gcpkms

package

v1.7.0 Latest Latest Go to latest Published: Aug 10, 2022 License: Apache-2.0 Imports: 14 Imported by: 20

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/google/tink

Links

Open Source Insights

Documentation ¶

Overview ¶

Package gcpkms provides integration with the GCP Cloud KMS. Tink APIs work with GCP and AWS KMS.

Example ¶

package main

import (
	"log"

	"github.com/google/tink/go/aead"
	"github.com/google/tink/go/core/registry"
	"github.com/google/tink/go/integration/gcpkms"
	"github.com/google/tink/go/keyset"
)

func main() {
	const keyURI = "gcp-kms://......"

	gcpclient, err := gcpkms.NewClientWithCredentials(keyURI, "/mysecurestorage/credentials.json")
	if err != nil {
		log.Fatal(err)
	}
	registry.RegisterKMSClient(gcpclient)

	dek := aead.AES128CTRHMACSHA256KeyTemplate()
	kh, err := keyset.NewHandle(aead.KMSEnvelopeAEADKeyTemplate(keyURI, dek))
	if err != nil {
		log.Fatal(err)
	}
	a, err := aead.New(kh)
	if err != nil {
		log.Fatal(err)
	}

	ct, err := a.Encrypt([]byte("this data needs to be encrypted"), []byte("this data needs to be authenticated, but not encrypted"))
	if err != nil {
		log.Fatal(err)
	}

	_, err = a.Decrypt(ct, []byte("this data needs to be authenticated, but not encrypted"))
	if err != nil {
		log.Fatal(err)
	}
}

Output:

Index ¶

func NewClient(uriPrefix string) (registry.KMSClient, error)deprecated
func NewClientWithConfig(uriPrefix string, config *ClientConfig) (registry.KMSClient, error)deprecated
func NewClientWithCredentials(uriPrefix string, credentialPath string) (registry.KMSClient, error)deprecated
func NewClientWithOptions(ctx context.Context, uriPrefix string, opts ...option.ClientOption) (registry.KMSClient, error)
type ClientConfigdeprecated

Examples ¶

Package

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewClient deprecated

func NewClient(uriPrefix string) (registry.KMSClient, error)

NewClient returns a new GCP KMS client which will use default credentials to handle keys with uriPrefix prefix. uriPrefix must have the following format: 'gcp-kms://[:path]'.

Deprecated: Use NewClientWithOptions instead.

func NewClientWithConfig deprecated added in v1.7.0

func NewClientWithConfig(uriPrefix string, config *ClientConfig) (registry.KMSClient, error)

NewClientWithConfig returns a new GCP KMS client using the provided ClientConfig. It will use default credentials to handle keys with uriPrefix prefix. uriPrefix must have the following format: 'gcp-kms://[:path]'.

Deprecated: Use NewClientWithOptions instead. To provide a custom HTTP client, use option.WithHTTPClient.

func NewClientWithCredentials deprecated

func NewClientWithCredentials(uriPrefix string, credentialPath string) (registry.KMSClient, error)

NewClientWithCredentials returns a new GCP KMS client which will use given credentials to handle keys with uriPrefix prefix. uriPrefix must have the following format: 'gcp-kms://[:path]'.

Deprecated: Use NewClientWithOptions instead. To provide a credential file, use option.WithCredentialsFile.

func NewClientWithOptions ¶ added in v1.7.0

func NewClientWithOptions(ctx context.Context, uriPrefix string, opts ...option.ClientOption) (registry.KMSClient, error)

NewClientWithOptions returns a new GCP KMS client with provided Google API options to handle keys with uriPrefix prefix. uriPrefix must have the following format: 'gcp-kms://[:path]'.

Types ¶

type ClientConfig deprecated added in v1.7.0

type ClientConfig struct {
	// HTTP transport for use with the GCP KMS client.
	// If it is nil, default config will be used.
	HTTPTransport *http.Transport
}

ClientConfig defines the configuration that can be provided to configure a GCP KMS client.

Deprecated: Use NewClientWithOptions instead to provide client options.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL