Versions in this module Expand all Collapse all v0 v0.3.0 Jan 16, 2024 Changes in this version + const AES256 + const ChaCha20 + var ErrDecrypt = NewError(http.StatusBadRequest, "decryption failed: ciphertext is not authentic") + var ErrEnclaveExists = NewError(http.StatusBadRequest, "enclave already exists") + var ErrEnclaveNotFound = NewError(http.StatusNotFound, "enclave does not exist") + var ErrIdentityExists = NewError(http.StatusBadRequest, "identity already exists") + var ErrIdentityNotFound = NewError(http.StatusNotFound, "identity does not exist") + var ErrKeyExists = NewError(http.StatusBadRequest, "key already exists") + var ErrKeyNotFound = NewError(http.StatusNotFound, "key does not exist") + var ErrNotAllowed = NewError(http.StatusForbidden, "not authorized: insufficient permissions") + var ErrPartialWrite = NewError(http.StatusServiceUnavailable, "change committed but not replicated") + var ErrPolicyExists = NewError(http.StatusBadRequest, "policy already exists") + var ErrPolicyNotFound = NewError(http.StatusNotFound, "policy does not exist") + var ErrSecretExists = NewError(http.StatusNotFound, "secret already exists") + var ErrSecretNotFound = NewError(http.StatusNotFound, "secret does not exist") + var ErrSecretVersionNotFound = NewError(http.StatusNotFound, "secret version does not exist") + func GenerateCertificate(key APIKey, options ...CertificateOption) (tls.Certificate, error) + type API struct + MaxBody int64 + Method string + Path string + Timeout time.Duration + func (a *API) UnmarshalJSON(data []byte) error + func (a API) MarshalJSON() ([]byte, error) + type APIKey interface + Identity func() Identity + Private func() crypto.PrivateKey + Public func() crypto.PublicKey + String func() string + func GenerateAPIKey(rand io.Reader) (APIKey, error) + func ParseAPIKey(s string) (APIKey, error) + type AuditEvent struct + APIPath string + ClientIP net.IP + ClientIdentity Identity + ResponseTime time.Duration + StatusCode int + Timestamp time.Time + type AuditStream struct + func NewAuditStream(r io.Reader) *AuditStream + func (s *AuditStream) Close() (err error) + func (s *AuditStream) Event() AuditEvent + func (s *AuditStream) Next() bool + func (s *AuditStream) WriteTo(w io.Writer) (int64, error) + type CertificateOption func(*x509.Certificate) + type Client struct + Endpoints []string + HTTPClient http.Client + func NewClient(endpoint string, key APIKey, options ...CertificateOption) (*Client, error) + func NewClientWithConfig(endpoint string, config *tls.Config) *Client + func (c *Client) APIs(ctx context.Context) ([]API, error) + func (c *Client) AuditLog(ctx context.Context) (*AuditStream, error) + func (c *Client) CreateKey(ctx context.Context, name string) error + func (c *Client) Decrypt(ctx context.Context, name string, ciphertext, context []byte) ([]byte, error) + func (c *Client) DeleteKey(ctx context.Context, name string) error + func (c *Client) DescribeIdentity(ctx context.Context, identity Identity) (*IdentityInfo, error) + func (c *Client) DescribeKey(ctx context.Context, name string) (*KeyInfo, error) + func (c *Client) DescribePolicy(ctx context.Context, name string) (*PolicyInfo, error) + func (c *Client) DescribeSelf(ctx context.Context) (*IdentityInfo, *Policy, error) + func (c *Client) Encrypt(ctx context.Context, name string, plaintext, context []byte) ([]byte, error) + func (c *Client) ErrorLog(ctx context.Context) (*ErrorStream, error) + func (c *Client) GenerateKey(ctx context.Context, name string, context []byte) (DEK, error) + func (c *Client) GetPolicy(ctx context.Context, name string) (*Policy, error) + func (c *Client) HMAC(ctx context.Context, key string, message []byte) ([]byte, error) + func (c *Client) ImportKey(ctx context.Context, name string, req *ImportKeyRequest) error + func (c *Client) IsReady(ctx