awscloud

package
v0.0.0-...-f5d5260 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 4, 2019 License: MIT Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var ErrMissingEncType = newSecureS3ClientError("Object metadata missing encryptionType")

ErrMissingEncType indicates the object metadata missing encryptionType

View Source
var ErrMissingIV = newSecureS3ClientError("Object metadata missing encryptionIV")

ErrMissingIV indicates object metadata missing encryptionIv

Functions

func NewCredProvider

func NewCredProvider(accessKeyID string, secretKey string) credentials.Provider

NewCredProvider returns an implementation of aws credentials.Provider. The returned object stores the credentials in memory and does not support key rotation.

Types

type AESDecryptor

type AESDecryptor struct {
	// contains filtered or unexported fields
}

AESDecryptor is an implementation of io.Reader that takes a cipher text reader and converts it into plain text

func NewAESDecryptor

func NewAESDecryptor(encKey []byte, encIv []byte, reader io.ReadCloser) (*AESDecryptor, error)

NewAESDecryptor returns a new decryptor stream that decrypts using the given key and iv

func (*AESDecryptor) Close

func (e *AESDecryptor) Close() error

Close closes the underlying stream

func (*AESDecryptor) Read

func (e *AESDecryptor) Read(p []byte) (int, error)

Read reads cipher text and returns plain text

type AESEncryptor

type AESEncryptor struct {
	// contains filtered or unexported fields
}

AESEncryptor is an implementation of io.Reader that takes a plain text Reader and converts it into AES cipher text

func NewAESEncryptor

func NewAESEncryptor(encKey []byte, encIv []byte, reader io.Reader) (*AESEncryptor, error)

NewAESEncryptor returns a new encryptor stream that encrypts using the given key and iv

func (*AESEncryptor) Read

func (e *AESEncryptor) Read(p []byte) (int, error)

Read reads plain text and returns cipher text

type CredProvider

type CredProvider struct {
	// contains filtered or unexported fields
}

CredProvider is an implementation of aws credentials.Provider interface

func (*CredProvider) IsExpired

func (p *CredProvider) IsExpired() bool

IsExpired returns true if the credentials are expired. Always returns false

func (*CredProvider) Retrieve

func (p *CredProvider) Retrieve() (credentials.Value, error)

Retrieve returns the credentials stored

type SecureS3Client

type SecureS3Client interface {
	// Get fetches an object from S3 and decrypts it
	Get(bucket string, key string) (io.ReadCloser, error)
	// Put encrypts and stores the object in S3
	Put(bucket string, key string, body io.Reader) error
	// List lists objects with prefix
	List(bucket string, prefix string) (map[string]int64, error)
}

SecureS3Client is an interface that all implementations doing client side encryption and decryption on top of s3 must adhere to.

func NewSecureS3Client

func NewSecureS3Client(region string, credProvider credentials.Provider, aesKey []byte) SecureS3Client

NewSecureS3Client creates and returns a new SecureS3Client The returned client will do client side encryption and decryption for all objects stored / fetched from S3. Only objects previously stored using this client can be retrieved. For decryption, its the caller's responsiblility to make sure the same aes key used for encryption is supplied.

type SecureS3ClientError

type SecureS3ClientError struct {
	// contains filtered or unexported fields
}

SecureS3ClientError indicates any

error from SecureS3Client

func (*SecureS3ClientError) Error

func (c *SecureS3ClientError) Error() string

Error implements error interface

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL