kms

package
v0.37.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 8, 2019 License: Apache-2.0 Imports: 11 Imported by: 0

README

Google Cloud Key Management Service

This service is google.golang.org/api/cloudkms/v1/Service proxy

To check all supported method run

     endly -s='gcp/kms'

To check method contract run endly -s='gcp/kms' -a=methodName

    endly -s='gcp/kms:keyRingsList'

References:

Usage:
Inline data symetric encryption/decryption
endy -r=inline

@inline.yaml

pipeline:
  secure:
    deployKey:
      action: gcp/kms:deployKey
      credentials: gcp-e2e
      ring: my_ring
      key: my_key
      purpose: ENCRYPT_DECRYPT

    keyInfo:
      action: print
      message: 'Deployed Key: $deployKey.Name'

    encrypt:
      action: gcp/kms:encrypt
      ring: my_ring
      key: my_key
      plainData: this is test
      logging: false
    decrypt:
      action: gcp/kms:decrypt
      ring: my_ring
      key: my_key
      cipherBase64Text: ${encrypt.CipherBase64Text}
      logging: false
    info:
      action: print
      message: 'decrypted:  $AsString(${decrypt.PlainData})'
Google Storage asset encryption/decryption (on top of native encryption)
endy -r=secure

@secure.yaml

pipeline:
  secure:
    deployKey:
      action: gcp/kms:deployKey
      credentials: gcp-e2e
      ring: my_ring
      key: my_key
      purpose: ENCRYPT_DECRYPT
    encrypt:
      action: gcp/kms:encrypt
      logging: false
      ring: my_ring
      key: my_key
      plainData: this is test
      dest:
        URL: gs://myBucket/config.json.enc
    decrypt:
      action: gcp/kms:decrypt
      logging: false
      ring: my_ring
      key: my_key
      source:
        URL: gs://myBucket/config.json.enc
    info:
      action: print
      message: $AsString(${decrypt.PlainData})
Accessing encrypted URL asset
package main

import (
	"context"
	"encoding/base64"
	"fmt"
	"google.golang.org/api/cloudkms/v1"
	"google.golang.org/api/option"
	"log"
	_ "github.com/viant/toolbox/storage/gs"
	"github.com/viant/toolbox/url"
	"os"
	"path"
)

func main() {

	resource := url.NewResource("gs://myBucket/config.json.enc")
	keyURI := "projects/MY_PROJECT/locations/REGION/keyRings/my_ring/cryptoKeys/my_key"
	plain, err := decrypt(keyURI, resource)
	if err != nil {
		log.Fatal(err)
	}
	fmt.Printf("%s\n", plain)
}

func decrypt(key string, resource *url.Resource) ([]byte, error) {
	data, err := resource.DownloadText()
	if err != nil {
		return nil, err
	}
	ctx := context.Background()
	kmsService, err := cloudkms.NewService(ctx, option.WithScopes(cloudkms.CloudPlatformScope, cloudkms.CloudkmsScope))
	if err != nil {
		return nil, err
	}
	service := cloudkms.NewProjectsLocationsKeyRingsCryptoKeysService(kmsService)
	response, err := service.Decrypt(key, &cloudkms.DecryptRequest{Ciphertext:data}).Context(ctx).Do()
	if err != nil {
		return nil, err
	}
	return base64.StdEncoding.DecodeString(string(response.Plaintext))
}

Documentation

Index

Constants

View Source 
const (
	//ServiceID Google cloudkms Service ID.
	ServiceID = "gcp/kms"
)

Variables

This section is empty.

Functions

func InitRequest 

func InitRequest(context *endly.Context, rawRequest map[string]interface{}) error

func New 

func New() endly.Service

New creates a new cloudkms service

Types

type CtxClient 

type CtxClient struct {
	*gcp.AbstractClient
	// contains filtered or unexported fields
}

CtxClient represents context client

func GetClient 

func GetClient(context *endly.Context) (*CtxClient, error)

func (*CtxClient) Service 

func (s *CtxClient) Service() interface{}

func (*CtxClient) SetService 

func (s *CtxClient) SetService(service interface{}) error

type DecryptRequest 

type DecryptRequest struct {
	KeyInfo
	CipherData       []byte
	CipherBase64Text string
	Source           *url.Resource
}

DecryptRequest represents decrypt response

func NewDecryptRequest 

func NewDecryptRequest(region, ring, keyId string, data []byte) *DecryptRequest

NewEncryptRequest creates a new DecryptRequest

func (*DecryptRequest) Init 

func (r *DecryptRequest) Init() error

Init initializes request

type DecryptResponse 

type DecryptResponse struct {
	PlainData []byte
	PlainText string
}

DecryptResponse represents decrypt response

type DeployKeyRequest 

type DeployKeyRequest struct {
	KeyInfo
	Labels  map[string]string
	Purpose string
	// contains filtered or unexported fields
}

DeployKeyRequest represents a deploy KeyInfo request

func NewDeployKeyRequest 

func NewDeployKeyRequest(region, ring, keyId, purpose string) *DeployKeyRequest

NewDeployKeyRequest creates a new DeployKeyRequest

func (*DeployKeyRequest) Init 

func (r *DeployKeyRequest) Init() error

func (*DeployKeyRequest) Validate 

func (r *DeployKeyRequest) Validate() error

type DeployKeyResponse 

type DeployKeyResponse struct {
	*cloudkms.CryptoKey
}

DeployKeyRequest represents a deploy KeyInfo response

type EncryptRequest 

type EncryptRequest struct {
	KeyInfo
	PlainBase64Text string
	PlainData       []byte
	Dest            *url.Resource
}

EncryptRequest represents encrypt request

func NewEncryptRequest 

func NewEncryptRequest(region, ring, keyId string, plainData []byte) *EncryptRequest

NewEncryptRequest creates a new EncryptRequest

func (*EncryptRequest) Init 

func (r *EncryptRequest) Init() error

Init initializes request

func (*EncryptRequest) Validate 

func (r *EncryptRequest) Validate() error

type EncryptResponse 

type EncryptResponse struct {
	CipherData       []byte
	CipherBase64Text string
}

EncryptResponse represents encrypt response

type KeyInfo 

type KeyInfo struct {
	Region string
	Key    string
	Ring   string
	// contains filtered or unexported fields
}

func (*KeyInfo) Init 

func (r *KeyInfo) Init() error

Init initializes key

func (*KeyInfo) Validate 

func (r *KeyInfo) Validate() error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.