hcvault

package
v3.9.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 4, 2024 License: MPL-2.0 Imports: 16 Imported by: 4

Documentation

Index

Constants

View Source
const (
	// KeyTypeIdentifier is the string used to identify a Vault MasterKey.
	KeyTypeIdentifier = "hc_vault"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type MasterKey

type MasterKey struct {
	// VaultAddress is the address of the Vault server.
	VaultAddress string
	// EnginePath is the path to the Vault Transit Secret engine relative
	// to the VaultAddress.
	EnginePath string
	// KeyName is the name of the key in the Vault Transit engine.
	KeyName string
	// EncryptedKey contains the SOPS data key encrypted with the Vault Transit
	// key.
	EncryptedKey string
	// CreationDate of the MasterKey, used to determine if the EncryptedKey
	// needs rotation.
	CreationDate time.Time
	// contains filtered or unexported fields
}

MasterKey is a Vault Transit backend path used to Encrypt and Decrypt SOPS' data key.

func NewMasterKey

func NewMasterKey(address, enginePath, keyName string) *MasterKey

NewMasterKey creates a new MasterKey from a Vault address, Transit backend path and a key name.

func NewMasterKeyFromURI

func NewMasterKeyFromURI(uri string) (*MasterKey, error)

NewMasterKeyFromURI obtains the Vault address, Transit backend path and the key name from the full URI of the key.

func NewMasterKeysFromURIs

func NewMasterKeysFromURIs(uris string) ([]*MasterKey, error)

NewMasterKeysFromURIs creates a list of MasterKeys from a list of Vault URIs.

func (*MasterKey) Decrypt

func (key *MasterKey) Decrypt() ([]byte, error)

Decrypt decrypts the EncryptedKey field with Vault Transit and returns the result.

func (*MasterKey) Encrypt

func (key *MasterKey) Encrypt(dataKey []byte) error

Encrypt takes a SOPS data key, encrypts it with Vault Transit, and stores the result in the EncryptedKey field.

func (*MasterKey) EncryptIfNeeded

func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error

EncryptIfNeeded encrypts the provided SOPS data key, if it has not been encrypted yet.

func (*MasterKey) EncryptedDataKey

func (key *MasterKey) EncryptedDataKey() []byte

EncryptedDataKey returns the encrypted data key this master key holds.

func (*MasterKey) NeedsRotation

func (key *MasterKey) NeedsRotation() bool

NeedsRotation returns whether the data key needs to be rotated or not.

func (*MasterKey) SetEncryptedDataKey

func (key *MasterKey) SetEncryptedDataKey(enc []byte)

SetEncryptedDataKey sets the encrypted data key for this master key.

func (MasterKey) ToMap

func (key MasterKey) ToMap() map[string]interface{}

ToMap converts the MasterKey to a map for serialization purposes.

func (*MasterKey) ToString

func (key *MasterKey) ToString() string

ToString converts the key to a string representation.

func (*MasterKey) TypeToIdentifier added in v3.9.0

func (key *MasterKey) TypeToIdentifier() string

TypeToIdentifier returns the string identifier for the MasterKey type.

type Token

type Token string

Token used for authenticating towards a Vault server.

func (Token) ApplyToMasterKey

func (t Token) ApplyToMasterKey(key *MasterKey)

ApplyToMasterKey configures the token on the provided key.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL