gcpckms

package
v1.3.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 5, 2020 License: MPL-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// General GCP values, follows TF naming conventions
	EnvGCPCKMSSealCredsPath = "GOOGLE_CREDENTIALS"
	EnvGCPCKMSSealProject   = "GOOGLE_PROJECT"
	EnvGCPCKMSSealLocation  = "GOOGLE_REGION"

	// CKMS-specific values
	EnvGCPCKMSSealKeyRing   = "VAULT_GCPCKMS_SEAL_KEY_RING"
	EnvGCPCKMSSealCryptoKey = "VAULT_GCPCKMS_SEAL_CRYPTO_KEY"
)
View Source
const (
	// GCPKMSEncrypt is used to directly encrypt the data with KMS
	GCPKMSEncrypt = iota
	// GCPKMSEnvelopeAESGCMEncrypt is when a data encryption key is generatated and
	// the data is encrypted with AESGCM and the key is encrypted with KMS
	GCPKMSEnvelopeAESGCMEncrypt
)

Variables

This section is empty.

Functions

This section is empty.

Types

type GCPCKMSSeal

type GCPCKMSSeal struct {
	// contains filtered or unexported fields
}

func NewSeal

func NewSeal(logger log.Logger) *GCPCKMSSeal

func (*GCPCKMSSeal) Decrypt

func (s *GCPCKMSSeal) Decrypt(ctx context.Context, in *physical.EncryptedBlobInfo) (pt []byte, err error)

Decrypt is used to decrypt the ciphertext.

func (*GCPCKMSSeal) Encrypt

func (s *GCPCKMSSeal) Encrypt(ctx context.Context, plaintext []byte) (blob *physical.EncryptedBlobInfo, err error)

Encrypt is used to encrypt the master key using the the AWS CMK. This returns the ciphertext, and/or any errors from this call. This should be called after s.client has been instantiated.

func (*GCPCKMSSeal) Finalize

func (s *GCPCKMSSeal) Finalize(_ context.Context) error

Finalize is called during shutdown. This is a no-op since GCPKMSSeal doesn't require any cleanup.

func (*GCPCKMSSeal) Init

func (s *GCPCKMSSeal) Init(_ context.Context) error

Init is called during core.Initialize. No-op at the moment.

func (*GCPCKMSSeal) KeyID

func (s *GCPCKMSSeal) KeyID() string

KeyID returns the last known key id.

func (*GCPCKMSSeal) SealType

func (s *GCPCKMSSeal) SealType() string

SealType returns the seal type for this particular seal implementation.

func (*GCPCKMSSeal) SetConfig

func (s *GCPCKMSSeal) SetConfig(config map[string]string) (map[string]string, error)

SetConfig sets the fields on the GCPCKMSSeal object based on values from the config parameter. Environment variables take precedence over values provided in the Vault configuration file (i.e. values in the `seal "gcpckms"` stanza).

Order of precedence for GCP credentials file: * GOOGLE_CREDENTIALS environment variable * `credentials` value from Value configuration file * GOOGLE_APPLICATION_CREDENTIALS (https://developers.google.com/identity/protocols/application-default-credentials)

type GCPKMSMechanism

type GCPKMSMechanism uint32

GCPKMSMechanism is the method used to encrypt/decrypt in the autoseal

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL