Affected by 
Documentation
¶
Overview ¶
Package aws implements a KMS backend for AWS KMS.
Index ¶
Constants ¶
const (
// DEKContext is used as the encryption context in AWS KMS.
DEKContext = "aws:ebs:id"
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ClientAPI ¶
type ClientAPI interface {
CreateAlias(ctx context.Context, params *kms.CreateAliasInput, optFns ...func(*kms.Options)) (*kms.CreateAliasOutput, error)
CreateKey(ctx context.Context, params *kms.CreateKeyInput, optFns ...func(*kms.Options)) (*kms.CreateKeyOutput, error)
Decrypt(ctx context.Context, params *kms.DecryptInput, optFns ...func(*kms.Options)) (*kms.DecryptOutput, error)
DeleteAlias(ctx context.Context, params *kms.DeleteAliasInput, optFns ...func(*kms.Options)) (*kms.DeleteAliasOutput, error)
DescribeKey(ctx context.Context, params *kms.DescribeKeyInput, optFns ...func(*kms.Options)) (*kms.DescribeKeyOutput, error)
Encrypt(ctx context.Context, params *kms.EncryptInput, optFns ...func(*kms.Options)) (*kms.EncryptOutput, error)
GenerateDataKey(ctx context.Context, params *kms.GenerateDataKeyInput, optFns ...func(*kms.Options)) (*kms.GenerateDataKeyOutput, error)
GenerateDataKeyWithoutPlaintext(ctx context.Context, params *kms.GenerateDataKeyWithoutPlaintextInput, optFns ...func(*kms.Options)) (*kms.GenerateDataKeyWithoutPlaintextOutput, error)
GetParametersForImport(ctx context.Context, params *kms.GetParametersForImportInput, optFns ...func(*kms.Options)) (*kms.GetParametersForImportOutput, error)
ImportKeyMaterial(ctx context.Context, params *kms.ImportKeyMaterialInput, optFns ...func(*kms.Options)) (*kms.ImportKeyMaterialOutput, error)
PutKeyPolicy(ctx context.Context, params *kms.PutKeyPolicyInput, optFns ...func(*kms.Options)) (*kms.PutKeyPolicyOutput, error)
ScheduleKeyDeletion(ctx context.Context, params *kms.ScheduleKeyDeletionInput, optFns ...func(*kms.Options)) (*kms.ScheduleKeyDeletionOutput, error)
}
ClientAPI satisfies the Amazons KMS client's methods we need. This allows us to mock the actual client, see https://aws.github.io/aws-sdk-go-v2/docs/unit-testing/
type KMSClient ¶
type KMSClient struct {
// contains filtered or unexported fields
}
KMSClient implements the CloudKMS interface for AWS.
func New ¶
func New(ctx context.Context, policyProducer KeyPolicyProducer, store kmsInterface.Storage, kekID string, optFns ...func(*awsconfig.LoadOptions) error) (*KMSClient, error)
New creates and initializes a new KMSClient for AWS.
The parameter client needs to be initialized with valid AWS credentials (https://aws.github.io/aws-sdk-go-v2/docs/getting-started). If storage is nil, the default MemMapStorage is used.
func (*KMSClient) CreateKEK ¶
CreateKEK creates a new KEK with the given key material and policy. If successful, the key can be referenced by keyID in the KMS in accordance to the policy. https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html
type KeyPolicyProducer ¶
type KeyPolicyProducer interface {
// CreateKeyPolicy returns a key policy for a given key ID.
CreateKeyPolicy(keyID string) (string, error)
}
KeyPolicyProducer allows to have callbacks for generating key policies at runtime.
Source Files