gemalto

package

v0.22.1 Latest Latest Go to latest Published: Nov 23, 2022 License: AGPL-3.0 Imports: 20 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/minio/kes

Links

Open Source Insights

Documentation ¶

Overview ¶

Package gemalto implements a key store that fetches/stores cryptographic keys on a Gemalto KeySecure instance.

Index ¶

type Config
type Conn
- func Connect(ctx context.Context, config *Config) (c *Conn, err error)
type Credentials
Bugs

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Config ¶ added in v0.22.0

type Config struct {
	// Endpoint is the KeySecure instance endpoint.
	Endpoint string

	// CAPath is a path to the root CA certificate(s)
	// used to verify the TLS certificate of the KeySecure
	// instance. If empty, the host's root CA set is used.
	CAPath string

	// Login credentials are used to authenticate to the
	// KeySecure instance and obtain a short-lived authentication
	// token.
	Login Credentials
}

Config is a structure containing configuration options for connecting to a KeySecure server.

type Conn ¶ added in v0.22.0

type Conn struct {
	// contains filtered or unexported fields
}

Conn is a connection to a Gemalto KeySecure server.

func Connect ¶ added in v0.22.0

func Connect(ctx context.Context, config *Config) (c *Conn, err error)

Connect establishes and returns a Conn to a Gemalto KeySecure server using the given config.

func (*Conn) Create ¶ added in v0.22.0

func (c *Conn) Create(ctx context.Context, name string, value []byte) error

Create creates the given key-value pair at Gemalto if and only if the given key does not exist. If such an entry already exists it returns kes.ErrKeyExists.

func (*Conn) Delete ¶ added in v0.22.0

func (c *Conn) Delete(ctx context.Context, name string) error

Delete removes a the value associated with the given key from Gemalto, if it exists.

func (*Conn) Get ¶ added in v0.22.0

func (c *Conn) Get(ctx context.Context, name string) ([]byte, error)

Get returns the value associated with the given key. If no entry for the key exists it returns kes.ErrKeyNotFound.

func (*Conn) List ¶ added in v0.22.0

func (c *Conn) List(ctx context.Context) (kms.Iter, error)

List returns a new Iterator over the names of all stored keys.

func (*Conn) Status ¶ added in v0.22.0

func (c *Conn) Status(ctx context.Context) (kms.State, error)

Status returns the current state of the Gemalto KeySecure instance. In particular, whether it is reachable and the network latency.

type Credentials ¶

type Credentials struct {
	Token  string        // The KeySecure refresh token
	Domain string        // The KeySecure domain - similar to a Vault Namespace
	Retry  time.Duration // The time to wait before trying to re-authenticate
}

Credentials represents a Gemalto KeySecure refresh token that can be used to obtain a short-lived authentication token.

A token is valid within either the default root domain (empty) or a specifc domain - e.g. my-domain.

Notes ¶

Bugs ¶

The KeySecure server returns 404 NotFound if the secret does not exist but also when we are not allowed to access/delete the secret due to insufficient policy permissions. The reason for this is probably that a client should not be able to determine whether a particular secret exists (if the client has no access to it). Unfortunately, we cannot guarantee anymore that we actually deleted the secret. It could also be the case that we lost access (e.g. due to a policy change). So, in this case we don't return an error such that the client thinks it has deleted the secret successfully.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL