gcp

package
v2.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 27, 2023 License: AGPL-3.0 Imports: 19 Imported by: 0

Documentation

Overview

Package gcp implements a KMS backend for Google Cloud KMS.

The following permissions are required for the service account used to authenticate with GCP:

  • cloudkms.cryptoKeyVersions.create

  • cloudkms.cryptoKeyVersions.update

  • cloudkms.cryptoKeyVersions.useToDecrypt

  • cloudkms.cryptoKeyVersions.useToEncrypt

  • cloudkms.importJobs.create

  • cloudkms.importJobs.get

  • cloudkms.importJobs.useToImport

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type KMSClient 

type KMSClient struct {
	// contains filtered or unexported fields
}

KMSClient implements the CloudKMS interface for Google Cloud Platform.

func New 

func New(ctx context.Context, projectID, locationID, keyRingID string, store kmsInterface.Storage, protectionLvl kmspb.ProtectionLevel, kekID string, opts ...gax.CallOption) (*KMSClient, error)

New initializes a KMS client for Google Cloud Platform.

func (*KMSClient) CreateKEK 

func (c *KMSClient) CreateKEK(ctx context.Context, keyID string, key []byte) error

CreateKEK creates a new Key Encryption Key using Google Key Management System.

If no key material is provided, a new key is generated by Google's KMS, otherwise the key material is used to import the key.

func (*KMSClient) GetDEK 

func (c *KMSClient) GetDEK(ctx context.Context, keyID string, dekSize int) ([]byte, error)

GetDEK fetches an encrypted Data Encryption Key from storage and decrypts it using a KEK stored in Google's KMS.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.