Documentation ¶
Index ¶
- Constants
- Variables
- type PooledWrapper
- func (m *PooledWrapper) AddWrapper(ctx context.Context, w wrapping.Wrapper) (bool, error)
- func (m *PooledWrapper) AllKeyIds() []string
- func (m *PooledWrapper) Decrypt(ctx context.Context, ct *wrapping.BlobInfo, opt ...wrapping.Option) ([]byte, error)
- func (m *PooledWrapper) Encrypt(ctx context.Context, pt []byte, opt ...wrapping.Option) (*wrapping.BlobInfo, error)
- func (m *PooledWrapper) Finalize(context.Context, ...wrapping.Option) error
- func (m *PooledWrapper) HmacKeyId(ctx context.Context) (string, error)
- func (m *PooledWrapper) Init(context.Context, ...wrapping.Option) error
- func (m *PooledWrapper) KeyBytes(ctx context.Context) ([]byte, error)
- func (m *PooledWrapper) KeyId(ctx context.Context) (string, error)
- func (m *PooledWrapper) RemoveWrapper(ctx context.Context, keyId string) (bool, error)
- func (m *PooledWrapper) SetConfig(_ context.Context, _ ...wrapping.Option) (*wrapping.WrapperConfig, error)
- func (m *PooledWrapper) SetEncryptingWrapper(ctx context.Context, w wrapping.Wrapper) (bool, error)
- func (m *PooledWrapper) Type(_ context.Context) (wrapping.WrapperType, error)
- func (m *PooledWrapper) WrapperForKeyId(keyID string) wrapping.Wrapper
Constants ¶
const BaseEncryptor = "__base__"
Variables ¶
var ErrKeyNotFound = errors.New("given key ID not found")
Functions ¶
This section is empty.
Types ¶
type PooledWrapper ¶
type PooledWrapper struct {
// contains filtered or unexported fields
}
PooledWrapper allows multiple wrappers to be used for decryption based on key ID. This allows for rotation of data by allowing data to be decrypted across multiple (possibly derived) wrappers and encrypted with the default. Functions on this type will likely panic if the wrapper is not created via NewPooledWrapper.
func NewPooledWrapper ¶
NewPooledWrapper creates a PooledWrapper and sets its encrypting wrapper to the one that is passed in.
func (*PooledWrapper) AddWrapper ¶
AddWrapper adds a wrapper to the PooledWrapper. For safety, it will refuse to overwrite an existing wrapper; use RemoveWrapper to remove that one first. The return parameter indicates if the wrapper was successfully added, that is, it will be false if an existing wrapper would have been overridden. If you want to change the encrypting wrapper, create a new PooledWrapper or call SetEncryptingWrapper.
func (*PooledWrapper) AllKeyIds ¶
func (m *PooledWrapper) AllKeyIds() []string
AllKeyIds returns a sorted copy of all the pooled wrapper's key ids
func (*PooledWrapper) Decrypt ¶
func (m *PooledWrapper) Decrypt(ctx context.Context, ct *wrapping.BlobInfo, opt ...wrapping.Option) ([]byte, error)
Decrypt will use the embedded KeyId in the encrypted blob info to select which wrapper to use for decryption. If there is no key info it will attempt decryption with the current encryptor. It will return an ErrKeyNotFound if it cannot find a suitable key.
func (*PooledWrapper) Encrypt ¶
func (m *PooledWrapper) Encrypt(ctx context.Context, pt []byte, opt ...wrapping.Option) (*wrapping.BlobInfo, error)
Encrypt encrypts using the current encryptor
func (*PooledWrapper) Finalize ¶
This does nothing; it's up to the user to initialize and finalize any given wrapper
func (*PooledWrapper) HmacKeyId ¶
func (m *PooledWrapper) HmacKeyId(ctx context.Context) (string, error)
HmacKeyId returns the HmacKeyId of the current encryptor
func (*PooledWrapper) Init ¶
This does nothing; it's up to the user to initialize and finalize any given wrapper
func (*PooledWrapper) KeyBytes ¶
func (m *PooledWrapper) KeyBytes(ctx context.Context) ([]byte, error)
KeyBytes implements the option KeyExporter interface which will return the baseEncryptor key bytes
func (*PooledWrapper) KeyId ¶
func (m *PooledWrapper) KeyId(ctx context.Context) (string, error)
KeyId returns the KeyId of the current encryptor
func (*PooledWrapper) RemoveWrapper ¶
RemoveWrapper removes a wrapper from the PooledWrapper, identified by key ID. It will not remove the encrypting wrapper; use SetEncryptingWrapper for that. Returns whether or not a wrapper was removed, which will always be true unless it was the base encryptor.
func (*PooledWrapper) SetConfig ¶
func (m *PooledWrapper) SetConfig(_ context.Context, _ ...wrapping.Option) (*wrapping.WrapperConfig, error)
SetConfig sets config, but there is currently nothing to set on pooleed wrappers; set configuration on the chosen underlying wrappers instead.
func (*PooledWrapper) SetEncryptingWrapper ¶
SetEncryptingWrapper resets the encrypting wrapper to the one passed in. It will also add the previous encrypting wrapper to the set of decrypting wrappers; it can then be removed via its key ID and RemoveWrapper if desired. It will return false (not successful) if the given key ID is already in use.
func (*PooledWrapper) Type ¶
func (m *PooledWrapper) Type(_ context.Context) (wrapping.WrapperType, error)
func (*PooledWrapper) WrapperForKeyId ¶
func (m *PooledWrapper) WrapperForKeyId(keyID string) wrapping.Wrapper
WrapperForKeyId returns the wrapper for the given keyID. Returns nil if no wrapper was found for the given key ID.