Documentation ¶
Overview ¶
Package keyservice implements a gRPC API that can be used by SOPS to encrypt and decrypt the data key using remote master keys.
Index ¶
- Variables
- func RegisterKeyServiceServer(s *grpc.Server, srv KeyServiceServer)
- type AgeKey
- type AzureKeyVaultKey
- func (*AzureKeyVaultKey) Descriptor() ([]byte, []int)deprecated
- func (x *AzureKeyVaultKey) GetName() string
- func (x *AzureKeyVaultKey) GetVaultUrl() string
- func (x *AzureKeyVaultKey) GetVersion() string
- func (*AzureKeyVaultKey) ProtoMessage()
- func (x *AzureKeyVaultKey) ProtoReflect() protoreflect.Message
- func (x *AzureKeyVaultKey) Reset()
- func (x *AzureKeyVaultKey) String() string
- type DecryptRequest
- func (*DecryptRequest) Descriptor() ([]byte, []int)deprecated
- func (x *DecryptRequest) GetCiphertext() []byte
- func (x *DecryptRequest) GetKey() *Key
- func (*DecryptRequest) ProtoMessage()
- func (x *DecryptRequest) ProtoReflect() protoreflect.Message
- func (x *DecryptRequest) Reset()
- func (x *DecryptRequest) String() string
- type DecryptResponse
- type EncryptRequest
- func (*EncryptRequest) Descriptor() ([]byte, []int)deprecated
- func (x *EncryptRequest) GetKey() *Key
- func (x *EncryptRequest) GetPlaintext() []byte
- func (*EncryptRequest) ProtoMessage()
- func (x *EncryptRequest) ProtoReflect() protoreflect.Message
- func (x *EncryptRequest) Reset()
- func (x *EncryptRequest) String() string
- type EncryptResponse
- type GcpKmsKey
- type Key
- func (*Key) Descriptor() ([]byte, []int)deprecated
- func (x *Key) GetAgeKey() *AgeKey
- func (x *Key) GetAzureKeyvaultKey() *AzureKeyVaultKey
- func (x *Key) GetGcpKmsKey() *GcpKmsKey
- func (m *Key) GetKeyType() isKey_KeyType
- func (x *Key) GetKmsKey() *KmsKey
- func (x *Key) GetPgpKey() *PgpKey
- func (x *Key) GetVaultKey() *VaultKey
- func (*Key) ProtoMessage()
- func (x *Key) ProtoReflect() protoreflect.Message
- func (x *Key) Reset()
- func (x *Key) String() string
- type KeyServiceClient
- type KeyServiceServer
- type Key_AgeKey
- type Key_AzureKeyvaultKey
- type Key_GcpKmsKey
- type Key_KmsKey
- type Key_PgpKey
- type Key_VaultKey
- type KmsKey
- func (*KmsKey) Descriptor() ([]byte, []int)deprecated
- func (x *KmsKey) GetArn() string
- func (x *KmsKey) GetAwsProfile() string
- func (x *KmsKey) GetContext() map[string]string
- func (x *KmsKey) GetRole() string
- func (*KmsKey) ProtoMessage()
- func (x *KmsKey) ProtoReflect() protoreflect.Message
- func (x *KmsKey) Reset()
- func (x *KmsKey) String() string
- type LocalClient
- type PgpKey
- type Server
- type UnimplementedKeyServiceServer
- type VaultKey
- func (*VaultKey) Descriptor() ([]byte, []int)deprecated
- func (x *VaultKey) GetEnginePath() string
- func (x *VaultKey) GetKeyName() string
- func (x *VaultKey) GetVaultAddress() string
- func (*VaultKey) ProtoMessage()
- func (x *VaultKey) ProtoReflect() protoreflect.Message
- func (x *VaultKey) Reset()
- func (x *VaultKey) String() string
Constants ¶
This section is empty.
