Documentation ¶
Index ¶
- Constants
- Variables
- func DefaultTransport() http.RoundTripper
- func EncryptKey(key, pubkey string) (string, error)
- func EncryptNonce(key, value, iv string) (string, string, error)
- func NewContextWithAuth(parent context.Context, auth string) context.Context
- type API
- type Attributes
- type CallOpt
- type Client
- func (c *Client) CreateImportToken(ctx context.Context, expiration, maxAllowedRetrievals int) (*ImportTokenMetadata, error)
- func (c *Client) CreateImportedKey(ctx context.Context, name string, expiration *time.Time, ...) (*Key, error)
- func (c *Client) CreateImportedRootKey(ctx context.Context, name string, expiration *time.Time, ...) (*Key, error)
- func (c *Client) CreateImportedStandardKey(ctx context.Context, name string, expiration *time.Time, payload string) (*Key, error)
- func (c *Client) CreateKey(ctx context.Context, name string, expiration *time.Time, extractable bool) (*Key, error)
- func (c *Client) CreateRootKey(ctx context.Context, name string, expiration *time.Time) (*Key, error)
- func (c *Client) CreateStandardKey(ctx context.Context, name string, expiration *time.Time) (*Key, error)
- func (c *Client) DeleteKey(ctx context.Context, id string, prefer PreferReturn, callOpts ...CallOpt) (*Key, error)
- func (c *Client) GetImportTokenTransportKey(ctx context.Context) (*ImportTokenKeyResponse, error)
- func (c *Client) GetInstancePolicies(ctx context.Context) ([]InstancePolicy, error)
- func (c *Client) GetKey(ctx context.Context, id string) (*Key, error)
- func (c *Client) GetKeys(ctx context.Context, limit int, offset int) (*Keys, error)
- func (c *Client) GetPolicy(ctx context.Context, id string) (*Policy, error)
- func (c *Client) Rotate(ctx context.Context, id, payload string) error
- func (c *Client) SetInstancePolicies(ctx context.Context, enable bool, networkType, setType string) error
- func (c *Client) SetPolicy(ctx context.Context, id string, prefer PreferReturn, rotationInterval int) (*Policy, error)
- func (c *Client) Unwrap(ctx context.Context, id string, cipherText []byte, ...) ([]byte, error)
- func (c *Client) UnwrapV2(ctx context.Context, id string, cipherText []byte, ...) ([]byte, []byte, error)
- func (c *Client) Wrap(ctx context.Context, id string, plainText []byte, additionalAuthData *[]string) ([]byte, error)
- func (c *Client) WrapCreateDEK(ctx context.Context, id string, additionalAuthData *[]string) ([]byte, []byte, error)
- type ClientConfig
- type ContextKey
- type Dump
- type Error
- type ForceOpt
- type ImportTokenCreateRequest
- type ImportTokenKeyResponse
- type ImportTokenMetadata
- type InstancePolicies
- type InstancePolicy
- type Key
- type Keys
- type KeysActionRequest
- type KeysMetadata
- type Logger
- type Policies
- type PoliciesMetadata
- type Policy
- type PolicyData
- type PreferReturn
- type Redact
- type URLError
Constants ¶
const ( //DualAuthDelete defines the policy type as dual auth delete DualAuthDelete = "dualAuthDelete" //AllowedNetwork defines the policy type as allowed network AllowedNetwork = "allowedNetwork" )
const ( // DefaultBaseURL ... DefaultBaseURL = "https://us-south.kms.cloud.ibm.com" // DefaultTokenURL .. DefaultTokenURL = iam.IAMTokenURL // VerboseNone ... VerboseNone = 0 // VerboseBodyOnly ... VerboseBodyOnly = 1 // VerboseAll ... VerboseAll = 2 // VerboseFailOnly ... VerboseFailOnly = 3 // VerboseAllNoRedact ... VerboseAllNoRedact = 4 )
Variables ¶
var ( // RetryWaitMax is the maximum time to wait between HTTP retries RetryWaitMax = 30 * time.Second // RetryMax is the max number of attempts to retry for failed HTTP requests RetryMax = 4 )
Functions ¶
func EncryptKey ¶
EncryptKey will encrypt the user key-material with the public key from key protect
func EncryptNonce ¶
EncryptNonce will wrap the KP generated nonce with the users key-material
Types ¶
type Attributes ¶
type Attributes struct {
AllowedNetwork string `json:"allowed_network,omitempty"`
}
Attributes contains the detals of allowed network policy type
type Client ¶
type Client struct { URL *url.URL HttpClient http.Client Dump Dump Config ClientConfig Logger Logger // contains filtered or unexported fields }
Client holds configuration and auth information to interact with KeyProtect. It is expected that one of these is created per KeyProtect service instance/credential pair.
func New ¶
func New(config ClientConfig, transport http.RoundTripper) (*Client, error)
New creates and returns a Client without logging.
func NewWithLogger ¶
func NewWithLogger(config ClientConfig, transport http.RoundTripper, logger Logger) (*Client, error)
NewWithLogger creates and returns a Client with logging. The error value will be non-nil if the config is invalid.
func (*Client) CreateImportToken ¶
func (c *Client) CreateImportToken(ctx context.Context, expiration, maxAllowedRetrievals int) (*ImportTokenMetadata, error)
CreateImportToken creates a key ImportToken.
func (*Client) CreateImportedKey ¶
func (c *Client) CreateImportedKey(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string, extractable bool) (*Key, error)
CreateImportedKey creates a new KP key from the given key material.
func (*Client) CreateImportedRootKey ¶
func (c *Client) CreateImportedRootKey(ctx context.Context, name string, expiration *time.Time, payload, encryptedNonce, iv string) (*Key, error)
CreateImportedRootKey creates a new, non-extractable key resource with the given key material.
func (*Client) CreateImportedStandardKey ¶
func (c *Client) CreateImportedStandardKey(ctx context.Context, name string, expiration *time.Time, payload string) (*Key, error)
CreateStandardKey creates a new, extractable key resource with the given key material.
func (*Client) CreateKey ¶
func (c *Client) CreateKey(ctx context.Context, name string, expiration *time.Time, extractable bool) (*Key, error)
CreateKey creates a new KP key.
func (*Client) CreateRootKey ¶
func (c *Client) CreateRootKey(ctx context.Context, name string, expiration *time.Time) (*Key, error)
CreateRootKey creates a new, non-extractable key resource without key material.
func (*Client) CreateStandardKey ¶
func (c *Client) CreateStandardKey(ctx context.Context, name string, expiration *time.Time) (*Key, error)
CreateStandardKey creates a new, extractable key resource without key material.
func (*Client) DeleteKey ¶
func (c *Client) DeleteKey(ctx context.Context, id string, prefer PreferReturn, callOpts ...CallOpt) (*Key, error)
DeleteKey deletes a key resource by specifying the ID of the key.
func (*Client) GetImportTokenTransportKey ¶
func (c *Client) GetImportTokenTransportKey(ctx context.Context) (*ImportTokenKeyResponse, error)
GetImportTokenTransportKey retrieves the ImportToken transport key.
func (*Client) GetInstancePolicies ¶
func (c *Client) GetInstancePolicies(ctx context.Context) ([]InstancePolicy, error)
GetInstancePolicies retrieves all policies of an Instance.
func (*Client) SetInstancePolicies ¶
func (c *Client) SetInstancePolicies(ctx context.Context, enable bool, networkType, setType string) error
SetInstancePolicies updates a policy resource of an instance to either allowed network or dual auth or both .
func (*Client) SetPolicy ¶
func (c *Client) SetPolicy(ctx context.Context, id string, prefer PreferReturn, rotationInterval int) (*Policy, error)
SetPolicy updates a policy resource by specifying the ID of the key and the rotation interval needed.
func (*Client) Unwrap ¶
func (c *Client) Unwrap(ctx context.Context, id string, cipherText []byte, additionalAuthData *[]string) ([]byte, error)
Unwrap is deprecated since it returns only plaintext and doesn't know how to handle rotation.
func (*Client) UnwrapV2 ¶
func (c *Client) UnwrapV2(ctx context.Context, id string, cipherText []byte, additionalAuthData *[]string) ([]byte, []byte, error)
Unwrap with rotation support.
type ClientConfig ¶
type ClientConfig struct { BaseURL string Authorization string // The IBM Cloud (Bluemix) access token APIKey string // Service ID API key, can be used instead of an access token TokenURL string // The URL used to get an access token from the API key InstanceID string // The IBM Cloud (Bluemix) instance ID that identifies your Key Protect service instance. Verbose int // See verbose values above Timeout float64 // KP request timeout in seconds. }
ClientConfig ...
type Error ¶
type Error struct { URL string // URL of request that resulted in this error StatusCode int // HTTP error code from KeyProtect service Message string // error message from KeyProtect service BodyContent []byte // raw body content if more inspection is needed CorrelationID string // string value of a UUID that uniquely identifies the request to KeyProtect Reasons []reason // collection of reason types containing detailed error messages }
type ImportTokenCreateRequest ¶
type ImportTokenCreateRequest struct { MaxAllowedRetrievals int `json:"maxAllowedRetrievals,omitempty"` ExpiresInSeconds int `json:"expiration,omitempty"` }
ImportTokenCreateRequest represents request parameters for creating a ImportToken.
type ImportTokenKeyResponse ¶
type ImportTokenKeyResponse struct { ID string `json:"id"` CreationDate *time.Time `json:"creationDate"` ExpirationDate *time.Time `json:"expirationDate"` Payload string `json:"payload"` Nonce string `json:"nonce"` }
ImportTokenKeyResponse represents the response body for various ImportToken API calls.
type ImportTokenMetadata ¶
type ImportTokenMetadata struct { ID string `json:"id"` CreationDate *time.Time `json:"creationDate"` ExpirationDate *time.Time `json:"expirationDate"` MaxAllowedRetrievals int `json:"maxAllowedRetrievals"` RemainingRetrievals int `json:"remainingRetrievals"` }
ImportTokenMetadata represents the metadata of a ImportToken.
type InstancePolicies ¶
type InstancePolicies struct { Metadata PoliciesMetadata `json:"metadata"` Policies []InstancePolicy `json:"resources"` }
InstancePolicies represents a collection of Policies associated with Key Protect instances.
type InstancePolicy ¶
type InstancePolicy struct { CreatedBy string `json:"createdBy,omitempty"` CreatedAt *time.Time `json:"creationDate,omitempty"` UpdatedAt *time.Time `json:"lastUpdated,omitempty"` UpdatedBy string `json:"updatedBy,omitempty"` PolicyType string `json:"policy_type,omitempty"` PolicyData PolicyData `json:"policy_data,omitempty" mapstructure:"policyData"` }
InstancePolicy represents a instance-level policy of a key as returned by the KP API. this policy enables dual authorization for deleting a key
type Key ¶
type Key struct { ID string `json:"id,omitempty"` Name string `json:"name,omitempty"` Description string `json:"description,omitempty"` Type string `json:"type,omitempty"` Tags []string `json:"Tags,omitempty"` AlgorithmType string `json:"algorithmType,omitempty"` CreatedBy string `json:"createdBy,omitempty"` CreationDate *time.Time `json:"creationDate,omitempty"` LastUpdateDate *time.Time `json:"lastUpdateDate,omitempty"` LastRotateDate *time.Time `json:"lastRotateDate,omitempty"` Extractable bool `json:"extractable"` Expiration *time.Time `json:"expirationDate,omitempty"` Payload string `json:"payload,omitempty"` State int `json:"state,omitempty"` EncryptionAlgorithm string `json:"encryptionAlgorithm,omitempty"` CRN string `json:"crn,omitempty"` EncryptedNonce string `json:"encryptedNonce,omitempty"` IV string `json:"iv,omitempty"` }
Key represents a key as returned by the KP API.
type Keys ¶
type Keys struct { Metadata KeysMetadata `json:"metadata"` Keys []Key `json:"resources"` }
Keys represents a collection of Keys.
type KeysActionRequest ¶
type KeysActionRequest struct { PlainText string `json:"plaintext,omitempty"` AAD []string `json:"aad,omitempty"` CipherText string `json:"ciphertext,omitempty"` Payload string `json:"payload,omitempty"` }
KeysActionRequest represents request parameters for a key action API call.
type KeysMetadata ¶
type KeysMetadata struct { CollectionType string `json:"collectionType"` NumberOfKeys int `json:"collectionTotal"` }
KeysMetadata represents the metadata of a collection of keys.
type Policies ¶
type Policies struct { Metadata PoliciesMetadata `json:"metadata"` Policies []Policy `json:"resources"` }
Policies represents a collection of Policies.
type PoliciesMetadata ¶
type PoliciesMetadata struct { CollectionType string `json:"collectionType"` NumberOfPolicies int `json:"collectionTotal"` }
PoliciesMetadata represents the metadata of a collection of keys.
type Policy ¶
type Policy struct { Type string `json:"type,omitempty"` CreatedBy string `json:"createdBy,omitempty"` CreatedAt *time.Time `json:"creationDate,omitempty"` CRN string `json:"crn,omitempty"` UpdatedAt *time.Time `json:"lastUpdateDate,omitempty"` UpdatedBy string `json:"updatedBy,omitempty"` Rotation struct { Interval int `json:"interval_month,omitempty"` } `json:"rotation,omitempty"` }
Policy represents a policy as returned by the KP API.
type PolicyData ¶
type PolicyData struct { Enabled *bool `json:"enabled,omitempty"` Attributes Attributes `json:"attributes,omitempty"` }
PolicyData contains the details of the policy type
type PreferReturn ¶
type PreferReturn int
PreferReturn designates the value for the "Prefer" header.
const ( ReturnMinimal PreferReturn = 0 ReturnRepresentation PreferReturn = 1 )