keymanager

package

v1.0.3 Latest Latest Go to latest Published: Jan 7, 2022 License: Apache-2.0 Imports: 16 Imported by: 8

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/spiffe/spire

Links

Open Source Insights

Documentation ¶

Index ¶

type Key
type KeyManager
type KeyType
- func (keyType KeyType) GenerateSigner() (crypto.Signer, error)
- func (keyType KeyType) String() string
type MultiKeyManager
type Repository
type SVIDKeyManager
- func ForSVID(km KeyManager) SVIDKeyManager
type SingleKeyManager
type V0
type V1

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Key ¶ added in v1.0.0

type Key interface {
	crypto.Signer

	// ID returns the ID of the key in the KeyManager.
	ID() string
}

Key is a KeyManager-backed key

type KeyManager ¶

type KeyManager interface {
	catalog.PluginInfo

	// Single returns the single key manager provided by the plugin or false
	// if not supported. A plugin will support either the single or the multi
	// key manager.
	Single() (SingleKeyManager, bool)

	// Multi returns the multi key manager provided by the plugin or false
	// if not supported. A plugin will support either the single or the multi
	// key manager.
	Multi() (MultiKeyManager, bool)
}

KeyManager provides either a single or multi-key key manager

type KeyType ¶ added in v1.0.0

type KeyType int

KeyType represents the types of keys that are supported by the KeyManager.

const (
	KeyTypeUnset KeyType = iota
	ECP256
	ECP384
	RSA2048
	RSA4096
)

func (KeyType) GenerateSigner ¶ added in v1.0.0

func (keyType KeyType) GenerateSigner() (crypto.Signer, error)

GenerateSigner generates a new key for the given key type

func (KeyType) String ¶ added in v1.0.0

func (keyType KeyType) String() string

String returns the string representation of the key type

type MultiKeyManager ¶ added in v1.0.0

type MultiKeyManager interface {
	catalog.PluginInfo

	// GenerateKey generates a key with the given ID and key type. If a key
	// with that ID already exists, it is overwritten.
	GenerateKey(ctx context.Context, id string, keyType KeyType) (Key, error)

	// GetKey returns the key with the given ID. If a key with that ID does
	// not exist, a status of codes.NotFound is returned.
	GetKey(ctx context.Context, id string) (Key, error)

	// GetKeys returns all keys managed by the KeyManager.
	GetKeys(ctx context.Context) ([]Key, error)
}

MultiKeyManager manages multiple keys for the agent

type Repository ¶ added in v1.0.0

type Repository struct {
	KeyManager KeyManager
}

func (*Repository) Clear ¶ added in v1.0.0

func (repo *Repository) Clear()

func (*Repository) GetKeyManager ¶ added in v1.0.0

func (repo *Repository) GetKeyManager() KeyManager

func (*Repository) SetKeyManager ¶ added in v1.0.0

func (repo *Repository) SetKeyManager(keyManager KeyManager)

type SVIDKeyManager ¶ added in v1.0.0

type SVIDKeyManager interface {
	GenerateKey(ctx context.Context, currentKey Key) (Key, error)
	GetKeys(ctx context.Context) ([]Key, error)
	SetKey(ctx context.Context, key Key) error
}

SVIDKeyManager is a wrapper around the key manager specifically used for managing the agent SVID. This is more or less a short term shim until we can remove support for the v0 plugins and no longer have to adapt SVID storage to both the "single" and "multi" key manager.

func ForSVID ¶ added in v1.0.0

func ForSVID(km KeyManager) SVIDKeyManager

type SingleKeyManager ¶ added in v1.0.0

type SingleKeyManager interface {
	catalog.PluginInfo

	// GenerateKey generates a temporary key. It will not be the key returned
	// by GetKey until after SetKey has been called.
	GenerateKey(ctx context.Context) (crypto.Signer, error)

	// GetKey returns a Key previously set with SetKey.
	GetKey(ctx context.Context) (crypto.Signer, error)

	// SetKey sets the key that is returned by GetKey.
	SetKey(ctx context.Context, key crypto.Signer) error
}

SingleKeyManager provides a signing key for the agent

type V0 ¶ added in v1.0.0

type V0 struct {
	plugin.Facade
	keymanagerv0.KeyManagerPluginClient
}

func (*V0) GenerateKey ¶ added in v1.0.0

func (v0 *V0) GenerateKey(ctx context.Context) (crypto.Signer, error)

func (*V0) GetKey ¶ added in v1.0.0

func (v0 *V0) GetKey(ctx context.Context) (crypto.Signer, error)

func (*V0) Multi ¶ added in v1.0.0

func (v0 *V0) Multi() (MultiKeyManager, bool)

func (*V0) SetKey ¶ added in v1.0.0

func (v0 *V0) SetKey(ctx context.Context, key crypto.Signer) error

func (*V0) Single ¶ added in v1.0.0

func (v0 *V0) Single() (SingleKeyManager, bool)

type V1 ¶ added in v1.0.0

type V1 struct {
	plugin.Facade

	keymanagerv1.KeyManagerPluginClient
}

func (V1) GenerateKey ¶ added in v1.0.0

func (v1 V1) GenerateKey(ctx context.Context, id string, keyType KeyType) (Key, error)

func (V1) GetKey ¶ added in v1.0.0

func (v1 V1) GetKey(ctx context.Context, id string) (Key, error)

func (V1) GetKeys ¶ added in v1.0.0

func (v1 V1) GetKeys(ctx context.Context) ([]Key, error)

func (*V1) Multi ¶ added in v1.0.0

func (v1 *V1) Multi() (MultiKeyManager, bool)

func (*V1) Single ¶ added in v1.0.0

func (v1 *V1) Single() (SingleKeyManager, bool)

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
base
disk
memory
test

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL