transit

package

v0.6.0-beta2 Latest Latest Go to latest Published: May 25, 2016 License: MPL-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/linii/vault

Documentation ¶

Index ¶

Constants
func Backend(conf *logical.BackendConfig) *backend
func Factory(conf *logical.BackendConfig) (logical.Backend, error)
type ArchivedKeys
type KeyEntry
type KeyEntryMap
- func (kem KeyEntryMap) MarshalJSON() ([]byte, error)
- func (kem KeyEntryMap) UnmarshalJSON(data []byte) error
type Policy

Constants ¶

View Source

const (
	ErrTooOld = "ciphertext version is disallowed by policy (too old)"
)

Variables ¶

This section is empty.

Functions ¶

func Backend ¶

func Backend(conf *logical.BackendConfig) *backend

func Factory ¶

func Factory(conf *logical.BackendConfig) (logical.Backend, error)

Types ¶

type ArchivedKeys ¶ added in v0.5.0

type ArchivedKeys struct {
	Keys []KeyEntry `json:"keys"`
}

ArchivedKeys stores old keys. This is used to keep the key loading time sane when there are huge numbers of rotations.

type KeyEntry ¶ added in v0.3.0

type KeyEntry struct {
	Key          []byte `json:"key"`
	CreationTime int64  `json:"creation_time"`
}

KeyEntry stores the key and metadata

type KeyEntryMap ¶ added in v0.3.0

type KeyEntryMap map[int]KeyEntry

KeyEntryMap is used to allow JSON marshal/unmarshal

func (KeyEntryMap) MarshalJSON ¶ added in v0.3.0

func (kem KeyEntryMap) MarshalJSON() ([]byte, error)

MarshalJSON implements JSON marshaling

func (KeyEntryMap) UnmarshalJSON ¶ added in v0.3.0

func (kem KeyEntryMap) UnmarshalJSON(data []byte) error

MarshalJSON implements JSON unmarshaling

type Policy ¶

type Policy struct {
	Name       string      `json:"name"`
	Key        []byte      `json:"key,omitempty"` //DEPRECATED
	Keys       KeyEntryMap `json:"keys"`
	CipherMode string      `json:"cipher"`

	// Derived keys MUST provide a context and the
	// master underlying key is never used.
	Derived bool   `json:"derived"`
	KDFMode string `json:"kdf_mode"`

	// The minimum version of the key allowed to be used
	// for decryption
	MinDecryptionVersion int `json:"min_decryption_version"`

	// The latest key version in this policy
	LatestVersion int `json:"latest_version"`

	// The latest key version in the archive. We never delete these, so this is
	// a max.
	ArchiveVersion int `json:"archive_version"`

	// Whether the key is allowed to be deleted
	DeletionAllowed bool `json:"deletion_allowed"`
}

Policy is the struct used to store metadata

func (*Policy) Decrypt ¶ added in v0.3.0

func (p *Policy) Decrypt(context []byte, value string) (string, error)

func (*Policy) DeriveKey ¶ added in v0.2.0

func (p *Policy) DeriveKey(context []byte, ver int) ([]byte, error)

DeriveKey is used to derive the encryption key that should be used depending on the policy. If derivation is disabled the raw key is used and no context is required, otherwise the KDF mode is used with the context to derive the proper key.

func (*Policy) Encrypt ¶ added in v0.3.0

func (p *Policy) Encrypt(context []byte, value string) (string, error)

func (*Policy) Persist ¶ added in v0.3.0

func (p *Policy) Persist(storage logical.Storage) error

func (*Policy) Serialize ¶

func (p *Policy) Serialize() ([]byte, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL