kmsauth

package

v0.0.0-...-dba7f08 Latest Latest Go to latest Published: Oct 9, 2019 License: MIT Imports: 8 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/stripe/go-confidant-client

Links

Open Source Insights

README ¶

KMS Authentication

Confidant supports authentication via KMS. This library generates and can validate authentication tokens, based on https://github.com/lyft/python-kmsauth

The tokens are generated in v2 format, which looks like:

username: "2/user/terraform-provider-confidant"
encryption context: {"to":"confidant-production","from":"terraform-provider-confidant","user_type":"user"}

Usage

Generating username and token

Decrypting tokens requires the username and the token, so when passing this to a service, you should pass both along.

package main

import "github.com/stripe/go-confidant-client/kmsauth"

func main() {
  // KMS key to use for authentication
  key := "alias/authnz-production"
  // The service being authenticated
  to := "confidant-production"
  // The user for whom the token is being generated
  from := "terraform-provider-confidant"
  userType := "user"
  region := "us-east-1"
  generator := kmsauth.NewTokenGenerator(key, to, from, userType, region)
  username := generator.GetUsername()
  token := generator.GetToken()
}

Documentation ¶

Overview ¶

Example ¶

package main

import (
	"fmt"

	"github.com/stripe/go-confidant-client/kmsauth"
)

func main() {
	// KMS key to use for authentication
	key := "key"
	// The service being authenticated
	to := "confidant"
	// The user for whom the token is being generated
	from := "username"
	userType := "user"
	region := "us-east-1"
	generator := kmsauth.NewTokenGenerator(key, to, from, userType, region)
	username := generator.GetUsername()
	token, err := generator.GetToken()
	if err != nil {
		fmt.Println(err)
	}
	fmt.Println(username, token)
}

Output:

Index ¶

type Payload
type TokenGenerator
- func NewTokenGenerator(keyID, to string, from string, userType string, region string) TokenGenerator

Examples ¶

Package

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Payload ¶

type Payload struct {
	NotBefore string `json:"not_before"`
	NotAfter  string `json:"not_after"`
}

type TokenGenerator ¶

type TokenGenerator struct {
	KeyID     string
	Context   map[string]*string
	KMSClient kmsiface.KMSAPI
}

func NewTokenGenerator ¶

func NewTokenGenerator(keyID, to string, from string, userType string, region string) TokenGenerator

func (*TokenGenerator) Encrypt ¶

func (g *TokenGenerator) Encrypt(plaintext []byte) ([]byte, error)

func (*TokenGenerator) GetToken ¶

func (g *TokenGenerator) GetToken() (string, error)

func (*TokenGenerator) GetUsername ¶

func (g *TokenGenerator) GetUsername() string

Source Files ¶

View all Source files

kmsauth.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL