azurekms

package
v0.17.7-rc1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 16, 2021 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source
const Scheme = "azurekms"

Scheme is the scheme used for the Azure Key Vault uris.

Variables

This section is empty.

Functions

func NewSigner

func NewSigner(client KeyVaultClient, signingKey string, defaults DefaultOptions) (crypto.Signer, error)

NewSigner creates a new signer using a key in the AWS KMS.

Types

type DefaultOptions

type DefaultOptions struct {
	Vault           string
	ProtectionLevel apiv1.ProtectionLevel
}

DefaultOptions are custom options that can be passed as defaults using the URI in apiv1.Options.

type KeyVault

type KeyVault struct {
	// contains filtered or unexported fields
}

KeyVault implements a KMS using Azure Key Vault.

The URI format used in Azure Key Vault is the following:

  • azurekms:name=key-name;vault=vault-name
  • azurekms:name=key-name;vault=vault-name?version=key-version
  • azurekms:name=key-name;vault=vault-name?hsm=true

The scheme is "azurekms"; "name" is the key name; "vault" is the key vault name where the key is located; "version" is an optional parameter that defines the version of they key, if version is not given, the latest one will be used; "hsm" defines if an HSM want to be used for this key, this is specially useful when this is used from `step`.

TODO(mariano): The implementation is using /services/keyvault/v7.1/keyvault package, at some point Azure might create a keyvault client with all the functionality in /sdk/keyvault, we should migrate to that once available.

func New

func New(ctx context.Context, opts apiv1.Options) (*KeyVault, error)

New initializes a new KMS implemented using Azure Key Vault.

func (*KeyVault) Close

func (k *KeyVault) Close() error

Close closes the client connection to the Azure Key Vault. This is a noop.

func (*KeyVault) CreateKey

CreateKey creates a asymmetric key in Azure Key Vault.

func (*KeyVault) CreateSigner

func (k *KeyVault) CreateSigner(req *apiv1.CreateSignerRequest) (crypto.Signer, error)

CreateSigner returns a crypto.Signer from a previously created asymmetric key.

func (*KeyVault) GetPublicKey

func (k *KeyVault) GetPublicKey(req *apiv1.GetPublicKeyRequest) (crypto.PublicKey, error)

GetPublicKey loads a public key from Azure Key Vault by its resource name.

func (*KeyVault) ValidateName

func (k *KeyVault) ValidateName(s string) error

ValidateName validates that the given string is a valid URI.

type KeyVaultClient

type KeyVaultClient interface {
	GetKey(ctx context.Context, vaultBaseURL string, keyName string, keyVersion string) (keyvault.KeyBundle, error)
	CreateKey(ctx context.Context, vaultBaseURL string, keyName string, parameters keyvault.KeyCreateParameters) (keyvault.KeyBundle, error)
	Sign(ctx context.Context, vaultBaseURL string, keyName string, keyVersion string, parameters keyvault.KeySignParameters) (keyvault.KeyOperationResult, error)
}

KeyVaultClient is the interface implemented by keyvault.BaseClient. It will be used for testing purposes.

type Signer

type Signer struct {
	// contains filtered or unexported fields
}

Signer implements a crypto.Signer using the AWS KMS.

func (*Signer) Public

func (s *Signer) Public() crypto.PublicKey

Public returns the public key of this signer or an error.

func (*Signer) Sign

func (s *Signer) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

Sign signs digest with the private key stored in the AWS KMS.

Directories

Path Synopsis
internal
mock
Package mock is a generated GoMock package.
Package mock is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL