credstash

package

v0.7.0-alpha.1 Latest Latest Go to latest Published: Dec 19, 2022 License: MIT Imports: 20 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/granular-oss/terraform-provider-credstash

Documentation ¶

Index ¶

Constants
Variables
func ComputeHmac256(message, secret []byte) []byte
func Decode(data map[string]*dynamodb.AttributeValue, rawVal interface{}) error
func Decrypt(key, ciphertext []byte) ([]byte, error)
func Encrypt(key, plaintext []byte) ([]byte, error)
func GetHighestVersion(svc dynamoDB, tableName *string, name string) (string, error)
type Client
- func New(table string, sess *session.Session) *Client
type Credential
type DataKey
type DecryptedCredential
type EncryptionContextValue
- func NewEncryptionContextValue() *EncryptionContextValue

Constants ¶

View Source

const (
	DefaultKmsKey = "alias/credstash"
)

View Source

const MaxPaddingLength = 19 // Number of digits in MaxInt64

Variables ¶

View Source

var (
	ErrSecretNotFound = errors.New("Secret Not Found")

	// ErrHmacValidationFailed returned when the hmac signature validation fails
	ErrHmacValidationFailed = errors.New("Secret HMAC validation failed")
)

Functions ¶

func ComputeHmac256 ¶ added in v0.7.0

func ComputeHmac256(message, secret []byte) []byte

ComputeHmac256 compute a hmac256 signature of the supplied message and return the value hex encoded

func Decode ¶ added in v0.7.0

func Decode(data map[string]*dynamodb.AttributeValue, rawVal interface{}) error

Decode decode the supplied struct from the dynamodb result map

func Decrypt ¶ added in v0.7.0

func Decrypt(key, ciphertext []byte) ([]byte, error)

Decrypt AES encryption method which matches the pycrypto package using CTR and AES256. Note this routine seeds the counter/iv with a value of 1 then throws it away?!

func Encrypt ¶ added in v0.7.0

func Encrypt(key, plaintext []byte) ([]byte, error)

Encrypt AES encryption method which matches the pycrypto package using CTR and AES256. Note this routine seeds the counter/iv with a value of 1 then throws it away?!

func GetHighestVersion ¶ added in v0.7.0

func GetHighestVersion(svc dynamoDB, tableName *string, name string) (string, error)

GetHighestVersion look up the highest version for a given name

Types ¶

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

func New ¶

func New(table string, sess *session.Session) *Client

func (*Client) DecryptDataKey ¶ added in v0.7.0

func (c *Client) DecryptDataKey(ciphertext []byte, ctx *EncryptionContextValue) (*DataKey, error)

DecryptDataKey ask kms to decrypt the supplied data key

func (*Client) DeleteSecret ¶ added in v0.7.0

func (c *Client) DeleteSecret(tableName string, name string) error

func (*Client) GenerateRandomSecret ¶ added in v0.7.0

func (c *Client) GenerateRandomSecret(length int, useSymbols bool, charsets []interface{}, minRuleMap map[string]interface{}) (string, error)

func (*Client) GetHighestVersionSecret ¶ added in v0.7.0

func (c *Client) GetHighestVersionSecret(table string, name string, encContext *EncryptionContextValue) (*DecryptedCredential, error)

GetHighestVersionSecret retrieves latest secret from dynamodb using the name

func (*Client) GetSecret ¶

func (c *Client) GetSecret(name string, table string, paddedVersion string, ctx *EncryptionContextValue) (*DecryptedCredential, error)

func (*Client) PaddedInt ¶ added in v0.7.0

func (c *Client) PaddedInt(i int) string

PaddedInt returns an integer left-padded with zeroes to the max-int length

func (*Client) PutSecret ¶ added in v0.7.0

func (c *Client) PutSecret(tableName string, name string, value string, paddedVersion string, ctx *EncryptionContextValue) error

func (*Client) ResolveVersion ¶ added in v0.7.0

func (c *Client) ResolveVersion(tableName string, name string, version int) (string, error)

ResolveVersion converts an integer version to a string, or if a version isn't provided (0), returns "1" if the secret doesn't exist or the latest version plus one (auto-increment) if it does.

type Credential ¶ added in v0.7.0

type Credential struct {
	Name      string `dynamodbav:"name"`
	Version   string `dynamodbav:"version"`
	Key       string `dynamodbav:"key"`
	Contents  string `dynamodbav:"contents"`
	Hmac      []byte `dynamodbav:"hmac"`
	CreatedAt int64  `dynamodbav:"created_at"`
}

Credential managed credential information

type DataKey ¶ added in v0.7.0

type DataKey struct {
	CiphertextBlob []byte
	Plaintext      []byte
}

type DecryptedCredential ¶ added in v0.7.0

type DecryptedCredential struct {
	*Credential
	Secret string
}

type EncryptionContextValue ¶ added in v0.7.0

type EncryptionContextValue map[string]*string

EncryptionContextValue key value with helper methods for flag parser

func NewEncryptionContextValue ¶ added in v0.7.0

func NewEncryptionContextValue() *EncryptionContextValue

NewEncryptionContextValue create a new encryption context

func (*EncryptionContextValue) IsCumulative ¶ added in v0.7.0

func (h *EncryptionContextValue) IsCumulative() bool

IsCumulative flag this value as cumulative

func (*EncryptionContextValue) Set ¶ added in v0.7.0

func (h *EncryptionContextValue) Set(value string) error

Set converts a flag value into an encryption context key value

func (*EncryptionContextValue) String ¶ added in v0.7.0

func (h *EncryptionContextValue) String() string

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL