Documentation
¶
Index ¶
Constants ¶
const ( // MaxSize is the maximum byte size of an encoded key. MaxSize = 1 << 20 // Size is the byte size of a cryptographic key. Size = 256 / 8 )
Variables ¶
This section is empty.
Functions ¶
func LogStoreStatus ¶ added in v0.17.3
LogStoreStatus periodically fetches the Store status and writes a log message whenever the Store is not available.
It stops whenever the given Context.Done() channel returns.
Types ¶
type Iterator ¶
type Iterator interface {
// Next moves the iterator to the next key, if any.
// This key is available until Next is called again.
//
// It returns true if and only if there is a new key
// available. If there are no more keys or an error
// has been encountered, Next returns false.
Next() bool
// Name returns the name of the current key. Name
// can be called multiple times an returns the
// same value until Next is called again.
Name() string
// Err returns the first error, if any, encountered
// while iterating over the set of keys.
Err() error
}
Iterator iterates over the names of set of cryptographic keys.
for iterator.Next() {
_ := iterator.Name() // Get the name of the key
}
if err := iterator.Err(); err != nil { // error handling
}
Iterator implementations may or may not reflect concurrent changes to the set of keys they iterate over. Further, they do not guarantee any ordering.
type Key ¶
type Key struct {
// contains filtered or unexported fields
}
Key is a secret key for symmetric cryptography.
type Manager ¶
type Manager struct {
// Store is the key store that persists cryptographic
// keys. The key manager will fetch the key from it if
// the key isn't in its cache.
Store Store
// CacheExpiryAny is the time period keys remain - at
// most - in the key manager cache.
//
// The key manager will clear the entire cache whenever
// this time period elapses and will start a new time
// interval such that the cache get cleared periodically.
CacheExpiryAny time.Duration
// CacheExpiryUnused is the time keys remain in the cache
// even though they are not used.
//
// A key that is used before one interval elapses is
// marked as used again and remains in the cache.
CacheExpiryUnused time.Duration
// CacheExpiryOffline is the time keys remain in the
// offline cache.
//
// The offline cache is only used when the Store is
// not available and CacheExpiryOffline > 0.
//
// The offline cache, if used, gets cleared whenever
// the Store becomes available again.
CacheExpiryOffline time.Duration
// CacheContext is the context that controls the cache
// garbage collection. Once its Done() channel returns,
// the garbage collection stops.
CacheContext context.Context
// contains filtered or unexported fields
}
Manager is a key manager that fetches keys from a key store and caches them in a local in-memory cache.
It runs a garbage collection that periodically removes keys from the cache such that they have to be fetched from the key store again.
func (*Manager) Create ¶
Create stores the given key at the key store.
If an entry with the same name exists, Create returns kes.ErrKeyExists.
func (*Manager) Delete ¶
Delete deletes the key with the given name at the key store.
Delete does not return an error if no key with this name exists.
func (*Manager) Get ¶
Get returns the key with the given name.
If no key with the given name exists, Get returns kes.ErrKeyNotFound.
Get tries to find the key in its cache first and fetches the key only from the key store if it's not in the cache.
type Store ¶
type Store interface {
// Status returns the current state of the
// Store.
//
// If Status fails to reach the Store - e.g.
// due to a network error - it should return
// a StoreState with StoreUnreachable and no
// error.
//
// Status should return an error whenever it
// fails to reach the Store but StoreUnreachable
// is not appropriate to describe the error
// condition.
Status(context.Context) (StoreState, error)
// Create stores the given key at the key store if
// and only if no entry with the given name exists.
//
// If no such entry exists, Create returns kes.ErrKeyExists.
Create(ctx context.Context, name string, key Key) error
// Delete deletes the key associated with the given name
// from the key store. It may not return an error if no
// entry for the given name exists.
Delete(ctx context.Context, name string) error
// Get returns the key associated with the given name.
//
// If there is no such entry, Get returns kes.ErrKeyNotFound.
Get(ctx context.Context, name string) (Key, error)
// List returns a new Iterator over the key store.
//
// The returned iterator may or may not reflect any
// concurrent changes to the key store - i.e. creates
// or deletes. Further, it does not provide any ordering
// guarantees.
List(context.Context) (Iterator, error)
}
Store is a key store that persists keys that are referenced by a unique name.
type StoreState ¶ added in v0.17.3
type StoreState struct {
// State is the state of the Store. A Store
// can either be reachable or unreachable.
State StoreStatus
// Latency is the time elapsed to reach
// the Store.
Latency time.Duration
}
StoreState describes the state of a Store.
func DialStore ¶ added in v0.17.3
func DialStore(ctx context.Context, endpoint string) (StoreState, error)
DialStore dials to the Store at the given endpoint and returns a StoreState describing the Store status.
If it succeeds to dial the Store it returns a StoreState with the StoreReachable status - never the StoreAvailable status.
If endpoint does not contain any URL scheme, DialStore uses the https URL scheme as default.
type StoreStatus ¶ added in v0.17.3
type StoreStatus string
StoreStatus describes that the state of a Store.
const ( // StoreAvailable is the state of a Store // that is reachable and can serve requests. StoreAvailable StoreStatus = "available" // StoreReachable is the state of a Store // that is reachable but may not be able // to serve requests. // For example, a Store may be reachable // over the network but needs to be // initialized or unsealed to serve requests. StoreReachable StoreStatus = "reachable" // StoreUnreachable is the state of a Store // that is not reachable. StoreUnreachable StoreStatus = "unreachable" )
func (StoreStatus) String ¶ added in v0.17.3
func (s StoreStatus) String() string
Source Files