRAGMA: On github.com/cornelk/go-cloud, add a blank import: _ "github.com/cornelk/go-cloud/secrets/gcpkms"
	// PRAGMA: On github.com/cornelk/go-cloud, hide lines until the next blank line.
	ctx := context.Background()

	keeper, err := secrets.OpenKeeper(ctx,
		"gcpkms://projects/MYPROJECT/"+
			"locations/MYLOCATION/"+
			"keyRings/MYKEYRING/"+
			"cryptoKeys/MYKEY")
	if err != nil {
		log.Fatal(err)
	}
	defer keeper.Close()
}
Output:

Index

Examples

Constants

View Source
const Scheme = "gcpkms"

Scheme is the URL scheme gcpkms registers its URLOpener under on secrets.DefaultMux.

Variables

View Source
var Set = wire.NewSet(
	Dial,
	wire.Struct(new(URLOpener), "Client"),
)

Set holds Wire providers for this package.

Functions

func Dial

Dial returns a client to use with Cloud KMS and a clean-up function to close the client after used.

func KeyResourceID

func KeyResourceID(projectID, location, keyRing, key string) string

KeyResourceID constructs a key resourceID for GCP KMS. See https://cloud.google.com/kms/docs/object-hierarchy#key for more details.

func OpenKeeper

func OpenKeeper(client *cloudkms.KeyManagementClient, keyResourceID string, opts *KeeperOptions) *secrets.Keeper

OpenKeeper returns a *secrets.Keeper that uses Google Cloud KMS. You can use KeyResourceID to construct keyResourceID from its parts, or provide the whole string if you have it (e.g., from the GCP console). See https://cloud.google.com/kms/docs/object-hierarchy#key for more details. See the package documentation for an example.

Example
package main

import (
	"context"
	"log"

	"github.com/cornelk/go-cloud/secrets/gcpkms"
)

func main() {
	// PRAGMA: This example is used on github.com/cornelk/go-cloud; PRAGMA comments adjust how it is shown and can be ignored.
	// PRAGMA: On github.com/cornelk/go-cloud, hide lines until the next blank line.
	ctx := context.Background()

	// Get a client to use with the KMS API.
	client, done, err := gcpkms.Dial(ctx, nil)
	if err != nil {
		log.Fatal(err)
	}
	// Close the connection when done.
	defer done()

	// You can also use gcpkms.KeyResourceID to construct this string.
	const keyID = "projects/MYPROJECT/" +
		"locations/MYLOCATION/" +
		"keyRings/MYKEYRING/" +
		"cryptoKeys/MYKEY"

	// Construct a *secrets.Keeper.
	keeper := gcpkms.OpenKeeper(client, keyID, nil)
	defer keeper.Close()
}
Output:

Types

type KeeperOptions

type KeeperOptions struct{}

KeeperOptions controls Keeper behaviors. It is provided for future extensibility.

type URLOpener

type URLOpener struct {
	// Client must be non-nil and be authenticated with "cloudkms" scope or equivalent.
	Client *cloudkms.KeyManagementClient

	// Options specifies the default options to pass to OpenKeeper.
	Options KeeperOptions
}

URLOpener opens GCP KMS URLs like "gcpkms://projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEY_RING]/cryptoKeys/[KEY]".

The URL host+path are used as the key resource ID; see https://cloud.google.com/kms/docs/object-hierarchy#key for more details.

No query parameters are supported.

func (*URLOpener) OpenKeeperURL

func (o *URLOpener) OpenKeeperURL(ctx context.Context, u *url.URL) (*secrets.Keeper, error)

OpenKeeperURL opens the GCP KMS URLs.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL