Versions in this module Expand all Collapse all v0 v0.1.0 Jun 15, 2023 Changes in this version + const EncryptionKeysPath + func AesGcmDecrypt(key []byte, ciphertext []byte, iv IvGCM) (plaintext []byte, err error) + func CheckEncryptionMethodSupported(method encryptionpb.EncryptionMethod) error + func DecryptRegion(region *metapb.Region, keyManager KeyManager) error + func EncryptRegion(region *metapb.Region, keyManager KeyManager) (*metapb.Region, error) + func KeyLength(method encryptionpb.EncryptionMethod) (int, error) + func NewDataKey(method encryptionpb.EncryptionMethod, creationTime uint64) (keyID uint64, key *encryptionpb.DataKey, err error) + type Config struct + DataEncryptionMethod string + DataKeyRotationPeriod typeutil.Duration + MasterKey MasterKeyConfig + func (c *Config) Adjust() error + func (c *Config) GetMasterKeyMeta() (*encryptionpb.MasterKey, error) + func (c *Config) GetMethod() (encryptionpb.EncryptionMethod, error) + type IvCTR []byte + func NewIvCTR() (IvCTR, error) + type IvGCM []byte + func AesGcmEncrypt(key []byte, plaintext []byte) (ciphertext []byte, iv IvGCM, err error) + func NewIvGCM() (IvGCM, error) + type KeyManager interface + GetCurrentKey func() (keyID uint64, key *encryptionpb.DataKey, err error) + GetKey func(keyID uint64) (key *encryptionpb.DataKey, err error) + type Manager struct + func NewManager(etcdClient *clientv3.Client, config *Config) (*Manager, error) + func (m *Manager) GetCurrentKey() (keyID uint64, key *encryptionpb.DataKey, err error) + func (m *Manager) GetKey(keyID uint64) (*encryptionpb.DataKey, error) + func (m *Manager) SetLeadership(leadership *election.Leadership) error + func (m *Manager) StartBackgroundLoop(ctx context.Context) + type MasterKey struct + func NewCustomMasterKeyForTest(key []byte, ciphertextKey []byte) *MasterKey + func NewMasterKey(config *encryptionpb.MasterKey, ciphertextKey []byte) (*MasterKey, error) + func (k *MasterKey) CiphertextKey() []byte + func (k *MasterKey) Decrypt(ciphertext []byte, iv []byte) (plaintext []byte, err error) + func (k *MasterKey) Encrypt(plaintext []byte) (ciphertext []byte, iv []byte, err error) + func (k *MasterKey) IsPlaintext() bool + type MasterKeyConfig struct + Type string + type MasterKeyFileConfig struct + FilePath string + type MasterKeyKMSConfig struct + KmsEndpoint string + KmsKeyID string + KmsRegion string