awskms

package

v0.15.9-rc7 Latest Latest Go to latest Published: Feb 18, 2021 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/smallstep/certificates

Documentation ¶

Index ¶

Constants
type KMS
- func New(ctx context.Context, opts apiv1.Options) (*KMS, error)
type KeyManagementClient
type Signer
- func NewSigner(svc KeyManagementClient, signingKey string) (*Signer, error)
- func (s *Signer) Public() crypto.PublicKey
- func (s *Signer) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

Constants ¶

View Source

const Scheme = "awskms"

Scheme is the scheme used in uris.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type KMS ¶

type KMS struct {
	// contains filtered or unexported fields
}

KMS implements a KMS using AWS Key Management Service.

func New ¶

func New(ctx context.Context, opts apiv1.Options) (*KMS, error)

New creates a new AWSKMS. By default, sessions will be created using the credentials in `~/.aws/credentials`, but this can be overridden using the CredentialsFile option, the Region and Profile can also be configured as options.

AWS sessions can also be configured with environment variables, see docs at https://docs.aws.amazon.com/sdk-for-go/api/aws/session/ for all the options.

func (*KMS) Close ¶

func (k *KMS) Close() error

Close closes the connection of the KMS client.

func (*KMS) CreateKey ¶

func (k *KMS) CreateKey(req *apiv1.CreateKeyRequest) (*apiv1.CreateKeyResponse, error)

CreateKey generates a new key in KMS and returns the public key version of it.

func (*KMS) CreateSigner ¶

func (k *KMS) CreateSigner(req *apiv1.CreateSignerRequest) (crypto.Signer, error)

CreateSigner creates a new crypto.Signer with a previously configured key.

func (*KMS) GetPublicKey ¶

func (k *KMS) GetPublicKey(req *apiv1.GetPublicKeyRequest) (crypto.PublicKey, error)

GetPublicKey returns a public key from KMS.

type KeyManagementClient ¶

type KeyManagementClient interface {
	GetPublicKeyWithContext(ctx aws.Context, input *kms.GetPublicKeyInput, opts ...request.Option) (*kms.GetPublicKeyOutput, error)
	CreateKeyWithContext(ctx aws.Context, input *kms.CreateKeyInput, opts ...request.Option) (*kms.CreateKeyOutput, error)
	CreateAliasWithContext(ctx aws.Context, input *kms.CreateAliasInput, opts ...request.Option) (*kms.CreateAliasOutput, error)
	SignWithContext(ctx aws.Context, input *kms.SignInput, opts ...request.Option) (*kms.SignOutput, error)
}

KeyManagementClient defines the methods on KeyManagementClient that this package will use. This interface will be used for unit testing.

type Signer ¶

type Signer struct {
	// contains filtered or unexported fields
}

Signer implements a crypto.Signer using the AWS KMS.

func NewSigner ¶

func NewSigner(svc KeyManagementClient, signingKey string) (*Signer, error)

NewSigner creates a new signer using a key in the AWS KMS.

func (*Signer) Public ¶

func (s *Signer) Public() crypto.PublicKey

Public returns the public key of this signer or an error.

func (*Signer) Sign ¶

func (s *Signer) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

Sign signs digest with the private key stored in the AWS KMS.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL