Documentation
¶
Index ¶
- Constants
- func AESDecrypt(algorithm string, key []byte, msg []byte, additionalData []byte) ([]byte, error)
- func GetSymmetricKeyLength(algorithm string) (int, error)
- func KEMDecrypt(input KEMDecryptInput) ([]byte, error)
- type AsymmetricAlgorithm
- type AsymmetricGenerateRequest
- type AsymmetricGenerateResult
- type AsymmetricStoreRequest
- type AsymmetricStoreResult
- type Client
- type CommonGenerateRequest
- type CommonRotateRequest
- type CommonStoreRequest
- type CommonStoreResult
- type DecryptRequest
- type DecryptResult
- type DecryptTransformRequest
- type DecryptTransformResult
- type DeleteRequest
- type DeleteResult
- type EncodedPrivateKey
- type EncodedPublicKey
- type EncodedSymmetricKey
- type EncryptRequest
- type EncryptResult
- type EncryptStructuredRequest
- type EncryptStructuredResult
- type EncryptTransformRequest
- type EncryptTransformResult
- type EncryptTransformStructuredRequest
- type EncryptTransformStructuredResult
- type ExportEncryptionAlgorithm
- type ExportEncryptionType
- type ExportRequest
- type ExportResult
- type FilterList
- func (fu *FilterList) Algorithm() *pangea.FilterMatch[string]
- func (fu *FilterList) CreatedAt() *pangea.FilterRange[string]
- func (fu *FilterList) DestroyedAt() *pangea.FilterRange[string]
- func (fu *FilterList) Expiration() *pangea.FilterRange[string]
- func (fu *FilterList) Folder() *pangea.FilterMatch[string]
- func (fu *FilterList) ID() *pangea.FilterMatch[string]
- func (fu *FilterList) ItemStated() *pangea.FilterMatch[string]
- func (fu *FilterList) LastRotated() *pangea.FilterRange[string]
- func (fu *FilterList) Name() *pangea.FilterMatch[string]
- func (fu *FilterList) NextRotation() *pangea.FilterRange[string]
- func (fu *FilterList) Purpose() *pangea.FilterMatch[string]
- func (fu *FilterList) Type() *pangea.FilterMatch[string]
- type FolderCreateRequest
- type FolderCreateResult
- type GetBulkRequest
- type GetBulkResult
- type GetRequest
- type GetResult
- type InheritedSettings
- type ItemData
- type ItemOrder
- type ItemOrderBy
- type ItemState
- type ItemType
- type ItemVersionData
- type ItemVersionState
- type JWKGetRequest
- type JWKGetResult
- type JWT
- type JWTSignRequest
- type JWTSignResult
- type JWTVerifyRequest
- type JWTVerifyResult
- type KEMDecryptInput
- type KEMKDF
- type KEMhashAlgorithm
- type KeyPurpose
- type KeyRotateRequest
- type KeyRotateResult
- type ListInclude
- type ListItemData
- type ListRequest
- type ListResult
- type Metadata
- type SecretRotateRequest
- type SecretRotateResult
- type SecretStoreRequest
- type SecretStoreResult
- type SignRequest
- type SignResult
- type StateChangeRequest
- type StateChangeResult
- type SymmetricAlgorithm
- type SymmetricGenerateRequest
- type SymmetricGenerateResult
- type SymmetricStoreRequest
- type SymmetricStoreResult
- type Tags
- type TransformAlphabet
- type UpdateRequest
- type UpdateResult
- type VerifyRequest
- type VerifyResult
Constants ¶
View Source
const ( KEMHAsha512 KEMhashAlgorithm = "sha512" KEMKDFpbkdf2 KEMKDF = "pbkdf2" )
View Source
const NONCE_SIZE = 12 // Standard nonce size for GCM
Variables ¶
This section is empty.
Functions ¶
func AESDecrypt ¶
func GetSymmetricKeyLength ¶
func KEMDecrypt ¶
func KEMDecrypt(input KEMDecryptInput) ([]byte, error)
Types ¶
type AsymmetricAlgorithm ¶
type AsymmetricAlgorithm string
const ( AAed25519 AsymmetricAlgorithm = "ED25519" AAes256 AsymmetricAlgorithm = "ES256" AAes384 AsymmetricAlgorithm = "ES384" AAes512 AsymmetricAlgorithm = "ES512" AArsa2048_pkcs1v15_sha256 AsymmetricAlgorithm = "RSA-PKCS1V15-2048-SHA256" AArsa2048_oaep_sha256 AsymmetricAlgorithm = "RSA-OAEP-2048-SHA256" AAes256K AsymmetricAlgorithm = "ES256K" AArsa2048_oaep_sha1 AsymmetricAlgorithm = "RSA-OAEP-2048-SHA1" AArsa2048_oaep_sha512 AsymmetricAlgorithm = "RSA-OAEP-2048-SHA512" AArsa3072_oaep_sha1 AsymmetricAlgorithm = "RSA-OAEP-3072-SHA1" AArsa3072_oaep_sha256 AsymmetricAlgorithm = "RSA-OAEP-3072-SHA256" AArsa3072_oaep_sha512 AsymmetricAlgorithm = "RSA-OAEP-3072-SHA512" AArsa4096_oaep_sha1 AsymmetricAlgorithm = "RSA-OAEP-4096-SHA1" AArsa4096_oaep_sha256 AsymmetricAlgorithm = "RSA-OAEP-4096-SHA256" AArsa4096_oaep_sha512 AsymmetricAlgorithm = "RSA-OAEP-4096-SHA512" AArsa2048_pss_sha256 AsymmetricAlgorithm = "RSA-PSS-2048-SHA256" AArsa3072_pss_sha256 AsymmetricAlgorithm = "RSA-PSS-3072-SHA256" AA4096_pss_sha256 AsymmetricAlgorithm = "RSA-PSS-4096-SHA256" // deprecated by typo. use AArsa4096_pss_sha256 instead AArsa4096_pss_sha256 AsymmetricAlgorithm = "RSA-PSS-4096-SHA256" AArsa4096_pss_sha512 AsymmetricAlgorithm = "RSA-PSS-4096-SHA512" AArsa AsymmetricAlgorithm = "RSA-PKCS1V15-2048-SHA256" // deprecated, use AArsa2048_pkcs1v15_sha256 instead AAed25519_dilithium2_beta AsymmetricAlgorithm = "ED25519-DILITHIUM2-BETA" AAed488_dilithium3_beta AsymmetricAlgorithm = "ED448-DILITHIUM3-BETA" AAsphincsplus_128f_shake256_simple_beta AsymmetricAlgorithm = "SPHINCSPLUS-128F-SHAKE256-SIMPLE-BETA" AAsphincsplus_128f_shake256_robust_beta AsymmetricAlgorithm = "SPHINCSPLUS-128F-SHAKE256-ROBUST-BETA" AAsphincsplus_192f_shake256_simple_beta AsymmetricAlgorithm = "SPHINCSPLUS-192F-SHAKE256-SIMPLE-BETA" AAsphincsplus_192f_shake256_robust_beta AsymmetricAlgorithm = "SPHINCSPLUS-192F-SHAKE256-ROBUST-BETA" AAsphincsplus_256f_shake256_simple_beta AsymmetricAlgorithm = "SPHINCSPLUS-256F-SHAKE256-SIMPLE-BETA" AAsphincsplus_256f_shake256_robust_beta AsymmetricAlgorithm = "SPHINCSPLUS-256F-SHAKE256-ROBUST-BETA" AAsphincsplus_128f_sha256_simple_beta AsymmetricAlgorithm = "SPHINCSPLUS-128F-SHA256-SIMPLE-BETA" AAsphincsplus_128f_sha256_robust_beta AsymmetricAlgorithm = "SPHINCSPLUS-128F-SHA256-ROBUST-BETA" AAsphincsplus_192f_sha256_simple_beta AsymmetricAlgorithm = "SPHINCSPLUS-192F-SHA256-SIMPLE-BETA" AAsphincsplus_192f_sha256_robust_beta AsymmetricAlgorithm = "SPHINCSPLUS-192F-SHA256-ROBUST-BETA" AAsphincsplus_256f_sha256_simple_beta AsymmetricAlgorithm = "SPHINCSPLUS-256F-SHA256-SIMPLE-BETA" AAsphincsplus_256f_sha256_robust_beta AsymmetricAlgorithm = "SPHINCSPLUS-256F-SHA256-ROBUST-BETA" AAfalcon1024_beta AsymmetricAlgorithm = "FALCON-1024-BETA" )
type AsymmetricGenerateRequest ¶
type AsymmetricGenerateRequest struct {
CommonGenerateRequest
Algorithm AsymmetricAlgorithm `json:"algorithm,omitempty"` // The algorithm of the key
Purpose KeyPurpose `json:"purpose,omitempty"` // The purpose of the key
Exportable *bool `json:"exportable,omitempty"` // Whether the key is exportable or not.
}
type AsymmetricGenerateResult ¶
type AsymmetricGenerateResult struct {
ItemData
}
type AsymmetricStoreRequest ¶
type AsymmetricStoreRequest struct {
CommonStoreRequest
Algorithm AsymmetricAlgorithm `json:"algorithm"` // The algorithm of the key
PublicKey EncodedPublicKey `json:"public_key"` // The public key (in PEM format)
PrivateKey EncodedPrivateKey `json:"private_key"` // The private key (in PEM format)
Purpose KeyPurpose `json:"purpose,omitempty"` // The purpose of the key
Exportable *bool `json:"exportable,omitempty"` // Whether the key is exportable or not.
}
type AsymmetricStoreResult ¶
type AsymmetricStoreResult struct {
ItemData
}
type Client ¶
type Client interface {
StateChange(ctx context.Context, req *StateChangeRequest) (*pangea.PangeaResponse[StateChangeResult], error)
Delete(ctx context.Context, req *DeleteRequest) (*pangea.PangeaResponse[DeleteResult], error)
Get(ctx context.Context, req *GetRequest) (*pangea.PangeaResponse[GetResult], error)
JWKGet(ctx context.Context, req *JWKGetRequest) (*pangea.PangeaResponse[JWKGetResult], error)
List(ctx context.Context, req *ListRequest) (*pangea.PangeaResponse[ListResult], error)
Update(ctx context.Context, req *UpdateRequest) (*pangea.PangeaResponse[UpdateResult], error)
SecretStore(ctx context.Context, req *SecretStoreRequest) (*pangea.PangeaResponse[SecretStoreResult], error)
SecretRotate(ctx context.Context, req *SecretRotateRequest) (*pangea.PangeaResponse[SecretRotateResult], error)
SymmetricGenerate(ctx context.Context, req *SymmetricGenerateRequest) (*pangea.PangeaResponse[SymmetricGenerateResult], error)
AsymmetricGenerate(ctx context.Context, req *AsymmetricGenerateRequest) (*pangea.PangeaResponse[AsymmetricGenerateResult], error)
SymmetricStore(ctx context.Context, req *SymmetricStoreRequest) (*pangea.PangeaResponse[SymmetricStoreResult], error)
AsymmetricStore(ctx context.Context, req *AsymmetricStoreRequest) (*pangea.PangeaResponse[AsymmetricStoreResult], error)
KeyRotate(ctx context.Context, req *KeyRotateRequest) (*pangea.PangeaResponse[KeyRotateResult], error)
Encrypt(ctx context.Context, req *EncryptRequest) (*pangea.PangeaResponse[EncryptResult], error)
Decrypt(ctx context.Context, req *DecryptRequest) (*pangea.PangeaResponse[DecryptResult], error)
Sign(ctx context.Context, req *SignRequest) (*pangea.PangeaResponse[SignResult], error)
Verify(ctx context.Context, req *VerifyRequest) (*pangea.PangeaResponse[VerifyResult], error)
JWTSign(ctx context.Context, req *JWTSignRequest) (*pangea.PangeaResponse[JWTSignResult], error)
JWTVerify(ctx context.Context, req *JWTVerifyRequest) (*pangea.PangeaResponse[JWTVerifyResult], error)
FolderCreate(ctx context.Context, req *FolderCreateRequest) (*pangea.PangeaResponse[FolderCreateResult], error)
// Encrypt parts of a JSON object.
EncryptStructured(ctx context.Context, input *EncryptStructuredRequest) (*pangea.PangeaResponse[EncryptStructuredResult], error)
// Decrypt parts of a JSON object.
DecryptStructured(ctx context.Context, input *EncryptStructuredRequest) (*pangea.PangeaResponse[EncryptStructuredResult], error)
// Encrypt using a format-preserving algorithm (FPE).
EncryptTransform(ctx context.Context, input *EncryptTransformRequest) (*pangea.PangeaResponse[EncryptTransformResult], error)
// Decrypt using a format-preserving algorithm (FPE).
DecryptTransform(ctx context.Context, input *DecryptTransformRequest) (*pangea.PangeaResponse[DecryptTransformResult], error)
EncryptTransformStructured(ctx context.Context, input *EncryptTransformStructuredRequest) (*pangea.PangeaResponse[EncryptTransformStructuredResult], error)
DecryptTransformStructured(ctx context.Context, input *EncryptTransformStructuredRequest) (*pangea.PangeaResponse[EncryptTransformStructuredResult], error)
// Export a symmetric or asymmetric key.
Export(ctx context.Context, input *ExportRequest) (*pangea.PangeaResponse[ExportResult], error)
GetBulk(ctx context.Context, input *GetBulkRequest) (*pangea.PangeaResponse[GetBulkResult], error)
// Base service methods
pangea.BaseServicer
}
type CommonGenerateRequest ¶
type CommonGenerateRequest struct {
// Base request has ConfigID for multi-config projects
pangea.BaseRequest
Type ItemType `json:"type"` // The type of the item
Name string `json:"name,omitempty"` // The name of this item
Folder string `json:"folder,omitempty"` // The folder where this item is stored
Metadata Metadata `json:"metadata,omitempty"` // User-provided metadata
Tags Tags `json:"tags,omitempty"` // A list of user-defined tags
RotationFrequency string `json:"rotation_frequency,omitempty"` // Period of time between item rotations.
RotationState string `json:"rotation_state,omitempty"` // State to which the previous version should transition upon rotation
DisabledAt string `json:"disabled_at,omitempty"` // Timestamp indicating when the item will be disabled
}
type CommonRotateRequest ¶
type CommonRotateRequest struct {
// Base request has ConfigID for multi-config projects
pangea.BaseRequest
ID string `json:"id"` // The ID of the key
RotationState ItemVersionState `json:"rotation_state,omitempty"` // State to which the previous version should transition upon rotation
}
type CommonStoreRequest ¶
type CommonStoreRequest struct {
// Base request has ConfigID for multi-config projects
pangea.BaseRequest
Type ItemType `json:"type"` // The type of the item
Name string `json:"name,omitempty"` // The name of this item
Folder string `json:"folder,omitempty"` // The folder where this item is stored
Metadata Metadata `json:"metadata,omitempty"` // User-provided metadata
Tags Tags `json:"tags,omitempty"` // A list of user-defined tags
RotationFrequency string `json:"rotation_frequency,omitempty"` // Period of time between item rotations.
RotationState ItemVersionState `json:"rotation_state,omitempty"` // State to which the previous version should transition upon rotation
DisabledAt string `json:"disabled_at,omitempty"` // Timestamp indicating when the item will be disabled
}
type CommonStoreResult ¶
type DecryptRequest ¶
type DecryptRequest struct {
// Base request has ConfigID for multi-config projects
pangea.BaseRequest
ID string `json:"id"` // The item ID
CipherText string `json:"cipher_text"` // A message encrypted by Vault (Base64 encoded)
Version *int `json:"version,omitempty"` // The item version
AdditionalData *string `json:"additional_data,omitempty"` // User provided authentication data
}
type DecryptResult ¶
type DecryptTransformRequest ¶
type DecryptTransformRequest struct {
pangea.BaseRequest
// The ID of the key to use.
ID string `json:"id"`
// A message encrypted by Vault.
CipherText string `json:"cipher_text"`
// User provided tweak string. If not provided, a random string will be
// generated and returned. The user must securely store the tweak source
// which will be needed to decrypt the data.
Tweak string `json:"tweak"`
// Set of characters to use for format-preserving encryption (FPE).
Alphabet TransformAlphabet `json:"alphabet"`
// The item version. Defaults to the current version.
Version *int `json:"version,omitempty"`
}
Parameters for a decrypt transform request.
type DecryptTransformResult ¶
type DecryptTransformResult struct {
// The item ID.
ID string `json:"id"`
// Decrypted message.
PlainText string `json:"plain_text"`
// The item version.
Version int `json:"version"`
// The algorithm of the key.
Algorithm string `json:"algorithm"`
}
Result of a decrypt transform request.
type DeleteRequest ¶
type DeleteRequest struct {
// Base request has ConfigID for multi-config projects
pangea.BaseRequest
ID string `json:"id"` // The item ID
Recursive *bool `json:"recursive,omitempty"` // true for recursive deleting all the items inside a folder. Valid only for folders
}
type DeleteResult ¶
type DeleteResult struct {
ID string `json:"id"`
}
type EncodedPrivateKey ¶
type EncodedPrivateKey string
EncodedPrivateKey is a PEM private key, with no further encoding (i.e. no base64). It may be used for example in openssh with no further processing
type EncodedPublicKey ¶
type EncodedPublicKey string
EncodedPublicKey is a PEM public key, with no further encoding (i.e. no base64) It may be used for example in openssh with no further processing
type EncodedSymmetricKey ¶
type EncodedSymmetricKey string
EncodedSymmetricKey is a base64 encoded key
type EncryptRequest ¶
type EncryptRequest struct {
// Base request has ConfigID for multi-config projects
pangea.BaseRequest
ID string `json:"id"` // The item ID
PlainText string `json:"plain_text"` // A message to be encrypted (Base64 encoded)
Version *int `json:"version,omitempty"` // The item version
AdditionalData *string `json:"additional_data,omitempty"` // User provided authentication data
}
type EncryptResult ¶
type EncryptStructuredRequest ¶
type EncryptStructuredRequest struct {
pangea.BaseRequest
// The ID of the key to use. It must be an item of type `symmetric_key` or
// `asymmetric_key` and purpose `encryption`.
ID string `json:"id"`
// Structured data for applying bulk operations.
StructuredData map[string]interface{} `json:"structured_data"`
// A filter expression. It must point to string elements of the
// `StructuredData` field.
Filter string `json:"filter"`
// The item version. Defaults to the current version.
Version *int `json:"version,omitempty"`
// User provided authentication data.
AdditionalData *string `json:"additional_data,omitempty"`
}
Parameters for an encrypt/decrypt structured request.
type EncryptStructuredResult ¶
type EncryptStructuredResult struct {
// The ID of the item.
ID string `json:"id"`
// The item version.
Version int `json:"version"`
// The algorithm of the key.
Algorithm string `json:"algorithm"`
// Structured data with filtered fields encrypted/decrypted.
StructuredData map[string]interface{} `json:"structured_data"`
}
Result of an encrypt/decrypt structured request.
type EncryptTransformRequest ¶
type EncryptTransformRequest struct {
pangea.BaseRequest
// The ID of the key to use.
ID string `json:"id"`
// Message to be encrypted.
PlainText string `json:"plain_text"`
// Set of characters to use for format-preserving encryption (FPE).
Alphabet TransformAlphabet `json:"alphabet"`
// User provided tweak string. If not provided, a random string will be
// generated and returned. The user must securely store the tweak source
// which will be needed to decrypt the data.
Tweak *string `json:"tweak,omitempty"`
// The item version. Defaults to the current version.
Version *int `json:"version,omitempty"`
}
Parameters for an encrypt transform request.
type EncryptTransformResult ¶
type EncryptTransformResult struct {
// The item ID.
ID string `json:"id"`
// The encrypted message.
CipherText string `json:"cipher_text"`
// The item version.
Version int `json:"version"`
// The algorithm of the key.
Algorithm string `json:"algorithm"`
// User provided tweak string. If not provided, a random string will be
// generated and returned. The user must securely store the tweak source
// which will be needed to decrypt the data.
Tweak string `json:"tweak"`
// Set of characters to use for format-preserving encryption (FPE).
Alphabet TransformAlphabet `json:"alphabet"`
}
Result of an encrypt transform request.
type EncryptTransformStructuredRequest ¶
type EncryptTransformStructuredRequest struct {
pangea.BaseRequest
// The ID of the key to use. It must be an item of type `symmetric_key` or
// `asymmetric_key` and purpose `encryption`.
ID string `json:"id"`
// Set of characters to use for format-preserving encryption (FPE).
Alphabet TransformAlphabet `json:"alphabet"`
// Structured data for applying bulk operations.
StructuredData map[string]interface{} `json:"structured_data"`
// A filter expression. It must point to string elements of the
// `StructuredData` field.
Filter string `json:"filter"`
// The item version. Defaults to the current version.
Version *int `json:"version,omitempty"`
// User provided authentication data.
AdditionalData *string `json:"additional_data,omitempty"`
// User provided tweak string. If not provided, a random string will be
// generated and returned. The user must securely store the tweak source
// which will be needed to decrypt the data.
Tweak *string `json:"tweak"`
}
type EncryptTransformStructuredResult ¶
type EncryptTransformStructuredResult struct {
// The ID of the item.
ID string `json:"id"`
// The item version.
Version int `json:"version"`
// The algorithm of the key.
Algorithm string `json:"algorithm"`
// Structured data with filtered fields encrypted/decrypted.
StructuredData map[string]interface{} `json:"structured_data"`
// User provided tweak string. If not provided, a random string will be
// generated and returned. The user must securely store the tweak source
// which will be needed to decrypt the data.
