Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AESConfiguration ¶
type AESConfiguration struct {
// keys is a list of keys to be used for creating the AES transformer.
// Each key has to be 32 bytes long for AES-CBC and 16, 24 or 32 bytes for AES-GCM.
Keys []Key `yaml:"keys,omitempty"`
}
AESConfiguration contains the API configuration for an AES transformer.
type EncryptionConfiguration ¶
type EncryptionConfiguration struct {
Kind string `yaml:"kind,omitempty"`
APIVersion string `yaml:"apiVersion,omitempty"`
// resources is a list containing resources, and their corresponding encryption providers.
Resources []ResourceConfiguration `yaml:"resources,omitempty"`
}
EncryptionConfiguration stores the complete configuration for encryption providers.
type IdentityConfiguration ¶
type IdentityConfiguration struct{}
IdentityConfiguration is an empty struct to allow identity transformer in provider configuration.
type KMSConfiguration ¶
type KMSConfiguration struct {
// name is the name of the KMS plugin to be used.
Name string `yaml:"name"`
// cacheSize is the maximum number of secrets which are cached in memory. The default value is 1000.
// +optional
CacheSize int32 `yaml:"cache_size"`
// endpoint is the gRPC server listening address, for example "unix:///var/run/kms-provider.sock".
Endpoint string `yaml:"endpoint"`
// Timeout for gRPC calls to kms-plugin (ex. 5s). The default is 3 seconds.
// +optional
Timeout *metav1.Duration `yaml:"timeout,omitempty"`
}
KMSConfiguration contains the name, cache size and path to configuration file for a KMS based envelope transformer.
type Key ¶
type Key struct {
// name is the name of the key to be used while storing data to disk.
Name string `yaml:"name"`
// secret is the actual key, encoded in base64.
Secret string `yaml:"secret"`
}
Key contains name and secret of the provided key for a transformer.
type ProviderConfiguration ¶
type ProviderConfiguration struct {
// aesgcm is the configuration for the AES-GCM transformer.
AESGCM *AESConfiguration `yaml:"aesgcm,omitempty"`
// aescbc is the configuration for the AES-CBC transformer.
AESCBC *AESConfiguration `yaml:"aescbc,omitempty"`
// secretbox is the configuration for the Secretbox based transformer.
Secretbox *SecretboxConfiguration `yaml:"secretbox,omitempty"`
// identity is the (empty) configuration for the identity transformer.
Identity *IdentityConfiguration `yaml:"identity,omitempty"`
// kms contains the name, cache size and path to configuration file for a KMS based envelope transformer.
KMS *KMSConfiguration `yaml:"kms,omitempty"`
}
ProviderConfiguration stores the provided configuration for an encryption provider.
type ResourceConfiguration ¶
type ResourceConfiguration struct {
// resources is a list of kubernetes resources which have to be encrypted.
Resources []string `yaml:"resources,omitempty"`
// providers is a list of transformers to be used for reading and writing the resources to disk.
// eg: aesgcm, aescbc, secretbox, identity.
Providers []ProviderConfiguration `yaml:"providers,omitempty"`
}
ResourceConfiguration stores per resource configuration.
type SecretboxConfiguration ¶
type SecretboxConfiguration struct {
// keys is a list of keys to be used for creating the Secretbox transformer.
// Each key has to be 32 bytes long.
Keys []Key `yaml:"keys,omitempty"`
}
SecretboxConfiguration contains the API configuration for an Secretbox transformer.
Source Files
Click to show internal directories.
Click to hide internal directories.