uri

package
v2.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 10, 2023 License: AGPL-3.0 Imports: 3 Imported by: 0

Documentation

Overview

Package uri provides URIs and parsing logic for KMS and storage URIs.

The URI for a KMS is of the form:

kms://<provider>?<provider-specific-query-parameters>

The URI for a storage is of the form:

storage://<provider>/<provider-specific-query-parameters>

A URI contains all information necessary to connect to the KMS or storage.

Index

Constants

View Source
const (

	// NoStoreURI is a URI that indicates that no storage is used.
	// Should only be used with cluster KMS.
	NoStoreURI = "storage://no-store"
)

Well known endpoints for KMS services.

Variables

This section is empty.

Functions

This section is empty.

Types

type AWSConfig

type AWSConfig struct {
	// KeyName is the name of the key in AWS KMS.
	KeyName string
	// Region is the region of the key in AWS KMS.
	Region string
	// AccessKeyID is the ID of the access key used for authentication with the AWS API.
	AccessKeyID string
	// AccessKey is the secret value used for authentication with the AWS API.
	AccessKey string
}

AWSConfig is the configuration to authenticate with AWS KMS.

func DecodeAWSConfigFromURI

func DecodeAWSConfigFromURI(uri string) (AWSConfig, error)

DecodeAWSConfigFromURI decodes an AWS configuration from a URI.

func (AWSConfig) EncodeToURI

func (c AWSConfig) EncodeToURI() string

EncodeToURI returns a URI encoding the AWS configuration.

type AWSS3Config

type AWSS3Config struct {
	// Bucket is the name of the S3 storage bucket to use.
	Bucket string
	// Region is the region storage bucket is located in.
	Region string
	// AccessKeyID is the ID of the access key used for authentication with the AWS API.
	AccessKeyID string
	// AccessKey is the secret value used for authentication with the AWS API.
	AccessKey string
}

AWSS3Config is the configuration to authenticate with AWS S3 storage bucket.

func DecodeAWSS3ConfigFromURI

func DecodeAWSS3ConfigFromURI(uri string) (AWSS3Config, error)

DecodeAWSS3ConfigFromURI decodes an S3 configuration from a URI.

func (AWSS3Config) EncodeToURI

func (s AWSS3Config) EncodeToURI() string

EncodeToURI returns a URI encoding the S3 configuration.

type AzureBlobConfig

type AzureBlobConfig struct {
	// StorageAccount is the name of the storage account to use.
	StorageAccount string
	// Container is the name of the container to use.
	Container string
	// TenantID of the Azure Active Directory the Key Vault is located in.
	TenantID string
	// ClientID is the ID of the managed identity used to authenticate with the Azure API.
	ClientID string
	// ClientSecret is the secret-value/password of the managed identity used to authenticate with the Azure API.
	ClientSecret string
}

AzureBlobConfig is the configuration to authenticate with Azure Blob storage.

func DecodeAzureBlobConfigFromURI

func DecodeAzureBlobConfigFromURI(uri string) (AzureBlobConfig, error)

DecodeAzureBlobConfigFromURI decodes an Azure Blob configuration from a URI.

func (AzureBlobConfig) EncodeToURI

func (a AzureBlobConfig) EncodeToURI() string

EncodeToURI returns a URI encoding the Azure Blob configuration.

type AzureConfig

type AzureConfig struct {
	// TenantID of the Azure Active Directory the Key Vault is located in.
	TenantID string
	// ClientID is the ID of the managed identity used to authenticate with the Azure API.
	ClientID string
	// ClientSecret is the secret-value/password of the managed identity used to authenticate with the Azure API.
	ClientSecret string
	// KeyName is the name of the key in Azure Key Vault.
	KeyName string
	// VaultName is the name of the vault.
	VaultName string
	// VaultType is the type of the vault.
	// This defines whether or not the Key Vault is a managed HSM.
	VaultType VaultBaseURL
}

AzureConfig is the configuration to authenticate with Azure Key Vault.

func DecodeAzureConfigFromURI

func DecodeAzureConfigFromURI(uri string) (AzureConfig, error)

DecodeAzureConfigFromURI decodes an Azure configuration from a URI.

func (AzureConfig) EncodeToURI

func (a AzureConfig) EncodeToURI() string

EncodeToURI returns a URI encoding the Azure configuration.

type GCPConfig

type GCPConfig struct {
	// CredentialsPath is the path to a credentials file of a service account used to authorize against the GCP API.
	CredentialsPath string
	// ProjectID is the name of the GCP project the KMS is located in.
	ProjectID string
	// Location is the location of the KMS.
	Location string
	// KeyRing is the name of the keyring.
	KeyRing string
	// KeyName is the name of the key in the GCP KMS.
	KeyName string
}

GCPConfig is the configuration to authenticate with GCP KMS.

func DecodeGCPConfigFromURI

func DecodeGCPConfigFromURI(uri string) (GCPConfig, error)

DecodeGCPConfigFromURI decodes a GCP configuration from a URI.

func (GCPConfig) EncodeToURI

func (g GCPConfig) EncodeToURI() string

EncodeToURI returns a URI encoding the GCP configuration.

type GoogleCloudStorageConfig

type GoogleCloudStorageConfig struct {
	// CredentialsPath is the path to a credentials file of a service account used to authorize against the GCP API.
	CredentialsPath string
	// ProjectID is the name of the GCP project the storage bucket is located in.
	ProjectID string
	// Bucket is the name of the bucket to use.
	Bucket string
}

GoogleCloudStorageConfig is the configuration to authenticate with Google Cloud Storage.

func DecodeGoogleCloudStorageConfigFromURI

func DecodeGoogleCloudStorageConfigFromURI(uri string) (GoogleCloudStorageConfig, error)

DecodeGoogleCloudStorageConfigFromURI decodes a Google Cloud Storage configuration from a URI.

func (GoogleCloudStorageConfig) EncodeToURI

func (g GoogleCloudStorageConfig) EncodeToURI() string

EncodeToURI returns a URI encoding the Google Cloud Storage configuration.

type MasterSecret

type MasterSecret struct {
	// Key is the secret value used in HKDF to derive keys.
	Key []byte `json:"key"`
	// Salt is the salt used in HKDF to derive keys.
	Salt []byte `json:"salt"`
}

MasterSecret holds the master key and salt for deriving keys.

func DecodeMasterSecretFromURI

func DecodeMasterSecretFromURI(uri string) (MasterSecret, error)

DecodeMasterSecretFromURI decodes a master secret from a URI.

func (MasterSecret) EncodeToURI

func (m MasterSecret) EncodeToURI() string

EncodeToURI returns a URI encoding the master secret.

type VaultBaseURL

type VaultBaseURL string

VaultBaseURL is the base URL of the vault. It defines what type of key vault is used.

const (
	// DefaultCloud is the URL for the default Vault URL.
	DefaultCloud VaultBaseURL = "vault.azure.net"
	// ChinaCloud is the URL for Vaults in Azure China Cloud.
	ChinaCloud VaultBaseURL = "vault.azure.cn"
	// USGovCloud is the URL for Vaults in Azure US Government Cloud.
	USGovCloud VaultBaseURL = "vault.usgovcloudapi.net"
	// GermanCloud is the URL for Vaults in Azure German Cloud.
	GermanCloud VaultBaseURL = "vault.microsoftazure.de"
	// HSMDefaultCloud is the URL for HSM Vaults.
	HSMDefaultCloud VaultBaseURL = "managedhsm.azure.net"
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL