azurekms

package
v0.21.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 6, 2022 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source 
const Scheme = "azurekms"

Scheme is the scheme used for the Azure Key Vault uris.

Variables

This section is empty.

Functions

func NewSigner 

func NewSigner(client KeyVaultClient, signingKey string, defaults DefaultOptions) (crypto.Signer, error)

NewSigner creates a new signer using a key in the AWS KMS.

Types

type DefaultOptions 

type DefaultOptions struct {
	Vault           string
	ProtectionLevel apiv1.ProtectionLevel
}

DefaultOptions are custom options that can be passed as defaults using the URI in apiv1.Options.

type KeyVault 

type KeyVault struct {
	// contains filtered or unexported fields
}

KeyVault implements a KMS using Azure Key Vault.

The URI format used in Azure Key Vault is the following:

  • azurekms:name=key-name;vault=vault-name
  • azurekms:name=key-name;vault=vault-name?version=key-version
  • azurekms:name=key-name;vault=vault-name?hsm=true

The scheme is "azurekms"; "name" is the key name; "vault" is the key vault name where the key is located; "version" is an optional parameter that defines the version of they key, if version is not given, the latest one will be used; "hsm" defines if an HSM want to be used for this key, this is specially useful when this is used from `step`.

TODO(mariano): The implementation is using /services/keyvault/v7.1/keyvault package, at some point Azure might create a keyvault client with all the functionality in /sdk/keyvault, we should migrate to that once available.

func New 

func New(ctx context.Context, opts apiv1.Options) (*KeyVault, error)

New initializes a new KMS implemented using Azure Key Vault.

func (*KeyVault) Close 

func (k *KeyVault) Close() error

Close closes the client connection to the Azure Key Vault. This is a noop.

func (*KeyVault) CreateKey 

func (k *KeyVault) CreateKey(req *apiv1.CreateKeyRequest) (*apiv1.CreateKeyResponse, error)

CreateKey creates a asymmetric key in Azure Key Vault.

func (*KeyVault) CreateSigner 

func (k *KeyVault) CreateSigner(req *apiv1.CreateSignerRequest) (crypto.Signer, error)

CreateSigner returns a crypto.Signer from a previously created asymmetric key.

func (*KeyVault) GetPublicKey 

func (k *KeyVault) GetPublicKey(req *apiv1.GetPublicKeyRequest) (crypto.PublicKey, error)

GetPublicKey loads a public key from Azure Key Vault by its resource name.

func (*KeyVault) ValidateName 

func (k *KeyVault) ValidateName(s string) error

ValidateName validates that the given string is a valid URI.

type KeyVaultClient 

type KeyVaultClient interface {
	GetKey(ctx context.Context, vaultBaseURL string, keyName string, keyVersion string) (keyvault.KeyBundle, error)
	CreateKey(ctx context.Context, vaultBaseURL string, keyName string, parameters keyvault.KeyCreateParameters) (keyvault.KeyBundle, error)
	Sign(ctx context.Context, vaultBaseURL string, keyName string, keyVersion string, parameters keyvault.KeySignParameters) (keyvault.KeyOperationResult, error)
}

KeyVaultClient is the interface implemented by keyvault.BaseClient. It will be used for testing purposes.

type Signer 

type Signer struct {
	// contains filtered or unexported fields
}

Signer implements a crypto.Signer using the AWS KMS.

func (*Signer) Public 

func (s *Signer) Public() crypto.PublicKey

Public returns the public key of this signer or an error.

func (*Signer) Sign 

func (s *Signer) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

Sign signs digest with the private key stored in the AWS KMS.

Source Files

View all Source files

Directories

Path Synopsis
internal
mock
Package mock is a generated GoMock package.
 Package mock is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.