azurekeyvault

Documentation

Index

• Constants
• func ParseKeyVersion(kid string) string
• type Wrapper
  • func NewWrapper(opts *wrapping.WrapperOptions) *Wrapper
  • func (v *Wrapper) BaseURL() string
  • func (v *Wrapper) Client() *keyvault.BaseClient
  • func (v *Wrapper) Decrypt(ctx context.Context, in *wrapping.EncryptedBlobInfo, aad []byte) (pt []byte, err error)
  • func (v *Wrapper) Encrypt(ctx context.Context, plaintext, aad []byte) (blob *wrapping.EncryptedBlobInfo, err error)
  • func (v *Wrapper) Finalize(context.Context) error
  • func (v *Wrapper) HMACKeyID() string
  • func (v *Wrapper) Init(context.Context) error
  • func (v *Wrapper) KeyID() string
  • func (v *Wrapper) Logger() hclog.Logger
  • func (v *Wrapper) SetConfig(config map[string]string) (map[string]string, error)
  • func (v *Wrapper) Type() string

Constants

const (
	EnvAzureKeyVaultWrapperVaultName = "AZUREKEYVAULT_WRAPPER_VAULT_NAME"
	EnvVaultAzureKeyVaultVaultName   = "VAULT_AZUREKEYVAULT_VAULT_NAME"

	EnvAzureKeyVaultWrapperKeyName = "AZUREKEYVAULT_WRAPPER_KEY_NAME"
	EnvVaultAzureKeyVaultKeyName   = "VAULT_AZUREKEYVAULT_KEY_NAME"
)

Functions

func ParseKeyVersion

func ParseKeyVersion(kid string) string

Kid gets returned as a full URL, get the last bit which is just the version

Types

type Wrapper

type Wrapper struct {
	// contains filtered or unexported fields
}

Wrapper is an Wrapper that uses Azure Key Vault for crypto operations. Azure Key Vault currently does not support keys that can encrypt long data (RSA keys). Due to this fact, we generate and AES key and wrap the key using Key Vault and store it with the data

func NewWrapper

func NewWrapper(opts *wrapping.WrapperOptions) *Wrapper

NewWrapper creates a new wrapper with the given options

func (*Wrapper) BaseURL

func (v *Wrapper) BaseURL() string

BaseURL returns the base URL for key management operation requests based on the Azure Vault name and environment.

func (*Wrapper) Client

func (v *Wrapper) Client() *keyvault.BaseClient

Client returns the AzureKeyVault client used by the wrapper.

func (*Wrapper) Decrypt

func (v *Wrapper) Decrypt(ctx context.Context, in *wrapping.EncryptedBlobInfo, aad []byte) (pt []byte, err error)

Decrypt is used to decrypt the ciphertext

func (*Wrapper) Encrypt

func (v *Wrapper) Encrypt(ctx context.Context, plaintext, aad []byte) (blob *wrapping.EncryptedBlobInfo, err error)

Encrypt is used to encrypt using Azure Key Vault. This returns the ciphertext, and/or any errors from this call.

func (*Wrapper) Finalize

func (v *Wrapper) Finalize(context.Context) error

Finalize is called during shutdown. This is a no-op.

func (*Wrapper) HMACKeyID

func (v *Wrapper) HMACKeyID() string

HMACKeyID returns the last known HMAC key id

func (*Wrapper) Init

func (v *Wrapper) Init(context.Context) error

Init is called during core.Initialize. This is a no-op.

func (*Wrapper) KeyID

func (v *Wrapper) KeyID() string

KeyID returns the last known key id

func (*Wrapper) Logger

func (v *Wrapper) Logger() hclog.Logger

Logger returns the logger used by the wrapper.

func (*Wrapper) SetConfig

func (v *Wrapper) SetConfig(config map[string]string) (map[string]string, error)

SetConfig sets the fields on the Wrapper object based on values from the config parameter.

Order of precedence: * Environment variable * Passed in config map * Managed Service Identity for instance

func (*Wrapper) Type

func (v *Wrapper) Type() string

Type returns the type for this particular Wrapper implementation