csfle

package
v6.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 10, 2024 License: MIT Imports: 13 Imported by: 0

Documentation

Overview

Package csfle implements boilerplate code for creating a MongoDB client with Client-Side Field Level Encryption (CSFLE) capabilities.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CreateDataKey

func CreateDataKey(ctx context.Context, m *m.Mongo, keyVaultNamespace, keyAltName string, provider MasterKeyProvider) (*primitive.Binary, error)

CreateDataKey creates a new data encryption key in the key vault specified by keyVaultNamespace, using the provided MasterKeyProvider for the master key.

func GetDataKey

func GetDataKey(ctx context.Context, m *m.Mongo, keyVaultNamespace, keyAltName string, provider MasterKeyProvider) (res *primitive.Binary, err error)

GetDataKey retrieves the data encryption key from the key vault specified by keyVaultNamespace. If the data key does not exist, it creates a new one using the provided MasterKeyProvider.

func New

func New(logger log.Log, t m.Tracer, c Config, opts ...*options.ClientOptions) (*m.Mongo, error)

New creates a new MongoDB client with CSFLE enabled using the provided configuration and client options.

func SetEncryptionKey

func SetEncryptionKey(ctx context.Context, logger log.Log, encryptionSchema *string, client *mongo.Mongo, keyVaultNamespace string, kmsProvider MasterKeyProvider) (schema map[string]interface{}, err error)

SetEncryptionKey updates the given encryption schema with data keys for each field that requires encryption. It retrieves or generates the necessary keys and replaces the `keyAltName` fields in the schema with `keyId` fields containing the corresponding key IDs.

Types

type AWSDataKeyOpts

type AWSDataKeyOpts struct {
	Region   string `bson:"region"`             // AWS region where the KMS key is located.
	KeyARN   string `bson:"key"`                // Amazon Resource Name (ARN) of the KMS key.
	Endpoint string `bson:"endpoint,omitempty"` // Optional custom endpoint for the KMS service.
}

AWSDataKeyOpts holds the AWS-specific options for data key creation.

type AWSKMSProvider

type AWSKMSProvider struct {
	// contains filtered or unexported fields
}

AWSKMSProvider implements MasterKeyProvider for AWS KMS.

func GetAWSProvider

func GetAWSProvider(ctx context.Context, logger log.Log, awsConfig *aws.Config, kmsARN string) (provider *AWSKMSProvider, err error)

GetAWSProvider creates an AWSKMSProvider with the provided AWS configuration.

func GetDefaultAWSProvider

func GetDefaultAWSProvider(ctx context.Context, logger log.Log, kmsARN string) (*AWSKMSProvider, error)

GetDefaultAWSProvider creates an AWSKMSProvider with default AWS configuration.

func NewAWSProvider

func NewAWSProvider(credentials map[string]interface{}, opts AWSDataKeyOpts) *AWSKMSProvider

NewAWSProvider initializes a new AWSKMSProvider with the given credentials and options.

func (*AWSKMSProvider) Credentials

func (a *AWSKMSProvider) Credentials() map[string]map[string]interface{}

Credentials returns the AWS credentials needed for KMS operations.

func (*AWSKMSProvider) DataKeyOpts

func (a *AWSKMSProvider) DataKeyOpts() interface{}

DataKeyOpts returns the options needed to create a data key using AWS KMS.

func (*AWSKMSProvider) Name

func (a *AWSKMSProvider) Name() string

Name returns the name of the AWS KMS provider.

type Config

type Config struct {
	CryptSharedLibPath string                            // Path to the shared library for encryption.
	KeyVaultNamespace  string                            // Namespace for the key vault in MongoDB.
	SchemaMap          map[string]interface{}            // Schema map for defining encryption rules.
	KMSCredentials     map[string]map[string]interface{} // Credentials for Key Management Services (KMS).
}

Config holds the configuration settings for Client-Side Field Level Encryption (CSFLE).

type MasterKeyProvider

type MasterKeyProvider interface {
	Name() string
	Credentials() map[string]map[string]interface{}
	DataKeyOpts() interface{}
}

MasterKeyProvider defines the interface for providers of master encryption keys.

func GetAWSMasterKeyProvider

func GetAWSMasterKeyProvider(ctx context.Context, logger log.Log, kmsARN string) (MasterKeyProvider, error)

GetAWSMasterKeyProvider is a convenience function to get an AWS KMS provider with default settings.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL