Documentation ¶
Index ¶
- type Config
- type DB
- func (db *DB) RotateKeys(ctx context.Context) error
- func (db *DB) Shutdown(ctx context.Context) error
- func (db *DB) Sign(p []byte) ([]byte, error)
- func (db *DB) SignJWT(c jwt.Claims) (string, error)
- func (db *DB) Verify(p []byte, signature []byte) (valid, oldKey bool)
- func (db *DB) VerifyJWT(s string, c jwt.Claims, iss, aud string) (bool, error)
- type Keyring
- type Keys
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { // Name is the unique identifier of this keyring. Name string // RotationDays is the number of days between automatic rotations. If zero, automatic rotation is disabled. RotationDays int // MaxOldKeys determines how many old keys (1-254) are kept for validation. This value, multiplied by RotationDays // determines the minimum amount of time a signature remains valid. MaxOldKeys int // Keys specifies a set of keys to use for encrypting and decrypting the private key. Keys Keys }
Config allows specifying operational parameters of a keyring.
type DB ¶
type DB struct {
// contains filtered or unexported fields
}
DB implements a Keyring using postgres as the datastore.
func (*DB) RotateKeys ¶
RotateKeys will force a key rotation.
func (*DB) Shutdown ¶
Shutdown allows gracefully shutting down the keyring (e.g. auto rotations) after finishing any in-progress rotations.
type Keyring ¶
type Keyring interface { RotateKeys(ctx context.Context) error Sign(p []byte) ([]byte, error) Verify(p []byte, signature []byte) (valid, oldKey bool) SignJWT(jwt.Claims) (string, error) VerifyJWT(token string, c jwt.Claims, iss, aud string) (bool, error) Shutdown(context.Context) error }
A Keyring allows signing and verifying messages.
Click to show internal directories.
Click to hide internal directories.