awskms

package
v1.6.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 12, 2021 License: Apache-2.0 Imports: 14 Imported by: 14

Documentation

Overview

Package awskms provides integration with the AWS Cloud KMS.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewClient

func NewClient(uriPrefix string) (registry.KMSClient, error)

NewClient returns a new AWS KMS client which will use default credentials to handle keys with uriPrefix prefix. uriPrefix must have the following format: 'aws-kms://arn:<partition>:kms:<region>:[:path]'. See http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html.

func NewClientWithCredentials

func NewClientWithCredentials(uriPrefix string, credentialPath string) (registry.KMSClient, error)

NewClientWithCredentials returns a new AWS KMS client which will use given credentials to handle keys with uriPrefix prefix. uriPrefix must have the following format: 'aws-kms://arn:<partition>:kms:<region>:[:path]'. See http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html.

func NewClientWithKMS

func NewClientWithKMS(uriPrefix string, kms kmsiface.KMSAPI) (registry.KMSClient, error)

NewClientWithKMS returns a new AWS KMS client with user created KMS client. Client is responsible for keeping the region consistency between key URI and KMS client. uriPrefix must have the following format: 'aws-kms://arn:<partition>:kms:<region>:[:path]'. See http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html.

Types

type AWSAEAD

type AWSAEAD struct {
	// contains filtered or unexported fields
}

AWSAEAD represents a AWS KMS service to a particular URI.

func (*AWSAEAD) Decrypt

func (a *AWSAEAD) Decrypt(ciphertext, additionalData []byte) ([]byte, error)

Decrypt AEAD decrypts the data and verified the additional data.

Returns an error if the KeyId field in the response does not match the KeyURI provided when creating the client. If we don't do this, the possibility exists for the ciphertext to be replaced by one under a key we don't control/expect, but do have decrypt permissions on.

This check is disabled if AWSAEAD.keyURI is not in key ARN format.

See https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id.

func (*AWSAEAD) Encrypt

func (a *AWSAEAD) Encrypt(plaintext, additionalData []byte) ([]byte, error)

Encrypt AEAD encrypts the plaintext data and uses addtionaldata from authentication.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL