keys

package
v0.0.0-...-075157f Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 18, 2020 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Overview

Package keys defines the interface to and implementation of key management operations.

Although exported, this package is non intended for general consumption. It is a shared dependency between multiple exposure notifications projects. We cannot guarantee that there won't be breaking changes in the future.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AWSKMS 

type AWSKMS struct {
	// contains filtered or unexported fields
}

AWSKMS implements the keys.KeyManager interface and can be used to sign export files using AWS KMS.

func (*AWSKMS) NewSigner 

func (s *AWSKMS) NewSigner(ctx context.Context, keyID string) (crypto.Signer, error)

type AzureKeyVault 

type AzureKeyVault struct {
	// contains filtered or unexported fields
}

AzureKeyVault implements the keys.KeyManager interface and can be used to sign export files.

func (*AzureKeyVault) NewSigner 

func (v *AzureKeyVault) NewSigner(ctx context.Context, keyID string) (crypto.Signer, error)

NewSigner creates a new signer that uses a key in HashiCorp Vault's transit backend. The keyID in the format: 

AZURE_KEY_VAULT_NAME/SECRET_NAME/SECRET_VERSION

For example: 

my-company-vault/api-key/1

Both name and version are required.

type AzureKeyVaultSigner 

type AzureKeyVaultSigner struct {
	// contains filtered or unexported fields
}

func NewAzureKeyVaultSigner 

func NewAzureKeyVaultSigner(ctx context.Context, client *keyvault.BaseClient, vault, key, version string) (*AzureKeyVaultSigner, error)

NewAzureKeyVaultSigner creates a new signing interface compatible with HashiCorp Vault's transit backend. The key name and key version are required.

func (*AzureKeyVaultSigner) Public 

func (s *AzureKeyVaultSigner) Public() crypto.PublicKey

Public returns the public key. The public key is fetched when the signer is created.

func (*AzureKeyVaultSigner) Sign 

func (s *AzureKeyVaultSigner) Sign(_ io.Reader, digest []byte, _ crypto.SignerOpts) ([]byte, error)

Sign signs the given digest using the public key.

type Config 

type Config struct {
	KeyManagerType KeyManagerType `env:"KEY_MANAGER,default=GOOGLE_CLOUD_KMS"`
}

Config defines configuration.

type GoogleCloudKMS 

type GoogleCloudKMS struct {
	// contains filtered or unexported fields
}

GoogleCloudKMS implements the keys.KeyManager interface and can be used to sign export files.

func (*GoogleCloudKMS) NewSigner 

func (kms *GoogleCloudKMS) NewSigner(ctx context.Context, keyID string) (crypto.Signer, error)

type HashiCorpVault 

type HashiCorpVault struct {
	// contains filtered or unexported fields
}

HashiCorpVault implements the keys.KeyManager interface and can be used to sign export files.

func (*HashiCorpVault) NewSigner 

func (v *HashiCorpVault) NewSigner(ctx context.Context, keyID string) (crypto.Signer, error)

NewSigner creates a new signer that uses a key in HashiCorp Vault's transit backend. The keyID is in the format: 

name@version

Both name and version are required.

type HashiCorpVaultSigner 

type HashiCorpVaultSigner struct {
	// contains filtered or unexported fields
}

func NewHashiCorpVaultSigner 

func NewHashiCorpVaultSigner(ctx context.Context, client *vaultapi.Client, name, version string) (*HashiCorpVaultSigner, error)

NewHashiCorpVaultSigner creates a new signing interface compatible with HashiCorp Vault's transit backend. The key name and key version are required.

func (*HashiCorpVaultSigner) Public 

func (s *HashiCorpVaultSigner) Public() crypto.PublicKey

Public returns the public key. The public key is fetched when the signer is created.

func (*HashiCorpVaultSigner) Sign 

func (s *HashiCorpVaultSigner) Sign(_ io.Reader, digest []byte, _ crypto.SignerOpts) ([]byte, error)

Sign signs the given digest using the public key.

type KeyManager 

type KeyManager interface {
	NewSigner(ctx context.Context, keyID string) (crypto.Signer, error)
}

KeyManager defines the interface for working with a KMS system that is able to sign bytes using PKI. KeyManager implementations must be able to return a crypto.Signer.

func KeyManagerFor 

func KeyManagerFor(ctx context.Context, typ KeyManagerType) (KeyManager, error)

KeyManagerFor returns the appropriate key manager for the given type.

func NewAWSKMS 

func NewAWSKMS(ctx context.Context) (KeyManager, error)

func NewAzureKeyVault 

func NewAzureKeyVault(ctx context.Context) (KeyManager, error)

NewAzureKeyVault creates a new KeyVault key manager instance.

func NewGoogleCloudKMS 

func NewGoogleCloudKMS(ctx context.Context) (KeyManager, error)

func NewHashiCorpVault 

func NewHashiCorpVault(ctx context.Context) (KeyManager, error)

NewHashiCorpVault creates a new Vault key manager instance.

func NewNoop 

func NewNoop(ctx context.Context) (KeyManager, error)

type KeyManagerType 

type KeyManagerType string

KeyManagerType defines a specific key manager. 

const (
	KeyManagerTypeAWSKMS         KeyManagerType = "AWS_KMS"
	KeyManagerTypeAzureKeyVault  KeyManagerType = "AZURE_KEY_VAULT"
	KeyManagerTypeGoogleCloudKMS KeyManagerType = "GOOGLE_CLOUD_KMS"
	KeyManagerTypeHashiCorpVault KeyManagerType = "HASHICORP_VAULT"
	KeyManagerTypeNoop           KeyManagerType = "NOOP"
)

type Noop 

type Noop struct{}

Noop is a key manager that does nothing and always returns an error.

func (*Noop) NewSigner 

func (n *Noop) NewSigner(ctx context.Context, keyID string) (crypto.Signer, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.