Documentation ¶
Index ¶
- type AwsKmsProvider
- func (a AwsKmsProvider) Decrypt(c context.Context, req *v1beta1.DecryptRequest) (*v1beta1.DecryptResponse, error)
- func (a AwsKmsProvider) Encrypt(c context.Context, req *v1beta1.EncryptRequest) (*v1beta1.EncryptResponse, error)
- func (a AwsKmsProvider) Version(context.Context, *v1beta1.VersionRequest) (*v1beta1.VersionResponse, error)
- type AwsKmsProviderConfiguration
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AwsKmsProvider ¶
type AwsKmsProvider struct {
// contains filtered or unexported fields
}
AwsKmsProvider is an implementation of the K8 KMS provider specification https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/
In this implemenation we are using AWS KMS's encryption functionality to convert the plaintext into a ciphertext that is capable of being stored securely.
func NewAwsKmsProvider ¶
func NewAwsKmsProvider(cfg *AwsKmsProviderConfiguration) (*AwsKmsProvider, error)
NewAwsKmsProvider is a helper for generating a new KMS Key proxy that provide sensible defaults
func (AwsKmsProvider) Decrypt ¶
func (a AwsKmsProvider) Decrypt(c context.Context, req *v1beta1.DecryptRequest) (*v1beta1.DecryptResponse, error)
Decrypt is responsible for converting the *v1beta1.DecryptRequest.Cipher into a plaintext representation K8 itself.
func (AwsKmsProvider) Encrypt ¶
func (a AwsKmsProvider) Encrypt(c context.Context, req *v1beta1.EncryptRequest) (*v1beta1.EncryptResponse, error)
Encrypt is responsible for taking the plaintext from *v1beta1.EncryptRequest.Plain and transparently encrypting the value for K8.
func (AwsKmsProvider) Version ¶
func (a AwsKmsProvider) Version(context.Context, *v1beta1.VersionRequest) (*v1beta1.VersionResponse, error)
Version returns API information to consumers (primarily just the K8 masters themselves )
type AwsKmsProviderConfiguration ¶
type AwsKmsProviderConfiguration struct { // KeyId is the identifier for KMS key to use for encryption. // Can be either the Key ARN or the Key ID. // NOTE: Key Alias support is currently not implemented with the existing // validation logic KeyId *string // AwsRegion is the specifier on which AWS Region the KMS key resides in. AwsRegion *string }
AwsKmsProviderConfiguration allows for the customization of the KMS provider with some sensible defaults