awskms

package

v0.3.1-beta-rc1 Latest Latest Go to latest Published: Jun 30, 2022 License: MIT Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

README ¶

AWS KMS Configuration

Create an asymetric key with usage as "sign and verify" in your AWS account. Note: Support for "ECC_SECG_P256K1" spec is not there yet.

Search for IAM and create a user with "Programmatic access" for Signatory to access the key resources. Save the details at the end which will be given only once on creation of the user.

AWS KMS backend

Below are the minimum configuration required.

awskms:
    driver: awskms
    config:
      user_name: sigy-tsty
      kms_key_id: as713a73-4cb5-4t66-b561-9e383bf6fyb6
      access_key_id: AKIATXBC6RIH4YZT5U6B
      secret_access_key: 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
      region: us-west-2

Configuration parameters

Name	Type	Required	Description
user_name	string	✅	IAM user name
kms_key_id	string	✅	KeyId of the key from AWS KMS to be used for signing
access_key_id	string	✅	IAM user detail
secret_access_key	string	✅	IAM user detail
region	string	✅	Region where key is created

Documentation ¶

Index ¶

type Config
type Kmsapi
type Vault
- func New(ctx context.Context, config *Config) (*Vault, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	UserName    string `yaml:"user_name" validate:"required"`
	AccessKeyID string `yaml:"access_key_id" validate:"required"`
	AccessKey   string `yaml:"secret_access_key" validate:"required"`
	Region      string `yaml:"region" validate:"required"`
}

Config contains AWS KMS backend configuration

type Kmsapi ¶

type Kmsapi interface {
	ListKeys(input *kms.ListKeysInput) (*kms.ListKeysOutput, error)
	Sign(input *kms.SignInput) (*kms.SignOutput, error)
	GetPublicKeyWithContext(aws.Context, *kms.GetPublicKeyInput, ...request.Option) (*kms.GetPublicKeyOutput, error)
}

type Vault ¶

type Vault struct {
	Kmsapi Kmsapi
	// Kmsapi kmsiface.KMSAPI
	Config Config
}

func New ¶

func New(ctx context.Context, config *Config) (*Vault, error)

New creates new AWS KMS backend

func (*Vault) GetPublicKey ¶

func (kv *Vault) GetPublicKey(ctx context.Context, keyID string) (vault.StoredKey, error)

func (*Vault) ListPublicKeys ¶

func (c *Vault) ListPublicKeys(ctx context.Context) vault.StoredKeysIterator

ListPublicKeys returns a list of keys stored under the backend

func (*Vault) Name ¶

func (c *Vault) Name() string

Name returns backend name

func (*Vault) Sign ¶

func (c *Vault) Sign(ctx context.Context, digest []byte, key vault.StoredKey) (cryptoutils.Signature, error)

Source Files ¶

View all Source files

awskms.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL