Documentation
¶
Index ¶
- Constants
- func ParseKeyVersion(kid string) string
- func WithClientId(with string) wrapping.Option
- func WithClientSecret(with string) wrapping.Option
- func WithDisallowEnvVars(with bool) wrapping.Option
- func WithEnvironment(with string) wrapping.Option
- func WithKeyName(with string) wrapping.Option
- func WithKeyNotRequired(with bool) wrapping.Option
- func WithLogger(with hclog.Logger) wrapping.Option
- func WithResource(with string) wrapping.Option
- func WithTenantId(with string) wrapping.Option
- func WithVaultName(with string) wrapping.Option
- type OptionFunc
- type Wrapper
- func (v *Wrapper) BaseURL() string
- func (v *Wrapper) Client() *keyvault.BaseClient
- func (v *Wrapper) Decrypt(ctx context.Context, in *wrapping.BlobInfo, opt ...wrapping.Option) ([]byte, error)
- func (v *Wrapper) Encrypt(ctx context.Context, plaintext []byte, opt ...wrapping.Option) (*wrapping.BlobInfo, error)
- func (v *Wrapper) KeyId(_ context.Context) (string, error)
- func (v *Wrapper) Logger() hclog.Logger
- func (v *Wrapper) SetConfig(_ context.Context, opt ...wrapping.Option) (*wrapping.WrapperConfig, error)
- func (v *Wrapper) Type(_ context.Context) (wrapping.WrapperType, error)
Constants ¶
const ( EnvAzureKeyVaultWrapperVaultName = "AZUREKEYVAULT_WRAPPER_VAULT_NAME" EnvVaultAzureKeyVaultVaultName = "VAULT_AZUREKEYVAULT_VAULT_NAME" EnvAzureKeyVaultWrapperKeyName = "AZUREKEYVAULT_WRAPPER_KEY_NAME" EnvVaultAzureKeyVaultKeyName = "VAULT_AZUREKEYVAULT_KEY_NAME" )
Variables ¶
This section is empty.
Functions ¶
func ParseKeyVersion ¶
Kid gets returned as a full URL, get the last bit which is just the version
func WithClientId ¶
WithClientId provides a way to chose the client ID
func WithClientSecret ¶
WithClientSecret provides a way to chose the client secret
func WithDisallowEnvVars ¶
WithDisallowEnvVars provides a way to disable using env vars
func WithEnvironment ¶
WithEnvironment provides a way to chose the environment
func WithKeyName ¶
WithKeyName provides a way to chose the key name
func WithKeyNotRequired ¶
WithKeyNotRequired provides a way to not require a key at config time
func WithLogger ¶
WithLogger provides a way to pass in a logger
func WithResource ¶
WithResource provides a way to chose the resource
func WithTenantId ¶
WithTenantId provides a way to chose the tenant ID
func WithVaultName ¶
WithVaultName provides a way to chose the vault name
Types ¶
type OptionFunc ¶
type OptionFunc func(*options) error
OptionFunc holds a function with local options
type Wrapper ¶
type Wrapper struct {
// contains filtered or unexported fields
}
Wrapper is an Wrapper that uses Azure Key Vault for crypto operations. Azure Key Vault currently does not support keys that can encrypt long data (RSA keys). Due to this fact, we generate and AES key and wrap the key using Key Vault and store it with the data
func NewWrapper ¶
func NewWrapper() *Wrapper
NewWrapper creates a new wrapper with the given options
func (*Wrapper) BaseURL ¶
BaseURL returns the base URL for key management operation requests based on the Azure Vault name and environment.
func (*Wrapper) Client ¶
func (v *Wrapper) Client() *keyvault.BaseClient
Client returns the AzureKeyVault client used by the wrapper.
func (*Wrapper) Decrypt ¶
func (v *Wrapper) Decrypt(ctx context.Context, in *wrapping.BlobInfo, opt ...wrapping.Option) ([]byte, error)
Decrypt is used to decrypt the ciphertext
func (*Wrapper) Encrypt ¶
func (v *Wrapper) Encrypt(ctx context.Context, plaintext []byte, opt ...wrapping.Option) (*wrapping.BlobInfo, error)
Encrypt is used to encrypt using Azure Key Vault. This returns the ciphertext, and/or any errors from this call.
func (*Wrapper) Logger ¶
func (v *Wrapper) Logger() hclog.Logger
Logger returns the logger used by the wrapper.
func (*Wrapper) SetConfig ¶
func (v *Wrapper) SetConfig(_ context.Context, opt ...wrapping.Option) (*wrapping.WrapperConfig, error)
SetConfig sets the fields on the Wrapper object based on values from the config parameter.
Order of precedence: * Environment variable * Passed in config map * Managed Service Identity for instance
Source Files