awskms

package module

v2.0.10 Latest Latest Go to latest Published: Dec 4, 2024 License: MPL-2.0 Imports: 16 Imported by: 10

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/hashicorp/go-kms-wrapping

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func WithAccessKey(with string) wrapping.Option
func WithDisallowEnvVars(with bool) wrapping.Option
func WithEndpoint(with string) wrapping.Option
func WithKeyNotRequired(with bool) wrapping.Option
func WithLogger(with hclog.Logger) wrapping.Option
func WithRegion(with string) wrapping.Option
func WithRoleArn(with string) wrapping.Option
func WithRoleSessionName(with string) wrapping.Option
func WithSecretKey(with string) wrapping.Option
func WithSessionToken(with string) wrapping.Option
func WithSharedCredsFilename(with string) wrapping.Option
func WithSharedCredsProfile(with string) wrapping.Option
func WithWebIdentityTokenFile(with string) wrapping.Option
type OptionFunc
type Wrapper
- func NewAwsKmsTestWrapper() *Wrapper
- func NewWrapper() *Wrapper

Constants ¶

View Source

const (
	EnvAwsKmsWrapperKeyId   = "AWSKMS_WRAPPER_KEY_ID"
	EnvVaultAwsKmsSealKeyId = "VAULT_AWSKMS_SEAL_KEY_ID"
)

These constants contain the accepted env vars; the Vault one is for backwards compat

View Source

const (
	// AwsKmsEncrypt is used to directly encrypt the data with KMS
	AwsKmsEncrypt = iota
	// AwsKmsEnvelopeAesGcmEncrypt is when a data encryption key is generated and
	// the data is encrypted with AES-GCM and the key is encrypted with KMS
	AwsKmsEnvelopeAesGcmEncrypt
)

Variables ¶

This section is empty.

Functions ¶

func WithAccessKey ¶

func WithAccessKey(with string) wrapping.Option

WithAccessKey provides a way to chose the access key

func WithDisallowEnvVars ¶

func WithDisallowEnvVars(with bool) wrapping.Option

WithDisallowEnvVars provides a way to disable using env vars

func WithEndpoint ¶

func WithEndpoint(with string) wrapping.Option

WithEndpoint provides a way to chose the endpoint

func WithKeyNotRequired ¶

func WithKeyNotRequired(with bool) wrapping.Option

WithKeyNotRequired provides a way to not require a key at config time

func WithLogger ¶

func WithLogger(with hclog.Logger) wrapping.Option

WithLogger provides a way to pass in a logger

func WithRegion ¶

func WithRegion(with string) wrapping.Option

WithRegion provides a way to chose the region

func WithRoleArn ¶

func WithRoleArn(with string) wrapping.Option

WithRoleArn provides a way to chose the role ARN

func WithRoleSessionName ¶

func WithRoleSessionName(with string) wrapping.Option

WithRoleSessionName provides a way to chose the role session name

func WithSecretKey ¶

func WithSecretKey(with string) wrapping.Option

WithSecretKey provides a way to chose the secret key

func WithSessionToken ¶

func WithSessionToken(with string) wrapping.Option

WithSessionToken provides a way to chose the session token

func WithSharedCredsFilename ¶

func WithSharedCredsFilename(with string) wrapping.Option

WithSharedCredsFilename provides a way to chose the shared creds filename

func WithSharedCredsProfile ¶

func WithSharedCredsProfile(with string) wrapping.Option

WithSharedCredsProfile provides a way to chose the shared creds profile

func WithWebIdentityTokenFile ¶

func WithWebIdentityTokenFile(with string) wrapping.Option

WithWebIdentityTokenFile provides a way to chose the web identity token file

Types ¶

type OptionFunc ¶

type OptionFunc func(*options) error

OptionFunc holds a function with local options

type Wrapper ¶

type Wrapper struct {
	// contains filtered or unexported fields
}

Wrapper represents credentials and Key information for the KMS Key used to encryption and decryption

func NewAwsKmsTestWrapper ¶

func NewAwsKmsTestWrapper() *Wrapper

func NewWrapper ¶

func NewWrapper() *Wrapper

NewWrapper creates a new AwsKms wrapper with the provided options

func (*Wrapper) Client ¶

func (k *Wrapper) Client() kmsiface.KMSAPI

Client returns the AWS KMS client used by the wrapper.

func (*Wrapper) Decrypt ¶

func (k *Wrapper) Decrypt(_ context.Context, in *wrapping.BlobInfo, opt ...wrapping.Option) ([]byte, error)

Decrypt is used to decrypt the ciphertext. This should be called after Init.

func (*Wrapper) Encrypt ¶

func (k *Wrapper) Encrypt(_ context.Context, plaintext []byte, opt ...wrapping.Option) (*wrapping.BlobInfo, error)

Encrypt is used to encrypt the master key using the the AWS CMK. This returns the ciphertext, and/or any errors from this call. This should be called after the KMS client has been instantiated.

func (*Wrapper) GetAwsKmsClient ¶

func (k *Wrapper) GetAwsKmsClient() (*kms.KMS, error)

GetAwsKmsClient returns an instance of the KMS client.

func (*Wrapper) KeyId ¶

func (k *Wrapper) KeyId(_ context.Context) (string, error)

KeyId returns the last known key id

func (*Wrapper) SetConfig ¶

func (k *Wrapper) SetConfig(_ context.Context, opt ...wrapping.Option) (*wrapping.WrapperConfig, error)

SetConfig sets the fields on the Wrapper object based on values from the config parameter.

Order of precedence AWS values: * Environment variable * Passed in config map * Instance metadata role (access key and secret key) * Default values

func (*Wrapper) Type ¶

func (k *Wrapper) Type(_ context.Context) (wrapping.WrapperType, error)

Type returns the wrapping type for this particular Wrapper implementation

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL