Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type KMSAPI ¶
type KMSAPI interface {
GenerateDataKey(*kms.GenerateDataKeyInput) (*kms.GenerateDataKeyOutput, error)
Decrypt(*kms.DecryptInput) (*kms.DecryptOutput, error)
}
KMSAPI is a sub-set of the capabilities of the KMS client.
type KMSEncryptor ¶
type KMSEncryptor struct {
KMS KMSAPI
}
An Envelope encrypts and decrypts secrets with single-use KMS data keys using AES-256-GCM.
func (*KMSEncryptor) Decrypt ¶
Open takes the output of Seal and decrypts it. If any part of the ciphertext or context is modified, Seal will return an error instead of the decrypted data.
func (*KMSEncryptor) Encrypt ¶
func (e *KMSEncryptor) Encrypt(keyID string, ctx map[string]string, plaintext []byte) ([]byte, error)
Seal generates a 256-bit data key using KMS and encrypts the given plaintext with AES-256-GCM using a random nonce. The ciphertext is appended to the nonce, which is in turn appended to the KMS data key ciphertext and returned.
type MockKMSAPI ¶
func (*MockKMSAPI) Decrypt ¶
func (_m *MockKMSAPI) Decrypt(_a0 *kms.DecryptInput) (*kms.DecryptOutput, error)
Decrypt provides a mock function with given fields: _a0
func (*MockKMSAPI) GenerateDataKey ¶
func (_m *MockKMSAPI) GenerateDataKey(_a0 *kms.GenerateDataKeyInput) (*kms.GenerateDataKeyOutput, error)
GenerateDataKey provides a mock function with given fields: _a0
Source Files
Click to show internal directories.
Click to hide internal directories.