Documentation ¶
Overview ¶
Copyright (c) 2015-2021 the Vault contributors this file was originally hashicorp/vault : vault/keyring.go
Index ¶
- Constants
- type EncodedKeyring
- type Key
- type Keyring
- func (k *Keyring) ActiveKey() *Key
- func (k *Keyring) ActiveTerm() uint32
- func (k *Keyring) AddEncryptionEstimate(term uint32, delta uint64)
- func (k *Keyring) AddKey(key *Key) (*Keyring, error)
- func (k *Keyring) Clone() *Keyring
- func (k *Keyring) MasterKey() []byte
- func (k *Keyring) RemoveKey(term uint32) (*Keyring, error)
- func (k *Keyring) Serialize() ([]byte, error)
- func (k *Keyring) SetMasterKey(val []byte) *Keyring
- func (k *Keyring) TermKey(term uint32) *Key
Constants ¶
const ( AESGCMVersion1 = 0x1 AESGCMVersion2 = 0x2 )
from vault/barrier_aes_gcm.go
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type EncodedKeyring ¶
EncodedKeyring is used for serialization of the keyring
type Key ¶
type Key struct { Term uint32 Version int Value []byte InstallTime time.Time Encryptions uint64 ReportedEncryptions uint64 `json:",omitempty"` }
Key represents a single term, along with the key used.
func DeserializeKey ¶
DeserializeKey is used to deserialize and return a new key
type Keyring ¶
type Keyring struct {
// contains filtered or unexported fields
}
Keyring is used to manage multiple encryption keys used by the barrier. New keys can be installed and each has a sequential term. The term used to encrypt a key is prefixed to the key written out. All data is encrypted with the latest key, but storing the old keys allows for decryption of keys written previously. Along with the encryption keys, the keyring also tracks the master key. This is necessary so that when a new key is added to the keyring, we can encrypt with the master key and write out the new keyring.
func DeserializeKeyring ¶
DeserializeKeyring is used to deserialize and return a new keyring
func (*Keyring) ActiveTerm ¶
ActiveTerm returns the currently active term
func (*Keyring) AddEncryptionEstimate ¶
func (*Keyring) SetMasterKey ¶
SetMasterKey is used to update the master key