Tweak string `json:"tweak"`
// Set of characters to use for format-preserving encryption (FPE).
Alphabet TransformAlphabet `json:"alphabet"`
}
Result of an encrypt/decrypt structured request.
type ExportEncryptionAlgorithm ¶
type ExportEncryptionAlgorithm string
Algorithm of an exported public key.
const ( EEArsa4096_oaep_sha512 ExportEncryptionAlgorithm = "RSA-OAEP-4096-SHA512" EEArsa4096_no_padding_kem ExportEncryptionAlgorithm = "RSA-NO-PADDING-4096-KEM" )
type ExportEncryptionType ¶
type ExportEncryptionType string
const ( EETasymmetric ExportEncryptionType = "asymmetric" EETkem ExportEncryptionType = "kem" )
type ExportRequest ¶
type ExportRequest struct {
pangea.BaseRequest
ID string `json:"id"` // The ID of the item.
Version *int `json:"version,omitempty"` // The item version.
AsymmetricPublicKey *string `json:"asymmetric_public_key,omitempty"` // Public key in PEM format used to encrypt exported key(s).
AsymmetricAlgorithm *ExportEncryptionAlgorithm `json:"asymmetric_algorithm,omitempty"` // The algorithm of the public key.
KEMPassword *string `json:"kem_password,omitempty"` // This is the password that will be used along with a salt to derive the symmetric key that is used to encrypt the exported key material. Required if encryption_type is kem.
}
type ExportResult ¶
type ExportResult struct {
ID string `json:"id"` // The ID of the item.
Type string `json:"type"` // The type of the key.
Version int `json:"version"` // The item version.
Enabled bool `json:"enabled"` // True if the item is enabled.
Algorithm string `json:"algorithm"` // The algorithm of the key.
PublicKey *string `json:"public_key,omitempty"` // The public key (in PEM format).
PrivateKey *string `json:"private_key,omitempty"` // The private key (in PEM format), it could be encrypted or not based on 'encryption_type' value.
Key *string `json:"key,omitempty"` // The key material.
// Encryption information
EncryptionType string `json:"encryption_type"` // Encryption format of the exported key(s). It could be none if returned in plain text, asymmetric if it is encrypted just with the public key sent in asymmetric_public_key, or kem if it was encrypted using KEM protocol.
AsymmetricAlgorithm string `json:"asymmetric_algorithm,omitempty"` // The algorithm of the public key used to encrypt exported material
SymmetricAlgorithm string `json:"symmetric_algorithm,omitempty"` // The algorithm of the symmetric key used to encrypt exported material
KDF string `json:"kdf,omitempty"` // Key derivation function used to derivate the symmetric key when `encryption_type` is `kem`
HashAlgorithm string `json:"hash_algorithm,omitempty"` // Hash algorithm used to derivate the symmetric key when `encryption_type` is `kem`
IterationCount int `json:"iteration_count,omitempty"` // Iteration count used to derivate the symmetric key when `encryption_type` is `kem`
EncryptedSalt string `json:"encrypted_salt,omitempty"` // Salt used to derivate the symmetric key when `encryption_type` is `kem`, encrypted with the public key provided in `asymmetric_key`
}
type FilterList ¶
type FilterList struct {
pangea.FilterBase
// contains filtered or unexported fields
}
func NewFilterList ¶
func NewFilterList() *FilterList
func (*FilterList) Algorithm ¶
func (fu *FilterList) Algorithm() *pangea.FilterMatch[string]
func (*FilterList) CreatedAt ¶
func (fu *FilterList) CreatedAt() *pangea.FilterRange[string]
func (*FilterList) DestroyedAt ¶
func (fu *FilterList) DestroyedAt() *pangea.FilterRange[string]
func (*FilterList) Expiration ¶
func (fu *FilterList) Expiration() *pangea.FilterRange[string]
func (*FilterList) Folder ¶
func (fu *FilterList) Folder() *pangea.FilterMatch[string]
func (*FilterList) ID ¶
func (fu *FilterList) ID() *pangea.FilterMatch[string]
func (*FilterList) ItemStated ¶
func (fu *FilterList) ItemStated() *pangea.FilterMatch[string]
func (*FilterList) LastRotated ¶
func (fu *FilterList) LastRotated() *pangea.FilterRange[string]
func (*FilterList) Name ¶
func (fu *FilterList) Name() *pangea.FilterMatch[string]
func (*FilterList) NextRotation ¶
func (fu *FilterList) NextRotation() *pangea.FilterRange[string]
func (*FilterList) Purpose ¶
func (fu *FilterList) Purpose() *pangea.FilterMatch[string]
func (*FilterList) Type ¶
func (fu *FilterList) Type() *pangea.FilterMatch[string]
type FolderCreateRequest ¶
type FolderCreateRequest struct {
pangea.BaseRequest
Name string `json:"name"` // The name of this folder
Folder string `json:"folder,omitempty"` // The parent folder where this folder is stored
Metadata Metadata `json:"metadata,omitempty"` // User-provided metadata
Tags Tags `json:"tags,omitempty"` // A list of user-defined tags
RotationFrequency string `json:"rotation_frequency,omitempty"` // Period of time between item rotations, never to disable rotation or inherited to inherit the value from the parent folder or from the default settings (format: a positive number followed by a time period (secs, mins, hrs, days, weeks, months, years) or an abbreviation
RotationState ItemVersionState `json:"rotation_state,omitempty"` // State to which the previous version should transition upon rotation or inherited to inherit the value from the parent folder or from the default settings
RotationGracePeriod string `json:"rotation_grace_period,omitempty"` // Grace period for the previous version of the Pangea Token or inherited to inherit the value from the parent folder or from the default settings (format: a positive number followed by a time period (secs, mins, hrs, days, weeks, months, years) or an abbreviation
}
type FolderCreateResult ¶
type FolderCreateResult struct {
ItemData
}
type GetBulkRequest ¶
type GetBulkRequest struct {
// Base request has ConfigID for multi-config projects
pangea.BaseRequest
Filter pangea.Filter `json:"filter,omitempty"` // A set of filters to help you customize your search
Last string `json:"last,omitempty"` // Internal ID returned in the previous look up response. Used for pagination.
Size int `json:"size,omitempty"` // Maximum number of items in the response
Order ItemOrder `json:"order,omitempty"` // Ordering direction
OrderBy ItemOrderBy `json:"order_by,omitempty"` // Property used to order the results
}
type GetBulkResult ¶
type GetRequest ¶
type GetRequest struct {
// Base request has ConfigID for multi-config projects
pangea.BaseRequest
ID string `json:"id"`
Version string `json:"version,omitempty"`
}
type InheritedSettings ¶
type ItemData ¶
type ItemData struct {
ID string `json:"id"` // The ID of the item
Type string `json:"type"` // The type of the item
NumVersions int `json:"num_versions"` // Latest version number
Enabled bool `json:"enabled"` // True if the item is enabled
Name string `json:"name,omitempty"` // The name of this item
Folder string `json:"folder,omitempty"` // The folder where this item is stored
Metadata Metadata `json:"metadata,omitempty"` // User-provided metadata
Tags Tags `json:"tags,omitempty"` // A list of user-defined tags
RotationFrequency string `json:"rotation_frequency,omitempty"` // Period of time between item rotations.
RotationState string `json:"rotation_state,omitempty"` // State to which the previous version should transition upon rotation
LastRotated string `json:"last_rotated,omitempty"` // Timestamp of the last rotation (if any)
NextRotation string `json:"next_rotation,omitempty"` // Timestamp of the next rotation, if auto rotation is enabled.
DisabledAt string `json:"disabled_at,omitempty"` // Timestamp indicating when the item will be disabled
CreatedAt string `json:"created_at"` // Timestamp indicating when the item was created
Algorithm string `json:"algorithm,omitempty"` // The algorithm of the key
Purpose string `json:"purpose,omitempty"` // The purpose of the key
RotationGracePeriod string `json:"rotation_grace_period,omitempty"` // Grace period for the previous version of the secret
Exportable *bool `json:"exportable,omitempty"` // Whether the key is exportable or not.
ClientID string `json:"client_id,omitempty"`
InheritedSettings *InheritedSettings `json:"inherited_settings,omitempty"` // For settings that inherit a value from a parent folder, the full path of the folder where the value is set
ItemVersions []ItemVersionData `json:"item_versions"`
}
type ItemOrderBy ¶
type ItemOrderBy string
const ( IOBid ItemOrderBy = "id" IOBtype ItemOrderBy = "type" IOBcreateAt ItemOrderBy = "create_at" IOBdestroyedAt ItemOrderBy = "destroyed_at" IOBalgorithm ItemOrderBy = "algorithm" IOBpurpose ItemOrderBy = "purpose" IOBdisabledAt ItemOrderBy = "disabled_at" IOBlastRotated ItemOrderBy = "last_rotated" IOBnextRotation ItemOrderBy = "next_rotation" IOBname ItemOrderBy = "name" IOBfolder ItemOrderBy = "folder" IOBitemState ItemOrderBy = "item_state" )
type ItemType ¶
type ItemType string
const ( ITasymmetricKey ItemType = "asymmetric_key" ITsymmetricKey ItemType = "symmetric_key" ITsecret ItemType = "secret" ITpangeaToken ItemType = "pangea_token" ITfolder ItemType = "folder" ITpangeaClientSecret ItemType = "pangea_client_secret" ITpangeaPlatformClientSecret ItemType = "pangea_platform_client_secret" )
type ItemVersionData ¶
type ItemVersionData struct {
Version int `json:"version"` // The item version
State string `json:"state"` // The state of the item version
CreatedAt string `json:"created_at"` // Timestamp indicating when the item was created
DestroyedAt *string `json:"destroyed_at,omitempty"` // Timestamp indicating when the item version will be destroyed
RotatedAt *string `json:"rotated_at,omitempty"` // Timestamp indicating when the item version will be rotated
PublicKey *EncodedPublicKey `json:"public_key,omitempty"`
Secret *string `json:"secret,omitempty"`
Token *string `json:"token,omitempty"`
ClientSecret *string `json:"client_secret,omitempty"`
ClientSecretID *string `json:"client_secret_id,omitempty"`
}
type ItemVersionState ¶
type ItemVersionState string
const ( IVSactive ItemVersionState = "active" IVSdeactivated ItemVersionState = "deactivated" IVSsuspended ItemVersionState = "suspended" IVScompromised ItemVersionState = "compromised" IVSdestroyed ItemVersionState = "destroyed" IVSinherited ItemVersionState = "inherited" )
type JWKGetRequest ¶
type JWKGetRequest struct {
// Base request has ConfigID for multi-config projects
pangea.BaseRequest
ID string `json:"id"` // The item ID
Version *string `json:"version,omitempty"` // The key version(s). all for all versions, num for a specific version, -num for the num latest versions
}
type JWKGetResult ¶
type JWKGetResult struct {
Keys []JWT `json:"keys"` // The JSON Web Key Set (JWKS) object. Fields with key information are base64URL encoded.
}
type JWT ¶
type JWT struct {
Alg string `json:"alg"`
Kid *string `json:"kid,omitempty"`
Kty string `json:"kty"`
Use *string `json:"use,omitempty"`
Crv *string `json:"crv,omitempty"`
D *string `json:"d,omitempty"`
X *string `json:"x,omitempty"`
Y *string `json:"y,omitempty"`
N *string `json:"n,omitempty"`
E *string `json:"e,omitempty"`
}
type JWTSignRequest ¶
type JWTSignRequest struct {
// Base request has ConfigID for multi-config projects
pangea.BaseRequest
ID string `json:"id"` // The item ID
Payload string `json:"payload"` // The JWT payload (in JSON)
}
type JWTSignResult ¶
type JWTSignResult struct {
JWS string `json:"jws"` // The signed JSON Web Token (JWS)
}
type JWTVerifyRequest ¶
type JWTVerifyRequest struct {
// Base request has ConfigID for multi-config projects
pangea.BaseRequest
JWS string `json:"jws"` // The signed JSON Web Token (JWS)
}
type JWTVerifyResult ¶
type JWTVerifyResult struct {
ValidSignature bool `json:"valid_signature"` // Indicates if messages have been verified.
}
type KEMDecryptInput ¶
type KEMDecryptInput struct {
Cipher []byte
EncryptedSalt []byte
AsymmetricAlgorithm string
AsymmetricPrivateKey cryptorsa.PrivateKey
SymmetricAlgorithm string
Password string
HashAlgorithm KEMhashAlgorithm
IterationCount int
KDF KEMKDF
}
func NewKEMDecryptInput ¶
func NewKEMDecryptInput(r ExportResult, password string, rsaPrivKey cryptorsa.PrivateKey) (*KEMDecryptInput, error)
type KEMhashAlgorithm ¶
type KEMhashAlgorithm string
type KeyPurpose ¶
type KeyPurpose string
const ( KPsigning KeyPurpose = "signing" KPencryption KeyPurpose = "encryption" KPjwt KeyPurpose = "jwt" KPfpe KeyPurpose = "fpe" // Format-preserving encryption. )
type KeyRotateRequest ¶
type KeyRotateRequest struct {
CommonRotateRequest
PublicKey *EncodedPublicKey `json:"public_key,omitempty"` // The public key (in PEM format)
PrivateKey *EncodedPrivateKey `json:"private_key,omitempty"` // The private key (in PEM format)
Key *EncodedSymmetricKey `json:"key,omitempty"` // The key material
}
type KeyRotateResult ¶
type KeyRotateResult struct {
ItemData
}
type ListInclude ¶
type ListInclude string
const ( LIsecrets ListInclude = "secrets" LIencrypted ListInclude = "encrypted" )
type ListItemData ¶
type ListItemData struct {
ItemData
CompromisedVersions []ItemVersionData `json:"compromised_versions"`
}
type ListRequest ¶
type ListRequest struct {
// Base request has ConfigID for multi-config projects
pangea.BaseRequest
Filter pangea.Filter `json:"filter,omitempty"` // A set of filters to help you customize your search.
Last string `json:"last,omitempty"` // Internal ID returned in the previous look up response. Used for pagination.
Size int `json:"size,omitempty"` // Maximum number of items in the response
Order ItemOrder `json:"order,omitempty"` // Ordering direction
OrderBy ItemOrderBy `json:"order_by,omitempty"` // Property used to order the results
}
type ListResult ¶
type ListResult struct {
Items []ListItemData `json:"items"`
Last string `json:"last,omitempty"` // Internal ID returned in the previous look up response. Used for pagination.
}
type SecretRotateRequest ¶
type SecretRotateRequest struct {
CommonRotateRequest
RotationGracePeriod string `json:"rotation_grace_period,omitempty"` // Grace period for the previous version of the secret
Secret string `json:"secret,omitempty"`
}
type SecretRotateResult ¶
type SecretRotateResult struct {
ItemData
}
type SecretStoreRequest ¶
type SecretStoreRequest struct {
CommonStoreRequest
Secret string `json:"secret,omitempty"` // The secret value
Token string `json:"token,omitempty"` // The Pangea Token value
ClientSecret string `json:"client_secret,omitempty"` // The oauth client secret
ClientID string `json:"client_id,omitempty"` // The oauth client ID
ClientSecretID string `json:"client_secret_id,omitempty"` // The oauth client secret ID
RotationGracePeriod string `json:"rotation_grace_period,omitempty"` // Grace period for the previous version of the secret
}
type SecretStoreResult ¶
type SecretStoreResult struct {
ItemData
Secret string `json:"secret,omitempty"` // The secret value
Token string `json:"token,omitempty"` // The Pangea Token value
ClientSecret string `json:"client_secret,omitempty"` // The oauth client secret
ClientID string `json:"client_id,omitempty"` // The oauth client ID
ClientSecretID string `json:"client_secret_id,omitempty"` // The oauth client secret ID
RotationGracePeriod string `json:"rotation_grace_period,omitempty"` // Grace period for the previous version of the secret
}
type SignRequest ¶
type SignRequest struct {
// Base request has ConfigID for multi-config projects
pangea.BaseRequest
ID string `json:"id"` // The ID of the item
Version *int `json:"version,omitempty"` // The item version
Message string `json:"message"` // The message to be signed
}
type SignResult ¶
type SignResult struct {
ID string `json:"id"` // The ID of the item
Version int `json:"version"` // The item version
Signature string `json:"signature"` // The signature of the message
