The highest tagged major version is v2.

gcpckms

package

v0.7.1 Latest Latest Go to latest Published: Mar 4, 2022 License: MPL-2.0 Imports: 9 Imported by: 5

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/hashicorp/go-kms-wrapping

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type Wrapper
- func NewWrapper(opts *wrapping.WrapperOptions) *Wrapper

Constants ¶

View Source

const (
	// General GCP values, follows TF naming conventions
	EnvGCPCKMSWrapperCredsPath = "GOOGLE_CREDENTIALS"
	EnvGCPCKMSWrapperProject   = "GOOGLE_PROJECT"
	EnvGCPCKMSWrapperLocation  = "GOOGLE_REGION"

	// CKMS-specific values
	EnvGCPCKMSWrapperKeyRing     = "GCPCKMS_WRAPPER_KEY_RING"
	EnvVaultGCPCKMSSealKeyRing   = "VAULT_GCPCKMS_SEAL_KEY_RING"
	EnvGCPCKMSWrapperCryptoKey   = "GCPCKMS_WRAPPER_CRYPTO_KEY"
	EnvVaultGCPCKMSSealCryptoKey = "VAULT_GCPCKMS_SEAL_CRYPTO_KEY"
)

View Source

const (
	// GCPKMSEncrypt is used to directly encrypt the data with KMS
	GCPKMSEncrypt = iota
	// GCPKMSEnvelopeAESGCMEncrypt is when a data encryption key is generatated and
	// the data is encrypted with AESGCM and the key is encrypted with KMS
	GCPKMSEnvelopeAESGCMEncrypt
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Wrapper ¶

type Wrapper struct {
	// contains filtered or unexported fields
}

func NewWrapper ¶

func NewWrapper(opts *wrapping.WrapperOptions) *Wrapper

func (*Wrapper) Client ¶ added in v0.6.4

func (s *Wrapper) Client() *cloudkms.KeyManagementClient

Client returns the GCP KMS client used by the wrapper.

func (*Wrapper) Decrypt ¶

func (s *Wrapper) Decrypt(ctx context.Context, in *wrapping.EncryptedBlobInfo, aad []byte) (pt []byte, err error)

Decrypt is used to decrypt the ciphertext.

func (*Wrapper) Encrypt ¶

func (s *Wrapper) Encrypt(ctx context.Context, plaintext, aad []byte) (blob *wrapping.EncryptedBlobInfo, err error)

Encrypt is used to encrypt the master key using the the AWS CMK. This returns the ciphertext, and/or any errors from this call. This should be called after s.client has been instantiated.

func (*Wrapper) Finalize ¶

func (s *Wrapper) Finalize(_ context.Context) error

Finalize is called during shutdown. This is a no-op since Wrapper doesn't require any cleanup.

func (*Wrapper) HMACKeyID ¶

func (s *Wrapper) HMACKeyID() string

HMACKeyID returns the last known key id

func (*Wrapper) Init ¶

func (s *Wrapper) Init(_ context.Context) error

Init is called during core.Initialize. No-op at the moment

func (*Wrapper) KeyID ¶

func (s *Wrapper) KeyID() string

KeyID returns the last known key id

func (*Wrapper) KeyRingResourceName ¶ added in v0.6.6

func (s *Wrapper) KeyRingResourceName() string

KeyRingResourceName returns the relative resource name of the configured key ring.

func (*Wrapper) SetConfig ¶

func (s *Wrapper) SetConfig(config map[string]string) (map[string]string, error)

SetConfig sets the fields on the Wrapper object based on values from the config parameter. Environment variables take precedence over values provided in the config struct.

Order of precedence for GCP credentials file: * GOOGLE_CREDENTIALS environment variable * `credentials` value from Value configuration file * GOOGLE_APPLICATION_CREDENTIALS (https://developers.google.com/identity/protocols/application-default-credentials)

func (*Wrapper) Type ¶

func (s *Wrapper) Type() string

Type returns the type for this particular wrapper implementation

Source Files ¶

View all Source files

gcpckms.go

Directories ¶

Path	Synopsis
module

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL