csfle

package

v6.0.2 Latest Latest Go to latest Published: May 29, 2024 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/sabariramc/goserverbase

Links

Open Source Insights

Documentation ¶

Overview ¶

Package csfle implements boilerplate code for creating a MongoDB client with Client-Side Field Level Encryption (CSFLE) capabilities.

Index ¶

func CreateDataKey(ctx context.Context, m *m.Mongo, keyVaultNamespace, keyAltName string, ...) (*primitive.Binary, error)
func GetDataKey(ctx context.Context, m *m.Mongo, keyVaultNamespace, keyAltName string, ...) (res *primitive.Binary, err error)
func New(logger log.Log, t m.Tracer, c Config, opts ...*options.ClientOptions) (*m.Mongo, error)
func SetEncryptionKey(ctx context.Context, logger log.Log, encryptionSchema *string, ...) (schema map[string]interface{}, err error)
type AWSDataKeyOpts
type AWSKMSProvider
type Config
type MasterKeyProvider
- func GetAWSMasterKeyProvider(ctx context.Context, logger log.Log, kmsARN string) (MasterKeyProvider, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CreateDataKey ¶

func CreateDataKey(ctx context.Context, m *m.Mongo, keyVaultNamespace, keyAltName string, provider MasterKeyProvider) (*primitive.Binary, error)

CreateDataKey creates a new data encryption key in the key vault specified by keyVaultNamespace, using the provided MasterKeyProvider for the master key.

func GetDataKey ¶

func GetDataKey(ctx context.Context, m *m.Mongo, keyVaultNamespace, keyAltName string, provider MasterKeyProvider) (res *primitive.Binary, err error)

GetDataKey retrieves the data encryption key from the key vault specified by keyVaultNamespace. If the data key does not exist, it creates a new one using the provided MasterKeyProvider.

func New ¶

func New(logger log.Log, t m.Tracer, c Config, opts ...*options.ClientOptions) (*m.Mongo, error)

New creates a new MongoDB client with CSFLE enabled using the provided configuration and client options.

func SetEncryptionKey ¶

func SetEncryptionKey(ctx context.Context, logger log.Log, encryptionSchema *string, client *mongo.Mongo, keyVaultNamespace string, kmsProvider MasterKeyProvider) (schema map[string]interface{}, err error)

SetEncryptionKey updates the given encryption schema with data keys for each field that requires encryption. It retrieves or generates the necessary keys and replaces the `keyAltName` fields in the schema with `keyId` fields containing the corresponding key IDs.

Types ¶

type AWSDataKeyOpts ¶

type AWSDataKeyOpts struct {
	Region   string `bson:"region"`             // AWS region where the KMS key is located.
	KeyARN   string `bson:"key"`                // Amazon Resource Name (ARN) of the KMS key.
	Endpoint string `bson:"endpoint,omitempty"` // Optional custom endpoint for the KMS service.
}

AWSDataKeyOpts holds the AWS-specific options for data key creation.

type AWSKMSProvider ¶

type AWSKMSProvider struct {
	// contains filtered or unexported fields
}

AWSKMSProvider implements MasterKeyProvider for AWS KMS.

func GetAWSProvider ¶

func GetAWSProvider(ctx context.Context, logger log.Log, awsConfig *aws.Config, kmsARN string) (provider *AWSKMSProvider, err error)

GetAWSProvider creates an AWSKMSProvider with the provided AWS configuration.

func GetDefaultAWSProvider ¶

func GetDefaultAWSProvider(ctx context.Context, logger log.Log, kmsARN string) (*AWSKMSProvider, error)

GetDefaultAWSProvider creates an AWSKMSProvider with default AWS configuration.

func NewAWSProvider ¶

func NewAWSProvider(credentials map[string]interface{}, opts AWSDataKeyOpts) *AWSKMSProvider

NewAWSProvider initializes a new AWSKMSProvider with the given credentials and options.

func (*AWSKMSProvider) Credentials ¶

func (a *AWSKMSProvider) Credentials() map[string]map[string]interface{}

Credentials returns the AWS credentials needed for KMS operations.

func (*AWSKMSProvider) DataKeyOpts ¶

func (a *AWSKMSProvider) DataKeyOpts() interface{}

DataKeyOpts returns the options needed to create a data key using AWS KMS.

func (*AWSKMSProvider) Name ¶

func (a *AWSKMSProvider) Name() string

Name returns the name of the AWS KMS provider.

type Config ¶

type Config struct {
	CryptSharedLibPath string                            // Path to the shared library for encryption.
	KeyVaultNamespace  string                            // Namespace for the key vault in MongoDB.
	SchemaMap          map[string]interface{}            // Schema map for defining encryption rules.
	KMSCredentials     map[string]map[string]interface{} // Credentials for Key Management Services (KMS).
}

Config holds the configuration settings for Client-Side Field Level Encryption (CSFLE).

type MasterKeyProvider ¶

type MasterKeyProvider interface {
	Name() string
	Credentials() map[string]map[string]interface{}
	DataKeyOpts() interface{}
}

MasterKeyProvider defines the interface for providers of master encryption keys.

func GetAWSMasterKeyProvider ¶

func GetAWSMasterKeyProvider(ctx context.Context, logger log.Log, kmsARN string) (MasterKeyProvider, error)

GetAWSMasterKeyProvider is a convenience function to get an AWS KMS provider with default settings.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
sample
test
http
http/ddtrace
http/otel

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL