kmsauth

package

v0.0.0-...-dba7f08 Latest Latest Go to latest Published: Oct 9, 2019 License: MIT Imports: 8 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

README ¶

KMS Authentication

Confidant supports authentication via KMS. This library generates and can validate authentication tokens, based on https://github.com/lyft/python-kmsauth

The tokens are generated in v2 format, which looks like:

username: "2/user/terraform-provider-confidant"
encryption context: {"to":"confidant-production","from":"terraform-provider-confidant","user_type":"user"}

Usage

Generating username and token

Decrypting tokens requires the username and the token, so when passing this to a service, you should pass both along.

package main

import "github.com/stripe/go-confidant-client/kmsauth"

func main() {
  // KMS key to use for authentication
  key := "alias/authnz-production"
  // The service being authenticated
  to := "confidant-production"
  // The user for whom the token is being generated
  from := "terraform-provider-confidant"
  userType := "user"
  region := "us-east-1"
  generator := kmsauth.NewTokenGenerator(key, to, from, userType, region)
  username := generator.GetUsername()
  token := generator.GetToken()
}

Documentation ¶

Overview ¶

Example ¶

package main

import (
	"fmt"

	"github.com/stripe/go-confidant-client/kmsauth"
)

func main() {
	// KMS key to use for authentication
	key := "key"
	// The service being authenticated
	to := "confidant"
	// The user for whom the token is being generated
	from := "username"
	userType := "user"
	region := "us-east-1"
	generator := kmsauth.NewTokenGenerator(key, to, from, userType, region)
	username := generator.GetUsername()
	token, err := generator.GetToken()
	if err != nil {
		fmt.Println(err)
	}
	fmt.Println(username, token)
}

Output:

Index ¶

type Payload
type TokenGenerator
- func NewTokenGenerator(keyID, to string, from string, userType string, region string) TokenGenerator

Examples ¶

Package

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Payload ¶

type Payload struct {
	NotBefore string `json:"not_before"`
	NotAfter  string `json:"not_after"`
}

type TokenGenerator ¶

type TokenGenerator struct {
	KeyID     string
	Context   map[string]*string
	KMSClient kmsiface.KMSAPI
}

func NewTokenGenerator ¶

func NewTokenGenerator(keyID, to string, from string, userType string, region string) TokenGenerator

func (*TokenGenerator) Encrypt ¶

func (g *TokenGenerator) Encrypt(plaintext []byte) ([]byte, error)

func (*TokenGenerator) GetToken ¶

func (g *TokenGenerator) GetToken() (string, error)

func (*TokenGenerator) GetUsername ¶

func (g *TokenGenerator) GetUsername() string

Source Files ¶

View all Source files

kmsauth.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL