hcvault

package

v3.9.1 Latest Latest Go to latest Published: Oct 4, 2024 License: MPL-2.0 Imports: 16 Imported by: 4

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/getsops/sops

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type MasterKey
type Token
- func (t Token) ApplyToMasterKey(key *MasterKey)

Constants ¶

View Source

const (
	// KeyTypeIdentifier is the string used to identify a Vault MasterKey.
	KeyTypeIdentifier = "hc_vault"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type MasterKey ¶

type MasterKey struct {
	// VaultAddress is the address of the Vault server.
	VaultAddress string
	// EnginePath is the path to the Vault Transit Secret engine relative
	// to the VaultAddress.
	EnginePath string
	// KeyName is the name of the key in the Vault Transit engine.
	KeyName string
	// EncryptedKey contains the SOPS data key encrypted with the Vault Transit
	// key.
	EncryptedKey string
	// CreationDate of the MasterKey, used to determine if the EncryptedKey
	// needs rotation.
	CreationDate time.Time
	// contains filtered or unexported fields
}

MasterKey is a Vault Transit backend path used to Encrypt and Decrypt SOPS' data key.

func NewMasterKey ¶

func NewMasterKey(address, enginePath, keyName string) *MasterKey

NewMasterKey creates a new MasterKey from a Vault address, Transit backend path and a key name.

func NewMasterKeyFromURI ¶

func NewMasterKeyFromURI(uri string) (*MasterKey, error)

NewMasterKeyFromURI obtains the Vault address, Transit backend path and the key name from the full URI of the key.

func NewMasterKeysFromURIs ¶

func NewMasterKeysFromURIs(uris string) ([]*MasterKey, error)

NewMasterKeysFromURIs creates a list of MasterKeys from a list of Vault URIs.

func (*MasterKey) Decrypt ¶

func (key *MasterKey) Decrypt() ([]byte, error)

Decrypt decrypts the EncryptedKey field with Vault Transit and returns the result.

func (*MasterKey) Encrypt ¶

func (key *MasterKey) Encrypt(dataKey []byte) error

Encrypt takes a SOPS data key, encrypts it with Vault Transit, and stores the result in the EncryptedKey field.

func (*MasterKey) EncryptIfNeeded ¶

func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error

EncryptIfNeeded encrypts the provided SOPS data key, if it has not been encrypted yet.

func (*MasterKey) EncryptedDataKey ¶

func (key *MasterKey) EncryptedDataKey() []byte

EncryptedDataKey returns the encrypted data key this master key holds.

func (*MasterKey) NeedsRotation ¶

func (key *MasterKey) NeedsRotation() bool

NeedsRotation returns whether the data key needs to be rotated or not.

func (*MasterKey) SetEncryptedDataKey ¶

func (key *MasterKey) SetEncryptedDataKey(enc []byte)

SetEncryptedDataKey sets the encrypted data key for this master key.

func (MasterKey) ToMap ¶

func (key MasterKey) ToMap() map[string]interface{}

ToMap converts the MasterKey to a map for serialization purposes.

func (*MasterKey) ToString ¶

func (key *MasterKey) ToString() string

ToString converts the key to a string representation.

func (*MasterKey) TypeToIdentifier ¶ added in v3.9.0

func (key *MasterKey) TypeToIdentifier() string

TypeToIdentifier returns the string identifier for the MasterKey type.

type Token ¶

type Token string

Token used for authenticating towards a Vault server.

func (Token) ApplyToMasterKey ¶

func (t Token) ApplyToMasterKey(key *MasterKey)

ApplyToMasterKey configures the token on the provided key.

Source Files ¶

View all Source files

keysource.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL