vault

package
v0.0.0-...-09899ef Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 23, 2021 License: MIT Imports: 6 Imported by: 0

Documentation

Index

Constants

View Source 
const KeyBits2048 = 2048

KeyBits2048 is the bit length for 2048-bit keys

View Source 
const KeyBits3072 = 3072

KeyBits3072 is the bit length for 3072-bit keys

View Source 
const KeyBits4096 = 4096

KeyBits4096 is the bit length for 4096-bit keys

View Source 
const KeySpecAES256GCM = "AES-256-GCM"

KeySpecAES256GCM AES-256-GCM key spec

View Source 
const KeySpecChaCha20 = "ChaCha20"

KeySpecChaCha20 ChaCha20 key spec

View Source 
const KeySpecECCBIP39 = "BIP39"

KeySpecECCBIP39 BIP39 key spec

View Source 
const KeySpecECCBabyJubJub = "babyJubJub"

KeySpecECCBabyJubJub babyJubJub key spec

View Source 
const KeySpecECCC25519 = "C25519"

KeySpecECCC25519 C25519 key spec

View Source 
const KeySpecECCEd25519 = "Ed25519"

KeySpecECCEd25519 Ed25519 key spec

View Source 
const KeySpecECCSecp256k1 = "secp256k1"

KeySpecECCSecp256k1 secp256k1 key spec

View Source 
const KeySpecRSA2048 = "RSA-2048"

KeySpecRSA2048 rsa 2048 key spec

View Source 
const KeySpecRSA3072 = "RSA-3072"

KeySpecRSA3072 rsa 3072 key spec

View Source 
const KeySpecRSA4096 = "RSA-4096"

KeySpecRSA4096 rsa 4096 key spec

View Source 
const KeyTypeAsymmetric = "asymmetric"

KeyTypeAsymmetric asymmetric key type

View Source 
const KeyTypeSymmetric = "symmetric"

KeyTypeSymmetric symmetric key type

View Source 
const KeyUsageEncryptDecrypt = "encrypt/decrypt"

KeyUsageEncryptDecrypt encrypt/decrypt usage

View Source 
const KeyUsageSignVerify = "sign/verify"

KeyUsageSignVerify sign/verify usage

View Source 
const MaxHDIteration = 4294967295

MaxHDIteration is the maximum HD account index

View Source 
const NonceSizeSymmetric = 12

NonceSizeSymmetric chacha20 & aes256 encrypt/decrypt nonce size

Variables

This section is empty.

Functions

func DeleteKey 

func DeleteKey(token, vaultID, keyID string) error

DeleteKey deletes a key

func DeleteSecret 

func DeleteSecret(token, vaultID, secretID string) error

DeleteSecret deletes a secret from the vault

Types

type BLSAggregateRequestResponse 

type BLSAggregateRequestResponse struct {
	Signatures         []*string `json:"signatures,omitempty"`
	AggregateSignature *string   `json:"aggregate_signature,omitempty"`
}

BLSAggregateRequestResponse provides the BLS sig information to aggregate n BLS signatures into one BLS signature

func AggregateSignatures 

func AggregateSignatures(token *string, params map[string]interface{}) (*BLSAggregateRequestResponse, error)

AggregateSignatures aggregates BLS signatures into a single BLS signature

type EncryptDecryptRequestResponse 

type EncryptDecryptRequestResponse struct {
	Data  string  `json:"data"`
	Nonce *string `json:"nonce,omitempty"`
}

EncryptDecryptRequestResponse contains the data (i.e., encrypted or decrypted) and an optional nonce

func Decrypt 

func Decrypt(token, vaultID, keyID string, params map[string]interface{}) (*EncryptDecryptRequestResponse, error)

Decrypt decrypts provided encrypted data with a key from the vault

func Encrypt 

func Encrypt(token, vaultID, keyID, data string) (*EncryptDecryptRequestResponse, error)

Encrypt encrypts provided data with a key from the vault and a randomly generated nonce

func EncryptWithNonce 

func EncryptWithNonce(token, vaultID, keyID, data, nonce string) (*EncryptDecryptRequestResponse, error)

EncryptWithNonce encrypts provided data with a key from the vault and provided nonce

type Key 

type Key struct {
	api.Model
	VaultID     *uuid.UUID `json:"vault_id"`
	Type        *string    `json:"type"` // symmetric or asymmetric
	Usage       *string    `json:"usage"`
	Spec        *string    `json:"spec"`
	Name        *string    `json:"name"`
	Description *string    `json:"description"`

	// these fields are only populated for ephemeral keys
	Ephemeral  *bool   `json:"ephemeral,omitempty"`
	PrivateKey *string `json:"private_key,omitempty"`
	Seed       *string `json:"seed,omitempty"`

	Address          *string `json:"address,omitempty"`
	HDDerivationPath *string `json:"hd_derivation_path,omitempty"`
	PublicKey        *string `json:"public_key,omitempty"`
}

Key represents a symmetric or asymmetric signing key

func CreateKey 

func CreateKey(token, vaultID string, params map[string]interface{}) (*Key, error)

CreateKey creates a new vault key

func DeriveKey 

func DeriveKey(token, vaultID, keyID string, params map[string]interface{}) (*Key, error)

DeriveKey derives a key

func FetchKey 

func FetchKey(token, vaultID, keyID string) (*Key, error)

FetchKey fetches a key from the given vault

func ListKeys 

func ListKeys(token, vaultID string, params map[string]interface{}) ([]*Key, error)

ListKeys retrieves a paginated list of vault keys

type SealUnsealRequestResponse 

type SealUnsealRequestResponse struct {
	UnsealerKey    *string `json:"key,omitempty"`
	ValidationHash *string `json:"validation_hash,omitempty"`
}

SealUnsealRequestResponse provides the unseal information

func GenerateSeal 

func GenerateSeal(token string, params map[string]interface{}) (*SealUnsealRequestResponse, error)

GenerateSeal returns a valid unsealing key used to encrypt vault master keys

func Seal 

func Seal(token string, params map[string]interface{}) (*SealUnsealRequestResponse, error)

Seal seals the vault to disable decryption of vault, key and secret material

func Unseal 

func Unseal(token *string, params map[string]interface{}) (*SealUnsealRequestResponse, error)

Unseal unseals the vault to enable decryption of vault, key and secret material

type Secret 

type Secret struct {
	api.Model
	VaultID     *uuid.UUID `json:"vault_id"`
	Type        *string    `json:"type"` // arbitrary secret type
	Name        *string    `json:"name"`
	Description *string    `json:"description"`
	Value       *string    `json:"value,omitempty"`
}

Secret represents a string, encrypted by the vault master key

func CreateSecret 

func CreateSecret(token, vaultID, value, name, description, secretType string) (*Secret, error)

CreateSecret stores a new secret in the vault

func FetchSecret 

func FetchSecret(token, vaultID, secretID string, params map[string]interface{}) (*Secret, error)

FetchSecret fetches a secret from the given vault

func ListSecrets 

func ListSecrets(token, vaultID string, params map[string]interface{}) ([]*Secret, error)

ListSecrets retrieves a paginated list of secrets in the vault

type Service 

type Service struct {
	api.Client
}

Service for the vault api

func InitVaultService 

func InitVaultService(token *string) *Service

InitVaultService convenience method to initialize an `vault.Service` instance

type SignRequest 

type SignRequest struct {
	Message string `json:"message"`
}

SignRequest contains a message to be signed

type SignResponse 

type SignResponse struct {
	Signature      *string `json:"signature,omitempty"`
	Address        *string `json:"address,omitempty"`
	DerivationPath *string `json:"hd_derivation_path,omitempty"`
}

SignResponse contains the signature for the message

func SignMessage 

func SignMessage(token, vaultID, keyID, msg string, opts map[string]interface{}) (*SignResponse, error)

SignMessage signs a message with the given key

type Vault 

type Vault struct {
	api.Model
	Name        *string `json:"name"`
	Description *string `json:"description"`
}

Vault provides secure key management

func CreateVault 

func CreateVault(token string, params map[string]interface{}) (*Vault, error)

CreateVault on behalf of the given API token

func ListVaults 

func ListVaults(token string, params map[string]interface{}) ([]*Vault, error)

ListVaults retrieves a paginated list of vaults scoped to the given API token

type VerifyRequest 

type VerifyRequest struct {
	Message   string `json:"message"`
	Signature string `json:"signature"`
}

VerifyRequest contains the message and signature for verification

type VerifyResponse 

type VerifyResponse struct {
	Verified bool `json:"verified"`
}

VerifyResponse contains a flag indicating if the signature was verified

func VerifyAggregateSignatures 

func VerifyAggregateSignatures(token *string, params map[string]interface{}) (*VerifyResponse, error)

VerifyAggregateSignatures verifies a bls signature

func VerifyDetachedSignature 

func VerifyDetachedSignature(token, spec, msg, sig, publicKey string, opts map[string]interface{}) (*VerifyResponse, error)

VerifyDetachedSignature verifies a signature generated by a key external to vault

func VerifySignature 

func VerifySignature(token, vaultID, keyID, msg, sig string, opts map[string]interface{}) (*VerifyResponse, error)

VerifySignature verifies a signature

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.