Variables ¶
var File_keyservice_keyservice_proto protoreflect.FileDescriptor
Functions ¶
func RegisterKeyServiceServer ¶
func RegisterKeyServiceServer(s *grpc.Server, srv KeyServiceServer)
Types ¶
type AgeKey ¶
type AgeKey struct { Recipient string `protobuf:"bytes,1,opt,name=recipient,proto3" json:"recipient,omitempty"` // contains filtered or unexported fields }
func (*AgeKey) Descriptor
deprecated
func (*AgeKey) GetRecipient ¶
func (*AgeKey) ProtoMessage ¶
func (*AgeKey) ProtoMessage()
func (*AgeKey) ProtoReflect ¶
func (x *AgeKey) ProtoReflect() protoreflect.Message
type AzureKeyVaultKey ¶
type AzureKeyVaultKey struct { VaultUrl string `protobuf:"bytes,1,opt,name=vault_url,json=vaultUrl,proto3" json:"vault_url,omitempty"` Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` Version string `protobuf:"bytes,3,opt,name=version,proto3" json:"version,omitempty"` // contains filtered or unexported fields }
func (*AzureKeyVaultKey) Descriptor
deprecated
func (*AzureKeyVaultKey) Descriptor() ([]byte, []int)
Deprecated: Use AzureKeyVaultKey.ProtoReflect.Descriptor instead.
func (*AzureKeyVaultKey) GetName ¶
func (x *AzureKeyVaultKey) GetName() string
func (*AzureKeyVaultKey) GetVaultUrl ¶
func (x *AzureKeyVaultKey) GetVaultUrl() string
func (*AzureKeyVaultKey) GetVersion ¶
func (x *AzureKeyVaultKey) GetVersion() string
func (*AzureKeyVaultKey) ProtoMessage ¶
func (*AzureKeyVaultKey) ProtoMessage()
func (*AzureKeyVaultKey) ProtoReflect ¶
func (x *AzureKeyVaultKey) ProtoReflect() protoreflect.Message
func (*AzureKeyVaultKey) Reset ¶
func (x *AzureKeyVaultKey) Reset()
func (*AzureKeyVaultKey) String ¶
func (x *AzureKeyVaultKey) String() string
type DecryptRequest ¶
type DecryptRequest struct { Key *Key `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` Ciphertext []byte `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` // contains filtered or unexported fields }
func (*DecryptRequest) Descriptor
deprecated
func (*DecryptRequest) Descriptor() ([]byte, []int)
Deprecated: Use DecryptRequest.ProtoReflect.Descriptor instead.
func (*DecryptRequest) GetCiphertext ¶
func (x *DecryptRequest) GetCiphertext() []byte
func (*DecryptRequest) GetKey ¶
func (x *DecryptRequest) GetKey() *Key
func (*DecryptRequest) ProtoMessage ¶
func (*DecryptRequest) ProtoMessage()
func (*DecryptRequest) ProtoReflect ¶
func (x *DecryptRequest) ProtoReflect() protoreflect.Message
func (*DecryptRequest) Reset ¶
func (x *DecryptRequest) Reset()
func (*DecryptRequest) String ¶
func (x *DecryptRequest) String() string
type DecryptResponse ¶
type DecryptResponse struct { Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"` // contains filtered or unexported fields }
func (*DecryptResponse) Descriptor
deprecated
func (*DecryptResponse) Descriptor() ([]byte, []int)
Deprecated: Use DecryptResponse.ProtoReflect.Descriptor instead.
func (*DecryptResponse) GetPlaintext ¶
func (x *DecryptResponse) GetPlaintext() []byte
func (*DecryptResponse) ProtoMessage ¶
func (*DecryptResponse) ProtoMessage()
func (*DecryptResponse) ProtoReflect ¶
func (x *DecryptResponse) ProtoReflect() protoreflect.Message
func (*DecryptResponse) Reset ¶
func (x *DecryptResponse) Reset()
func (*DecryptResponse) String ¶
func (x *DecryptResponse) String() string
type EncryptRequest ¶
type EncryptRequest struct { Key *Key `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` Plaintext []byte `protobuf:"bytes,2,opt,name=plaintext,proto3" json:"plaintext,omitempty"` // contains filtered or unexported fields }
func (*EncryptRequest) Descriptor
deprecated
func (*EncryptRequest) Descriptor() ([]byte, []int)
Deprecated: Use EncryptRequest.ProtoReflect.Descriptor instead.
func (*EncryptRequest) GetKey ¶
func (x *EncryptRequest) GetKey() *Key
func (*EncryptRequest) GetPlaintext ¶
func (x *EncryptRequest) GetPlaintext() []byte
func (*EncryptRequest) ProtoMessage ¶
func (*EncryptRequest) ProtoMessage()
func (*EncryptRequest) ProtoReflect ¶
func (x *EncryptRequest) ProtoReflect() protoreflect.Message
func (*EncryptRequest) Reset ¶
func (x *EncryptRequest) Reset()
func (*EncryptRequest) String ¶
func (x *EncryptRequest) String() string
type EncryptResponse ¶
type EncryptResponse struct { Ciphertext []byte `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` // contains filtered or unexported fields }
func (*EncryptResponse) Descriptor
deprecated
func (*EncryptResponse) Descriptor() ([]byte, []int)
Deprecated: Use EncryptResponse.ProtoReflect.Descriptor instead.
func (*EncryptResponse) GetCiphertext ¶
func (x *EncryptResponse) GetCiphertext() []byte
func (*EncryptResponse) ProtoMessage ¶
func (*EncryptResponse) ProtoMessage()
func (*EncryptResponse) ProtoReflect ¶
func (x *EncryptResponse) ProtoReflect() protoreflect.Message
func (*EncryptResponse) Reset ¶
func (x *EncryptResponse) Reset()
func (*EncryptResponse) String ¶
func (x *EncryptResponse) String() string
type GcpKmsKey ¶
type GcpKmsKey struct { ResourceId string `protobuf:"bytes,1,opt,name=resource_id,json=resourceId,proto3" json:"resource_id,omitempty"` // contains filtered or unexported fields }
func (*GcpKmsKey) Descriptor
deprecated
func (*GcpKmsKey) GetResourceId ¶
func (*GcpKmsKey) ProtoMessage ¶
func (*GcpKmsKey) ProtoMessage()
func (*GcpKmsKey) ProtoReflect ¶
func (x *GcpKmsKey) ProtoReflect() protoreflect.Message
type Key ¶
type Key struct { // Types that are assignable to KeyType: // *Key_KmsKey // *Key_PgpKey // *Key_GcpKmsKey // *Key_AzureKeyvaultKey // *Key_VaultKey // *Key_AgeKey KeyType isKey_KeyType `protobuf_oneof:"key_type"` // contains filtered or unexported fields }
func KeyFromMasterKey ¶
KeyFromMasterKey converts a SOPS internal MasterKey to an RPC Key that can be serialized with Protocol Buffers
func (*Key) Descriptor
deprecated
func (*Key) GetAzureKeyvaultKey ¶
func (x *Key) GetAzureKeyvaultKey() *AzureKeyVaultKey
func (*Key) GetGcpKmsKey ¶
func (*Key) GetKeyType ¶
func (m *Key) GetKeyType() isKey_KeyType
func (*Key) GetVaultKey ¶
func (*Key) ProtoMessage ¶
func (*Key) ProtoMessage()
func (*Key) ProtoReflect ¶
func (x *Key) ProtoReflect() protoreflect.Message
type KeyServiceClient ¶
type KeyServiceClient interface { Encrypt(ctx context.Context, in *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error) Decrypt(ctx context.Context, in *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error) }
KeyServiceClient is the client API for KeyService service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
func NewKeyServiceClient ¶
func NewKeyServiceClient(cc grpc.ClientConnInterface) KeyServiceClient
type KeyServiceServer ¶
type KeyServiceServer interface { Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error) Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error) }
KeyServiceServer is the server API for KeyService service.
type Key_AgeKey ¶
type Key_AgeKey struct {
AgeKey *AgeKey `protobuf:"bytes,6,opt,name=age_key,json=ageKey,proto3,oneof"`
}
type Key_AzureKeyvaultKey ¶
type Key_AzureKeyvaultKey struct {
AzureKeyvaultKey *AzureKeyVaultKey `protobuf:"bytes,4,opt,name=azure_keyvault_key,json=azureKeyvaultKey,proto3,oneof"`
}
type Key_GcpKmsKey ¶
type Key_GcpKmsKey struct {
GcpKmsKey *GcpKmsKey `protobuf:"bytes,3,opt,name=gcp_kms_key,json=gcpKmsKey,proto3,oneof"`
}
type Key_KmsKey ¶
type Key_KmsKey struct {
KmsKey *KmsKey `protobuf:"bytes,1,opt,name=kms_key,json=kmsKey,proto3,oneof"`
}
type Key_PgpKey ¶
type Key_PgpKey struct {
PgpKey *PgpKey `protobuf:"bytes,2,opt,name=pgp_key,json=pgpKey,proto3,oneof"`
}
type Key_VaultKey ¶
type Key_VaultKey struct {
VaultKey *VaultKey `protobuf:"bytes,5,opt,name=vault_key,json=vaultKey,proto3,oneof"`
}
type KmsKey ¶
type KmsKey struct { Arn string `protobuf:"bytes,1,opt,name=arn,proto3" json:"arn,omitempty"` Role string `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"` Context map[string]string `` /* 155-byte string literal not displayed */ AwsProfile string `protobuf:"bytes,4,opt,name=aws_profile,json=awsProfile,proto3" json:"aws_profile,omitempty"` // contains filtered or unexported fields }
func (*KmsKey) Descriptor
deprecated
func (*KmsKey) GetAwsProfile ¶
func (*KmsKey) GetContext ¶
func (*KmsKey) ProtoMessage ¶
func (*KmsKey) ProtoMessage()
func (*KmsKey) ProtoReflect ¶
func (x *KmsKey) ProtoReflect() protoreflect.Message
type LocalClient ¶
type LocalClient struct {
Server Server
}
LocalClient is a key service client that performs all operations locally
func (LocalClient) Decrypt ¶
func (c LocalClient) Decrypt(ctx context.Context, req *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error)
Decrypt processes a decrypt request locally See keyservice/server.go for more details
func (LocalClient) Encrypt ¶
func (c LocalClient) Encrypt(ctx context.Context, req *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error)
Encrypt processes an encrypt request locally See keyservice/server.go for more details
type PgpKey ¶
type PgpKey struct { Fingerprint string `protobuf:"bytes,1,opt,name=fingerprint,proto3" json:"fingerprint,omitempty"` // contains filtered or unexported fields }
func (*PgpKey) Descriptor
deprecated
func (*PgpKey) GetFingerprint ¶
func (*PgpKey) ProtoMessage ¶
func (*PgpKey) ProtoMessage()
func (*PgpKey) ProtoReflect ¶
func (x *PgpKey) ProtoReflect() protoreflect.Message
type Server ¶
type Server struct { // Prompt indicates whether the server should prompt before decrypting or encrypting data Prompt bool }
Server is a key service server that uses SOPS MasterKeys to fulfill requests
func (Server) Decrypt ¶
func (ks Server) Decrypt(ctx context.Context, req *DecryptRequest) (*DecryptResponse, error)
Decrypt takes a decrypt request and decrypts the provided ciphertext with the provided key, returning the decrypted result
func (Server) Encrypt ¶
func (ks Server) Encrypt(ctx context.Context, req *EncryptRequest) (*EncryptResponse, error)
Encrypt takes an encrypt request and encrypts the provided plaintext with the provided key, returning the encrypted result
type UnimplementedKeyServiceServer ¶
type UnimplementedKeyServiceServer struct { }
UnimplementedKeyServiceServer can be embedded to have forward compatible implementations.
func (*UnimplementedKeyServiceServer) Decrypt ¶
func (*UnimplementedKeyServiceServer) Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error)
func (*UnimplementedKeyServiceServer) Encrypt ¶
func (*UnimplementedKeyServiceServer) Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error)
type VaultKey ¶
type VaultKey struct { VaultAddress string `protobuf:"bytes,1,opt,name=vault_address,json=vaultAddress,proto3" json:"vault_address,omitempty"` EnginePath string `protobuf:"bytes,2,opt,name=engine_path,json=enginePath,proto3" json:"engine_path,omitempty"` KeyName string `protobuf:"bytes,3,opt,name=key_name,json=keyName,proto3" json:"key_name,omitempty"` // contains filtered or unexported fields }
func (*VaultKey) Descriptor
deprecated
func (*VaultKey) GetEnginePath ¶
func (*VaultKey) GetKeyName ¶
func (*VaultKey) GetVaultAddress ¶
func (*VaultKey) ProtoMessage ¶
func (*VaultKey) ProtoMessage()
func (*VaultKey) ProtoReflect ¶
func (x *VaultKey) ProtoReflect() protoreflect.Message