Documentation
¶
Index ¶
- func DefaultAuthorizer() autorest.Authorizer
- func EnvironmentAuthorizer() (autorest.Authorizer, error)
- func GetKeyName(keyID string) string
- func GetKeyVersion(keyID string) string
- func NewKvClient(authorizer autorest.Authorizer) (keyvault.BaseClient, error)
- type KeyVault
- func (kv *KeyVault) GetKeyByKID(ctx context.Context, keyID string) (keyvault.KeyBundle, error)
- func (kv *KeyVault) GetKeyVersionsKeys(ctx context.Context, keyID string) ([]keyvault.KeyBundle, error)
- func (kv *KeyVault) GetLatestKey(ctx context.Context, keyName string) (keyvault.KeyBundle, error)
- func (kv *KeyVault) HashAndSign(ctx context.Context, payload []byte, keyID string, ...) ([]byte, error)
- func (kv *KeyVault) Sign(ctx context.Context, payload []byte, keyID string, ...) ([]byte, error)
- func (kv *KeyVault) Verify(ctx context.Context, signature []byte, digest []byte, keyID string, ...) (bool, error)
- type KeyVaultCoseSigner
- func (kv *KeyVaultCoseSigner) Algorithm() cose.Algorithm
- func (kv *KeyVaultCoseSigner) KeyIdentifier() string
- func (kv *KeyVaultCoseSigner) KeyLocation() string
- func (kv *KeyVaultCoseSigner) PublicKey() (*ecdsa.PublicKey, error)
- func (kv *KeyVaultCoseSigner) Sign(rand io.Reader, content []byte) ([]byte, error)
- type SecretEntry
- type SecretVault
- type TestCoseSigner
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DefaultAuthorizer ¶
func DefaultAuthorizer() autorest.Authorizer
DefaultAuthorizer creates an authorizer which expects to work in cluster using an aad-podidentiy to acquire an oauth2 access token. This authorizer is used automatically if none is specified on the SecretVault
func EnvironmentAuthorizer ¶
func EnvironmentAuthorizer() (autorest.Authorizer, error)
func GetKeyVersion ¶
GetKeyVersion gets the version of the given key
func NewKvClient ¶
func NewKvClient(authorizer autorest.Authorizer) (keyvault.BaseClient, error)
NewKvClient create a keyvault.BaseClient. If auth is nil, the DefaultAuthorizer is used
Types ¶
type KeyVault ¶
type KeyVault struct {
Authorizer autorest.Authorizer // optional, nil for production
// contains filtered or unexported fields
}
KeyVault is the azure keyvault client for interacting with keyvault keys
func NewKeyVault ¶
NewKeyVault creates a new keyvault client
func (*KeyVault) GetKeyByKID ¶
GetKeyByKID gets the key by its KID
func (*KeyVault) GetKeyVersionsKeys ¶
func (kv *KeyVault) GetKeyVersionsKeys( ctx context.Context, keyID string, ) ([]keyvault.KeyBundle, error)
GetKeyVersionsKeys returns all the keys, for all the versions of the identified key.
The keys returned are the public half of the asymetric keys
func (*KeyVault) GetLatestKey ¶
func (kv *KeyVault) GetLatestKey( ctx context.Context, keyName string, ) (keyvault.KeyBundle, error)
GetLatestKey returns the latest version of the identified key
func (*KeyVault) HashAndSign ¶ added in v0.12.16
func (kv *KeyVault) HashAndSign( ctx context.Context, payload []byte, keyID string, algorithm keyvault.JSONWebKeySignatureAlgorithm, ) ([]byte, error)
Sign signs a hash of a given payload
type KeyVaultCoseSigner ¶ added in v0.13.6
type KeyVaultCoseSigner struct {
*KeyVault
// contains filtered or unexported fields
}
KeyVaultCoseSigner is the azure keyvault client for interacting with keyvault keys using a cose.Signer interface
func NewKeyVaultCoseSigner ¶ added in v0.20.0
func NewKeyVaultCoseSigner(ctx context.Context, keyName string, keyVaultURL string) (*KeyVaultCoseSigner, error)
NewKeyVaultCoseSigner creates a new keyvault configuration that signs with ES384 using the latest version of the named key.
func (*KeyVaultCoseSigner) Algorithm ¶ added in v0.13.6
func (kv *KeyVaultCoseSigner) Algorithm() cose.Algorithm
Algorithm gets the cose algorithm for the key
func (*KeyVaultCoseSigner) KeyIdentifier ¶ added in v0.13.6
func (kv *KeyVaultCoseSigner) KeyIdentifier() string
KeyIdentifier returns the essential information to identify the key, apart from any platform specific format (i.e. the Azure URL.) It takes the form: <location>:<key name>/<key version>. The location helps us identify where this key is stored. In this case, its azure key vault
func (*KeyVaultCoseSigner) KeyLocation ¶ added in v0.13.6
func (kv *KeyVaultCoseSigner) KeyLocation() string
KeyLocation returns an identifier for the place where the key is stored, used by the KeyIdentifier implementation.
type SecretEntry ¶
type SecretVault ¶
type SecretVault struct {
Name string
Authorizer autorest.Authorizer // optional, nil for production
}
func (*SecretVault) GetOrgKeyHex ¶ added in v0.15.0
func (*SecretVault) ListSecrets ¶
func (k *SecretVault) ListSecrets( ctx context.Context, prefix string, tags map[string]string, ) (map[string]SecretEntry, error)
ListSecrets whose id's match prefix and whose tags include all of the provided tags
func (*SecretVault) ReadSecret ¶
func (k *SecretVault) ReadSecret( ctx context.Context, id string, ) (*SecretEntry, error)
ReadSecret returns the identified secret metadata and value
type TestCoseSigner ¶ added in v0.13.6
type TestCoseSigner struct {
// contains filtered or unexported fields
}
TestCoseSigner implements IdentifiableCoseSigner for use with the factory setup in logconfirmer.
func NewTestCoseSigner ¶ added in v0.13.6
func NewTestCoseSigner(t *testing.T, signingKey ecdsa.PrivateKey) *TestCoseSigner
func (*TestCoseSigner) Algorithm ¶ added in v0.13.6
func (s *TestCoseSigner) Algorithm() cose.Algorithm
func (*TestCoseSigner) KeyIdentifier ¶ added in v0.13.6
func (s *TestCoseSigner) KeyIdentifier() string
func (*TestCoseSigner) KeyLocation ¶ added in v0.13.6
func (s *TestCoseSigner) KeyLocation() string
Source Files