vault

package

v0.3.1-beta-rc1 Latest Latest Go to latest Published: Jun 30, 2022 License: MIT Imports: 25 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ecadlabs/signatory

README ¶

Google Cloud Platform

Google Cloud Platform configuration

Service account used with Signatory should have following permissions. It may be achived by using custom roles (see https://console.cloud.google.com/iam-admin/roles)

Basic permissions

cloudkms.cryptoKeyVersions.get
cloudkms.cryptoKeyVersions.list
cloudkms.cryptoKeyVersions.viewPublicKey
cloudkms.cryptoKeys.get
cloudkms.cryptoKeys.list

Sign

cloudkms.cryptoKeyVersions.useToSign

Import

cloudkms.cryptoKeyVersions.create
cloudkms.cryptoKeys.create
cloudkms.importJobs.create
cloudkms.importJobs.get
cloudkms.importJobs.list
cloudkms.importJobs.useToImport

Google Cloud KMS backend

Configuration parameters

Name	Type	Required	Description
application_credentials	string		Path to the GCP application token JSON file (overrides `GOOGLE_APPLICATION_CREDENTIALS` environment variable)
application_credentials_data	string		GCP application token JSON data (overrides `application_credentials`)
project	string	✅	Project name
location	string	✅	Location
key_ring	string	✅	Key ring name

Environment variables

cloudkms backend accepts GCP's standard GOOGLE_APPLICATION_CREDENTIALS environment variable

export GOOGLE_APPLICATION_CREDENTIALS=signatory-testing-a7fd9625aecb.json

Import options

Name	Type	Description
name	string	New key name. Otherwise will be auto generated.

Documentation ¶

Index ¶

type Config
type Vault
- func New(ctx context.Context, config *Config) (*Vault, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	ApplicationCredentialsData string `yaml:"application_credentials_data"`
	ApplicationCredentials     string `yaml:"application_credentials"`
	Project                    string `yaml:"project" validate:"required"`
	Location                   string `yaml:"location" validate:"required"`
	KeyRing                    string `yaml:"key_ring" validate:"required"`
}

Config contains Google Cloud KMS backend configuration

type Vault ¶

type Vault struct {
	// contains filtered or unexported fields
}

Vault is a Google Cloud KMS backend

func New ¶

func New(ctx context.Context, config *Config) (*Vault, error)

New creates new Google Cloud KMS backend

func (*Vault) GetPublicKey ¶

func (c *Vault) GetPublicKey(ctx context.Context, keyID string) (vault.StoredKey, error)

GetPublicKey returns a public key by given ID

func (*Vault) Import ¶

func (c *Vault) Import(ctx context.Context, pk cryptoutils.PrivateKey, opt utils.Options) (vault.StoredKey, error)

Import imports a private key

func (*Vault) ListPublicKeys ¶

func (c *Vault) ListPublicKeys(ctx context.Context) vault.StoredKeysIterator

ListPublicKeys returns a list of keys stored under the backend

func (*Vault) Name ¶

func (c *Vault) Name() string

Name returns backend name

func (*Vault) Sign ¶

func (c *Vault) Sign(ctx context.Context, digest []byte, key vault.StoredKey) (cryptoutils.Signature, error)

Sign performs signing operation

func (*Vault) VaultName ¶

func (c *Vault) VaultName() string

VaultName returns vault name

Source Files ¶

View all Source files

cloudkms.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL