keyproviders

package

v2.0.0 Latest Latest Go to latest Published: Feb 28, 2024 License: Apache-2.0 Imports: 26 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/fmenezes/mongodb-atlas-cli

Documentation ¶

Index ¶

Variables
type AWSKeyIdentifier
- func (ki *AWSKeyIdentifier) DecryptKey(encryptedKey []byte) ([]byte, error)
- func (ki *AWSKeyIdentifier) ValidateCredentials() error
type AzureKeyIdentifier
- func (ki *AzureKeyIdentifier) DecryptKey(key []byte) ([]byte, error)
- func (ki *AzureKeyIdentifier) ValidateCredentials() error
type GCPKeyIdentifier
- func (ki *GCPKeyIdentifier) DecryptKey(key []byte) ([]byte, error)
- func (ki *GCPKeyIdentifier) ValidateCredentials() error
type KMIPEncryptedKey
type KMIPKeyIdentifier
- func (ki *KMIPKeyIdentifier) DecryptKey(encryptedKey []byte) ([]byte, error)
- func (ki *KMIPKeyIdentifier) ValidateCredentials() error
type KMIPKeyWrapMethod
type KeyProvider
type KeyStoreIdentifier
type KeyStoreProvider
type LocalKeyIdentifier
- func (ki *LocalKeyIdentifier) DecryptKey(encryptedKey []byte) ([]byte, error)
- func (ki *LocalKeyIdentifier) ValidateCredentials() error

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrAWSDecrypt = errors.New("unable to decrypt data key with AWS KMS Service")
	ErrAWSInit    = errors.New("failed to initialize AWS KMS Service")
)

View Source

var (
	ErrKMIPServerCAMissing                  = errors.New("server CA missing")
	ErrKMIPClientCertificateMissing         = errors.New("client certificate missing")
	ErrKMIPServerNamesMissing               = errors.New("server name is not provided")
	ErrKMIPPasswordMissing                  = errors.New("password is not provided")
	ErrKMIPClientCertificatePasswordMissing = errors.New("password for client certificate is not provided")
)

View Source

var ErrDataCorruptedInTransit = fmt.Errorf("decrypt: response corrupted in-transit")

View Source

var ErrLocalKeyCredentialMissing = errors.New("filename missing")

Functions ¶

This section is empty.

Types ¶

type AWSKeyIdentifier ¶

type AWSKeyIdentifier struct {
	KeyStoreIdentifier
	// Header
	Key      string
	Region   string
	Endpoint string

	// CLI
	AccessKey       string
	SecretAccessKey string
	SessionToken    string
	// contains filtered or unexported fields
}

func (*AWSKeyIdentifier) DecryptKey ¶

func (ki *AWSKeyIdentifier) DecryptKey(encryptedKey []byte) ([]byte, error)

DecryptKey attempts to decrypt the encrypted key using AWS KMS.

func (*AWSKeyIdentifier) ValidateCredentials ¶

func (ki *AWSKeyIdentifier) ValidateCredentials() error

type AzureKeyIdentifier ¶

type AzureKeyIdentifier struct {
	KeyStoreIdentifier

	// Header
	KeyName          string
	Environment      string // not used
	KeyVaultEndpoint string
	KeyVersion       string

	// CLI
	ClientID string
	TenantID string
	Secret   string
	// contains filtered or unexported fields
}

func (*AzureKeyIdentifier) DecryptKey ¶

func (ki *AzureKeyIdentifier) DecryptKey(key []byte) ([]byte, error)

func (*AzureKeyIdentifier) ValidateCredentials ¶

func (ki *AzureKeyIdentifier) ValidateCredentials() error

type GCPKeyIdentifier ¶

type GCPKeyIdentifier struct {
	KeyStoreIdentifier

	// Header
	ProjectID string
	Location  string
	KeyRing   string
	KeyName   string

	// CLI
	ServiceAccountKey string
	// contains filtered or unexported fields
}

func (*GCPKeyIdentifier) DecryptKey ¶

func (ki *GCPKeyIdentifier) DecryptKey(key []byte) ([]byte, error)

func (*GCPKeyIdentifier) ValidateCredentials ¶

func (ki *GCPKeyIdentifier) ValidateCredentials() error

type KMIPEncryptedKey ¶

type KMIPEncryptedKey struct {
	IV  []byte
	Key []byte
}

KMIPEncryptedKey encrypted LEK and tag, BSON marshaled.

type KMIPKeyIdentifier ¶

type KMIPKeyIdentifier struct {
	KeyStoreIdentifier

	// Header
	UniqueKeyID   string
	ServerNames   []string
	ServerPort    int
	KeyWrapMethod KMIPKeyWrapMethod

	// CLI
	ServerCAFileName          string
	ClientCertificateFileName string
	ClientCertificatePassword string
	Username                  string
	Password                  string
}

LocalKeyIdentifier config for the KMIP speaking server used to encrypt the Log Encryption Key (LEK).

func (*KMIPKeyIdentifier) DecryptKey ¶

func (ki *KMIPKeyIdentifier) DecryptKey(encryptedKey []byte) ([]byte, error)

DecryptKey decrypts LEK using KMIP get or decrypt methods.

func (*KMIPKeyIdentifier) ValidateCredentials ¶

func (ki *KMIPKeyIdentifier) ValidateCredentials() error

type KMIPKeyWrapMethod ¶

type KMIPKeyWrapMethod string

const (
	KMIPKeyWrapMethodGet     KMIPKeyWrapMethod = "get"
	KMIPKeyWrapMethodEncrypt KMIPKeyWrapMethod = "encrypt"
)

type KeyProvider ¶

type KeyProvider interface {
	ValidateCredentials() error
	DecryptKey(encryptedLEK []byte) ([]byte, error)
}

type KeyStoreIdentifier ¶

type KeyStoreIdentifier struct {
	Provider KeyStoreProvider
}

type KeyStoreProvider ¶

type KeyStoreProvider string

const (
	LocalKey KeyStoreProvider = "local"
	KMIP     KeyStoreProvider = "kmip"
	AWS      KeyStoreProvider = "aws"
	GCP      KeyStoreProvider = "gcp"
	Azure    KeyStoreProvider = "azure"
)

type LocalKeyIdentifier ¶

type LocalKeyIdentifier struct {
	KeyStoreIdentifier

	// Header
	HeaderFilename string

	// CLI
	Filename string
}

LocalKeyIdentifier config for the localKey used to encrypt the Log Encryption Key (LEK).

func (*LocalKeyIdentifier) DecryptKey ¶

func (ki *LocalKeyIdentifier) DecryptKey(encryptedKey []byte) ([]byte, error)

DecryptKey decrypts LEK using KMIP get or decrypt methods.

func (*LocalKeyIdentifier) ValidateCredentials ¶

func (ki *LocalKeyIdentifier) ValidateCredentials() error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL