Documentation ¶
Index ¶
- Constants
- func DecryptSourceConfig(ms domain.DatabaseConnection, sourceConfig domain.SourceConfig, config config) (domain.SourceConfig, error)
- func Hash(in string) string
- type AESClient
- type Client
- func NewEncryptionClient(clientType string, db domain.DatabaseConnection, ...) (client Client, err error)
- func NewEncryptionClientWithDirectKey(clientType string, key string) (client Client, err error)
- func NewEncryptionClientWithProfile(clientType string, db domain.DatabaseConnection, ...) (client Client, err error)
- type KMSClient
Constants ¶
const ( // EncryptMode tells KMS to perform an encryption operation EncryptMode = iota // DecryptMode tells KMS to perform an decryption operation DecryptMode )
const ( // KMS is a const that delineates the type of encryption used (AWS Key Management System) KMS = "kms" // AES256 is a const that delineates the type of encryption used (AES256) AES256 = "aes" )
Variables ¶
This section is empty.
Functions ¶
func DecryptSourceConfig ¶
func DecryptSourceConfig(ms domain.DatabaseConnection, sourceConfig domain.SourceConfig, config config) (domain.SourceConfig, error)
DecryptSourceConfig takes in a source config as an argument, and decrypts the fields that are expected to be encrypted Should not store encrypted pass inside the sourceConfig because when a client reconnects, it will try to decrypt the already decrypted password
Types ¶
type AESClient ¶
type AESClient struct {
// contains filtered or unexported fields
}
AESClient performs encryption and decryption using AES256
type Client ¶
Client manages
func NewEncryptionClient ¶
func NewEncryptionClient(clientType string, db domain.DatabaseConnection, applicationEncryptionKey string, orgID string) (client Client, err error)
NewEncryptionClient takes in an application level encryption key (a KMS key) The fields in the database are encrypted with an organization specific encryption key, which is not the same as the application level encryption key This ensures that one organization cannot read the fields of another. The organization encryption key in the database itself is encrypted using the KMS application level encryption key The organization encryption key must be pulled from the database and decrypted before the client is created The application level encryption key should only exist in the root organization of an organization hierarchy
func NewEncryptionClientWithDirectKey ¶
NewEncryptionClientWithDirectKey takes the key used for encryption as a direct argument, and does not grab an encrypted, organization specific key from the database like NewEncryptionClient does
type KMSClient ¶
KMSClient holds all information required to perform encryption and decryption. Once the object is created, once can simply call encrypt or decrypt on it
func CreateKMSClientWithProfile ¶
CreateKMSClientWithProfile creates a KMSClient object. The keyID is the AWS KMS key ID. The profile is optional and may be passed as an empty string