context.Context) (bool, error) + func (c *Client) ListIdentities(ctx context.Context, prefix string, n int) ([]Identity, string, error) + func (c *Client) ListKeys(ctx context.Context, prefix string, n int) ([]string, string, error) + func (c *Client) ListPolicies(ctx context.Context, prefix string, n int) ([]string, string, error) + func (c *Client) Metrics(ctx context.Context) (Metric, error) + func (c *Client) Status(ctx context.Context) (State, error) + func (c *Client) Version(ctx context.Context) (string, error) + type ClusterInfo struct + Leader uint64 + Nodes map[uint64]string + type ConnError struct + Err error + Host string + func IsConnError(err error) (*ConnError, bool) + func (c *ConnError) Error() string + func (c *ConnError) Temporary() bool + func (c *ConnError) Timeout() bool + func (c *ConnError) Unwrap() error + type CreateIdentityRequest struct + Admin bool + Policy string + TTL time.Duration + type DEK struct + Ciphertext []byte + Plaintext []byte + type Error struct + func NewError(code int, msg string) Error + func (e Error) Error() string + func (e Error) Status() int + type ErrorEvent struct + Message string + type ErrorStream struct + func NewErrorStream(r io.Reader) *ErrorStream + func (s *ErrorStream) Close() error + func (s *ErrorStream) Event() ErrorEvent + func (s *ErrorStream) Message() string + func (s *ErrorStream) Next() bool + func (s *ErrorStream) WriteTo(w io.Writer) (int64, error) + type Identity string + const IdentityUnknown + func (id Identity) IsUnknown() bool + func (id Identity) String() string + type IdentityInfo struct + CreatedAt time.Time + CreatedBy Identity + ExpiresAt time.Time + Identity Identity + IsAdmin bool + Policy string + TTL time.Duration + type ImportKeyRequest struct + Cipher KeyAlgorithm + Key []byte + type KeyAlgorithm uint + func (a *KeyAlgorithm) UnmarshalText(text []byte) error + func (a KeyAlgorithm) MarshalText() ([]byte, error) + func (a KeyAlgorithm) String() string + type KeyInfo struct + Algorithm KeyAlgorithm + CreatedAt time.Time + CreatedBy Identity + Name string + func (k *KeyInfo) MarshalJSON() ([]byte, error) + func (k *KeyInfo) UnmarshalJSON(text []byte) error + type ListIter struct + NextFunc func(context.Context, string, int) ([]T, string, error) + func (i *ListIter[T]) Next(ctx context.Context) (item T, err error) + func (i *ListIter[T]) SeekTo(ctx context.Context, prefix string) (item T, err error) + type Metric struct + AuditEvents uint64 + CPUs int + ErrorEvents uint64 + HeapAlloc uint64 + HeapObjects uint64 + LatencyHistogram map[time.Duration]uint64 + RequestActive uint64 + RequestErr uint64 + RequestFail uint64 + RequestOK uint64 + StackAlloc uint64 + Threads int + UpTime time.Duration + UsableCPUs int + func (m *Metric) RequestN() uint64 + type Policy struct + Allow map[string]Rule + CreatedAt time.Time + CreatedBy Identity + Deny map[string]Rule + func (p *Policy) IsSubset(o *Policy) bool + func (p *Policy) Verify(r *http.Request) error + type PolicyInfo struct + CreatedAt time.Time + CreatedBy Identity + Name string + type Rule struct + type SecretInfo struct + CreatedAt time.Time + CreatedBy Identity + Name string + Type SecretType + func (s *SecretInfo) MarshalJSON() ([]byte, error) + func (s *SecretInfo) UnmarshalJSON(data []byte) error + type SecretOptions struct + Type SecretType + type SecretType uint + const SecretGeneric + func (s *SecretType) UnmarshalText(text []byte) error + func (s SecretType) MarshalText() ([]byte, error) + func (s SecretType) String() string + type State struct + Arch string + CPUs int + HeapAlloc uint64 + KeyStoreLatency time.Duration + KeyStoreReachable bool + KeystoreAvailable bool + OS string + StackAlloc uint64 + UpTime time.Duration + UsableCPUs int + Version string + func (s *State) UnmarshalJSON(data []byte) error + func (s State) MarshalJSON() ([]byte, error)