cluster

package
v2.14.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 28, 2023 License: AGPL-3.0 Imports: 3 Imported by: 0

Documentation

Overview

Package cluster implements a KMS backend for in cluster key management.

The cluster backend holds a master key, and corresponding salt. Data Encryption Keys (DEK) are derived from master key and salt using HKDF.

This backend does not require a storage backend, as keys are derived on demand and not stored anywhere. For that purpose the special NoStoreURI can be used during KMS initialization.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type KMS 

type KMS struct {
	// contains filtered or unexported fields
}

KMS implements the kms.CloudKMS interface for in cluster key management.

func New 

func New(key []byte, salt []byte) (*KMS, error)

New creates a new ClusterKMS.

func (*KMS) Close added in v2.6.0 

func (c *KMS) Close()

Close is a no-op for cKMS.

func (*KMS) GetDEK 

func (c *KMS) GetDEK(_ context.Context, dekID string, dekSize int) ([]byte, error)

GetDEK derives a key from the KMS masterKey.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.