Documentation ¶
Index ¶
- Constants
- func Backend(conf *logical.BackendConfig) *backend
- func Factory(conf *logical.BackendConfig) (logical.Backend, error)
- type ArchivedKeys
- type KeyEntry
- type KeyEntryMap
- type Policy
- func (p *Policy) Decrypt(context, nonce []byte, value string) (string, error)
- func (p *Policy) DeriveKey(context []byte, ver int) ([]byte, error)
- func (p *Policy) Encrypt(context, nonce []byte, value string) (string, error)
- func (p *Policy) Persist(storage logical.Storage) error
- func (p *Policy) Serialize() ([]byte, error)
Constants ¶
View Source
const (
ErrTooOld = "ciphertext version is disallowed by policy (too old)"
)
Variables ¶
This section is empty.
Functions ¶
func Backend ¶
func Backend(conf *logical.BackendConfig) *backend
Types ¶
type ArchivedKeys ¶ added in v0.5.0
type ArchivedKeys struct {
Keys []KeyEntry `json:"keys"`
}
ArchivedKeys stores old keys. This is used to keep the key loading time sane when there are huge numbers of rotations.
type KeyEntryMap ¶ added in v0.3.0
KeyEntryMap is used to allow JSON marshal/unmarshal
func (KeyEntryMap) MarshalJSON ¶ added in v0.3.0
func (kem KeyEntryMap) MarshalJSON() ([]byte, error)
MarshalJSON implements JSON marshaling
func (KeyEntryMap) UnmarshalJSON ¶ added in v0.3.0
func (kem KeyEntryMap) UnmarshalJSON(data []byte) error
MarshalJSON implements JSON unmarshaling
type Policy ¶
type Policy struct { Name string `json:"name"` Key []byte `json:"key,omitempty"` //DEPRECATED Keys KeyEntryMap `json:"keys"` CipherMode string `json:"cipher"` // Derived keys MUST provide a context and the master underlying key is // never used. If convergent encryption is true, the context will be used // as the nonce as well. Derived bool `json:"derived"` KDFMode string `json:"kdf_mode"` ConvergentEncryption bool `json:"convergent_encryption"` // The minimum version of the key allowed to be used // for decryption MinDecryptionVersion int `json:"min_decryption_version"` // The latest key version in this policy LatestVersion int `json:"latest_version"` // The latest key version in the archive. We never delete these, so this is // a max. ArchiveVersion int `json:"archive_version"` // Whether the key is allowed to be deleted DeletionAllowed bool `json:"deletion_allowed"` }
Policy is the struct used to store metadata
func (*Policy) DeriveKey ¶ added in v0.2.0
DeriveKey is used to derive the encryption key that should be used depending on the policy. If derivation is disabled the raw key is used and no context is required, otherwise the KDF mode is used with the context to derive the proper key.
Click to show internal directories.
Click to hide internal directories.