Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AWSClient ¶
type AWSClient interface {
Encrypt(ctx context.Context, params *kms.EncryptInput, optFns ...func(*kms.Options)) (*kms.EncryptOutput, error)
Decrypt(ctx context.Context, params *kms.DecryptInput, optFns ...func(*kms.Options)) (*kms.DecryptOutput, error)
GenerateDataKey(ctx context.Context, params *kms.GenerateDataKeyInput, optFns ...func(*kms.Options)) (*kms.GenerateDataKeyOutput, error)
}
AWSClient is an interface that defines the set of Amazon KMS API operations required by this package.
type AWSKMS ¶
type AWSKMS struct {
// contains filtered or unexported fields
}
AWSKMS implements the KeyManagementService interface for AWS KMS using the V2 AWS SDK. Use the Builder to create a new AWSKMS.
keyManagementService, err := kms.NewBuilder(crypto, arnMap)
.WithPreferredRegion("us-west-2")
.Build()
func NewAWS ¶
func NewAWS(crypto appencryption.AEAD, preferredRegion string, arnMap map[string]string) (*AWSKMS, error)
NewAWS returns a new AWSKMS used for encrypting/decrypting keys with a master key.
Note that this function is a convenience wrapper around the Builder and is equivalent to:
keyManagementService, err := kms.NewBuilder(crypto, arnMap)
.WithPreferredRegion(region)
.Build()
For more advanced configuration, use the Builder directly.
func (*AWSKMS) DecryptKey ¶
DecryptKey decrypts the envelope and returns the decrypted key.
The preferred region is used to decrypt the key if it is set, otherwise the first region is used. If this fails, remaining regions are tried in order.
func (*AWSKMS) EncryptKey ¶
EncryptKey encrypts a byte slice in all configured regions and returns an envelope ready for storage.
func (*AWSKMS) PreferredRegion ¶
PreferredRegion returns the preferred region for the AWSKMS.
type Builder ¶
type Builder struct {
// contains filtered or unexported fields
}
Builder is used to build a new AWSKMS.
func NewBuilder ¶
func NewBuilder(crypto appencryption.AEAD, arnMap map[string]string) *Builder
NewBuilder creates a new Builder with the given crypto and ARN map. Use the With* methods to configure the Builder, then call Build to create a new AWSKMS.
func (*Builder) WithAWSConfig ¶
WithAWSConfig sets the AWS configuration for the AWSKMS when creating the clients. Default is to use the default AWS SDK configuration.
func (*Builder) WithKMSFactory ¶
func (b *Builder) WithKMSFactory(factory KMSFactory) *Builder
WithKMSFactory sets the KMS factory for the AWSKMS. Default is to use kms.NewFromConfig.
This is used for testing but is also useful for customizing the KMS client creation.
func (*Builder) WithPreferredRegion ¶
WithPreferredRegion sets the preferred region for the AWSKMS.
Required when using multiple regions.
Source Files