aws

Documentation

Index

• Constants
• func ParseReference(resourceID string) (endpoint, keyID, alias string, err error)
• func ValidReference(ref string) error
• type Option
  • func WithConfigFile(config string) Option
  • func WithCredentialsFile(cred string) Option
  • func WithInsecureSkipVerify(insecure bool) Option
  • func WithProfile(profile string) Option
  • func WithRemoteVerify(remote bool) Option
• type SignerVerifier
  • func LoadSignerVerifier(ctx context.Context, ksp *kms.KMSSignerProvider) (*SignerVerifier, error)
  • func (a *SignerVerifier) Bytes() ([]byte, error)
  • func (*SignerVerifier) DefaultAlgorithm() string
  • func (a *SignerVerifier) KeyID() (string, error)
  • func (a *SignerVerifier) Sign(message io.Reader) ([]byte, error)
  • func (*SignerVerifier) SupportedAlgorithms() []string
  • func (a *SignerVerifier) Verifier() (cryptoutil.Verifier, error)
  • func (a *SignerVerifier) Verify(message io.Reader, sig []byte) (err error)

Constants

const (

	// ReferenceScheme schemes for various KMS services are copied from https://github.com/google/go-cloud/tree/master/secrets
	ReferenceScheme = "awskms://"
)

Functions

func ParseReference

func ParseReference(resourceID string) (endpoint, keyID, alias string, err error)

ParseReference parses an awskms-scheme URI into its constituent parts.

func ValidReference

func ValidReference(ref string) error

ValidReference returns a non-nil error if the reference string is invalid

Types

type Option

type Option func(*awsClientOptions)

func WithConfigFile

func WithConfigFile(config string) Option

func WithCredentialsFile

func WithCredentialsFile(cred string) Option

func WithInsecureSkipVerify

func WithInsecureSkipVerify(insecure bool) Option

func WithProfile

func WithProfile(profile string) Option

func WithRemoteVerify

func WithRemoteVerify(remote bool) Option

type SignerVerifier

type SignerVerifier struct {
	// contains filtered or unexported fields
}

SignerVerifier is a cryptoutil.SignerVerifier that uses the AWS Key Management Service

func LoadSignerVerifier

func LoadSignerVerifier(ctx context.Context, ksp *kms.KMSSignerProvider) (*SignerVerifier, error)

LoadSignerVerifier generates signatures using the specified key object in AWS KMS and hash algorithm.

func (*SignerVerifier) Bytes

func (a *SignerVerifier) Bytes() ([]byte, error)

Bytes returns the bytes of the public key that can be used to verify signatures created by the signer.

func (*SignerVerifier) DefaultAlgorithm

func (*SignerVerifier) DefaultAlgorithm() string

DefaultAlgorithm returns the default algorithm for the AWS KMS service

func (*SignerVerifier) KeyID

func (a *SignerVerifier) KeyID() (string, error)

NOTE: This might be all wrong but setting it like so for now

KeyID returns the key identifier for the key used by this signer.

func (*SignerVerifier) Sign

func (a *SignerVerifier) Sign(message io.Reader) ([]byte, error)

Sign signs the provided message using AWS KMS. If the message is provided, this method will compute the digest according to the hash function specified when the Signer was created.

func (*SignerVerifier) SupportedAlgorithms

func (*SignerVerifier) SupportedAlgorithms() []string

SupportedAlgorithms returns the list of algorithms supported by the AWS KMS service

func (*SignerVerifier) Verifier

func (a *SignerVerifier) Verifier() (cryptoutil.Verifier, error)

Verifier returns a cryptoutil.Verifier that can be used to verify signatures created by this signer.

func (*SignerVerifier) Verify

func (a *SignerVerifier) Verify(message io.Reader, sig []byte) (err error)

Verify verifies the signature for the given message, returning nil if the verification succeeded, and an error message otherwise.