Documentation ¶
Index ¶
- Constants
- Variables
- func KeyPathNotAllowed(path string, operation Operation) error
- func NewError(operation Operation, msg string, err error) error
- func RegisterCekProvider(name string, provider ColumnEncryptionKeyProvider) error
- type CekProvider
- type ColumnEncryptionKeyProvider
- type ColumnEncryptionKeyProviderMap
- type Error
- type Operation
Constants ¶
View Source
const ( CertificateStoreKeyProvider = "MSSQL_CERTIFICATE_STORE" CspKeyProvider = "MSSQL_CSP_PROVIDER" CngKeyProvider = "MSSQL_CNG_STORE" AzureKeyVaultKeyProvider = "AZURE_KEY_VAULT" JavaKeyProvider = "MSSQL_JAVA_KEYSTORE" KeyEncryptionAlgorithm = "RSA_OAEP" )
Variables ¶
View Source
var ColumnEncryptionKeyLifetime time.Duration = 2 * time.Hour
ColumnEncryptionKeyLifetime is the default lifetime of decrypted Column Encryption Keys in the global cache. The default is 2 hours
Functions ¶
func KeyPathNotAllowed ¶ added in v1.7.0
func RegisterCekProvider ¶
func RegisterCekProvider(name string, provider ColumnEncryptionKeyProvider) error
RegisterCekProvider adds the named provider to the global provider list
Types ¶
type CekProvider ¶
type CekProvider struct { Provider ColumnEncryptionKeyProvider // contains filtered or unexported fields }
func NewCekProvider ¶
func NewCekProvider(provider ColumnEncryptionKeyProvider) *CekProvider
func (*CekProvider) GetDecryptedKey ¶
type ColumnEncryptionKeyProvider ¶
type ColumnEncryptionKeyProvider interface { // DecryptColumnEncryptionKey decrypts the specified encrypted value of a column encryption key. // The encrypted value is expected to be encrypted using the column master key with the specified key path and using the specified algorithm. DecryptColumnEncryptionKey(ctx context.Context, masterKeyPath string, encryptionAlgorithm string, encryptedCek []byte) ([]byte, error) // EncryptColumnEncryptionKey encrypts a column encryption key using the column master key with the specified key path and using the specified algorithm. EncryptColumnEncryptionKey(ctx context.Context, masterKeyPath string, encryptionAlgorithm string, cek []byte) ([]byte, error) // SignColumnMasterKeyMetadata digitally signs the column master key metadata with the column master key // referenced by the masterKeyPath parameter. The input values used to generate the signature should be the // specified values of the masterKeyPath and allowEnclaveComputations parameters. May return an empty slice if not supported. SignColumnMasterKeyMetadata(ctx context.Context, masterKeyPath string, allowEnclaveComputations bool) ([]byte, error) // VerifyColumnMasterKeyMetadata verifies the specified signature is valid for the column master key // with the specified key path and the specified enclave behavior. Return nil if not supported. VerifyColumnMasterKeyMetadata(ctx context.Context, masterKeyPath string, allowEnclaveComputations bool) (*bool, error) // KeyLifetime is an optional Duration. Keys fetched by this provider will be discarded after their lifetime expires. // If it returns nil, the keys will expire based on the value of ColumnEncryptionKeyLifetime. // If it returns zero, the keys will not be cached. KeyLifetime() *time.Duration }
ColumnEncryptionKeyProvider is the interface for decrypting and encrypting column encryption keys. It is similar to .Net https://learn.microsoft.com/dotnet/api/microsoft.data.sqlclient.sqlcolumnencryptionkeystoreprovider.
type ColumnEncryptionKeyProviderMap ¶
type ColumnEncryptionKeyProviderMap map[string]*CekProvider
no synchronization on this map. Providers register during init.
func GetGlobalCekProviders ¶
func GetGlobalCekProviders() (providers ColumnEncryptionKeyProviderMap)
GetGlobalCekProviders enumerates all globally registered providers
Click to show internal directories.
Click to hide internal directories.