Documentation ¶
Overview ¶
Package aws provides Keyless Authentication for services running on AWS.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrNoAWSCredentials = awsErr.Code("no_aws_credentials").Error("could not find any AWS credentials. See https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html for how to configure your credentials") ErrInvalidAWSCredential = awsErr.Code("invalid_credential").Error("credentials were not accepted by AWS") ErrAWSRequestError = awsErr.Code("request_error").Error("could not send AWS request") ErrAWSNotFound = awsErr.Code("not_found") ErrAWSAccessDenied = awsErr.Code("access_denied") )
Errors
Functions ¶
func GetEncryptRequest ¶
GetEncryptRequest returns the raw bytes of a signed AWS KMS EncryptRequest.
func HandleError ¶
Types ¶
type CredentialCreator ¶
type CredentialCreator struct {
// contains filtered or unexported fields
}
CredentialCreator is an implementation of the secrethub.Verifier and secrethub.Encrypter interface that can be used to create an AWS service account.
func NewCredentialCreator ¶
func NewCredentialCreator(keyID, role string, cfgs ...*aws.Config) (*CredentialCreator, map[string]string, error)
NewCredentialCreator returns a CredentialCreator that uses the provided AWS KMS key and IAM role to create a new credential. The AWS credential is configured with the optionally provided aws.Config.
func (CredentialCreator) AddProof ¶
func (c CredentialCreator) AddProof(req *api.CreateCredentialRequest) error
AddProof adds proof of access to the AWS account to the CreateCredentialRequest.
func (CredentialCreator) Export ¶
func (c CredentialCreator) Export() ([]byte, string, error)
Verifier returns the verifier of an AWS service.
func (CredentialCreator) Type ¶
func (c CredentialCreator) Type() api.CredentialType
Type returns the credential type of an AWS service.
func (CredentialCreator) Wrap ¶
func (c CredentialCreator) Wrap(plaintext []byte) (*api.EncryptedData, error)
Wrap the provided plaintext with using AWS KMS.
type KMSDecrypter ¶
type KMSDecrypter struct {
// contains filtered or unexported fields
}
KMSDecrypter is an implementation of the secrethub.Decrypter interface that uses AWS KMS for decryption.
func NewKMSDecrypter ¶
func NewKMSDecrypter(cfgs ...*aws.Config) (*KMSDecrypter, error)
NewKMSDecrypter returns a new KMSDecrypter that uses the provided configuration to configure the AWS session.
func (KMSDecrypter) Unwrap ¶
func (d KMSDecrypter) Unwrap(ciphertext *api.EncryptedData) ([]byte, error)
Unwrap the provided ciphertext using AWS KMS.