Algorithm string `json:"algorithm"` // The algorithm of the key
PublicKey *EncodedPublicKey `json:"public_key,omitempty"` // The public key (in PEM format)
}
type StateChangeRequest ¶
type StateChangeRequest struct {
// Base request has ConfigID for multi-config projects
pangea.BaseRequest
ID string `json:"id"` // The item ID
State ItemVersionState `json:"state"` // The new state of the item version
Version *int `json:"version,omitempty"` // The item version
DestroyPeriod string `json:"destroy_period,omitempty"` // Period of time for the destruction of a compromised key. Only applicable if state=compromised (format: a positive number followed by a time period (secs, mins, hrs, days, weeks, months, years) or an abbreviation
}
type StateChangeResult ¶
type StateChangeResult struct {
ItemData
}
type SymmetricAlgorithm ¶
type SymmetricAlgorithm string
const ( SYAhs256 SymmetricAlgorithm = "HS256" SYAhs384 SymmetricAlgorithm = "HS384" SYAhs512 SymmetricAlgorithm = "HS512" SYAaes128_cfb SymmetricAlgorithm = "AES-CFB-128" SYAaes256_cfb SymmetricAlgorithm = "AES-CFB-256" SYAaes256_gcm SymmetricAlgorithm = "AES-GCM-256" SYAaes128_cbc SymmetricAlgorithm = "AES-CBC-128" SYAaes256_cbc SymmetricAlgorithm = "AES-CBC-256" SYAaes SymmetricAlgorithm = "AES-CFB-128" // deprecated, use SYAaes128_cfb instead SYAaes_ff3_1_128 SymmetricAlgorithm = "AES-FF3-1-128-BETA" // 128-bit encryption using the FF3-1 algorithm. Beta feature. SYAaes_ff3_1_256 SymmetricAlgorithm = "AES-FF3-1-256-BETA" // 256-bit encryption using the FF3-1 algorithm. Beta feature. )
type SymmetricGenerateRequest ¶
type SymmetricGenerateRequest struct {
CommonGenerateRequest
Algorithm SymmetricAlgorithm `json:"algorithm"` // The algorithm of the key
Purpose KeyPurpose `json:"purpose"` // The purpose of the key
Exportable *bool `json:"exportable,omitempty"` // Whether the key is exportable or not.
}
type SymmetricGenerateResult ¶
type SymmetricGenerateResult struct {
ItemData
}
type SymmetricStoreRequest ¶
type SymmetricStoreRequest struct {
CommonStoreRequest
Key EncodedSymmetricKey `json:"key"`
Algorithm SymmetricAlgorithm `json:"algorithm"` // The algorithm of the key
Purpose KeyPurpose `json:"purpose,omitempty"` // The purpose of the key
Exportable *bool `json:"exportable,omitempty"` // Whether the key is exportable or not.
}
type SymmetricStoreResult ¶
type SymmetricStoreResult struct {
ItemData
}
type TransformAlphabet ¶
type TransformAlphabet string
const ( TAalphalower TransformAlphabet = "alphalower" // Lowercase alphabet (a-z). TAalphanumeric TransformAlphabet = "alphanumeric" // Alphanumeric (a-z, A-Z, 0-9). TAalphanumericlower TransformAlphabet = "alphanumericlower" // Lowercase alphabet with numbers (a-z, 0-9). TAalphanumericupper TransformAlphabet = "alphanumericupper" // Uppercase alphabet with numbers (A-Z, 0-9). TAalphaupper TransformAlphabet = "alphaupper" // Uppercase alphabet (A-Z). TAnumeric TransformAlphabet = "numeric" // Numeric (0-9). )
type UpdateRequest ¶
type UpdateRequest struct {
// Base request has ConfigID for multi-config projects
pangea.BaseRequest
ID string `json:"id"` // The item ID
Name string `json:"name,omitempty"` // The name of this item
Folder string `json:"folder,omitempty"` // The parent folder where this item is stored
Metadata Metadata `json:"metadata,omitempty"` // User-provided metadata
Tags Tags `json:"tags,omitempty"` // A list of user-defined tags
DisabledAt string `json:"disabled_at,omitempty"` // Timestamp indicating when the item will be disabled
Enabled *bool `json:"enabled,omitempty"` // True if the item is enabled
RotationFrequency string `json:"rotation_frequency,omitempty"` // Period of time between item rotations, never to disable rotation or inherited to inherit the value from the parent folder or from the default settings (format: a positive number followed by a time period (secs, mins, hrs, days, weeks, months, years) or an abbreviation
RotationState ItemVersionState `json:"rotation_state,omitempty"` // State to which the previous version should transition upon rotation or inherited to inherit the value from the parent folder or from the default settings
RotationGracePeriod string `json:"rotation_grace_period,omitempty"` // Grace period for the previous version of the Pangea Token or inherited to inherit the value from the parent folder or from the default settings (format: a positive number followed by a time period (secs, mins, hrs, days, weeks, months, years) or an abbreviation
}
type UpdateResult ¶
type UpdateResult struct {
ItemData
}
type VerifyRequest ¶
type VerifyRequest struct {
// Base request has ConfigID for multi-config projects
pangea.BaseRequest
ID string `json:"id"` // The ID of the item
Version *int `json:"version,omitempty"` // The item version
Message string `json:"message"` // A message to be verified
Signature string `json:"signature"` // The message signature
}
Source Files
Click to show internal directories.
Click to hide internal directories.