transit

package
v1.1.20 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 19, 2022 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type API

type API interface {
	UpdateTransitEngine(engine EngineEntity) error
	ReadTransitEngine(engine core.MountPathEntity) (*Engine, error)
	ListKeys(engine core.MountPathEntity) ([]KeyName, error)
	UpdateTransitKey(engine core.MountPathEntity, key KeyEntity) error
	ReadTransitKey(engine core.MountPathEntity, key KeyNameEntity) (*Key, error)
	DeleteTransitKey(engine core.MountPathEntity, key KeyNameEntity) error
	RotateTransitKey(engine core.MountPathEntity, key KeyNameEntity) error
	TransitEncrypt(engine core.MountPathEntity, key KeyNameEntity, plainText []byte) (string, error)
	TransitDecrypt(engine core.MountPathEntity, key KeyNameEntity, cipherText string) ([]byte, error)
	TransitSign(engine core.MountPathEntity, key KeyNameEntity, input []byte) (string, error)
	TransitVerify(engine core.MountPathEntity, key KeyNameEntity, input []byte, signature string) (bool, error)
}

func NewAPI

func NewAPI(coreAPI core.API, mountAPI mount.API) API

type Base64EncodedBlob

type Base64EncodedBlob []byte

func (Base64EncodedBlob) MarshalJSON

func (b Base64EncodedBlob) MarshalJSON() ([]byte, error)

type Engine

type Engine struct {
	Path       string
	PluginName string
	Config     *EngineConfig
}

func (*Engine) GetMountPath

func (t *Engine) GetMountPath() (string, error)

func (*Engine) GetPluginName

func (t *Engine) GetPluginName() (string, error)

func (*Engine) GetTransitEngineConfig

func (t *Engine) GetTransitEngineConfig() (*EngineConfig, error)

type EngineCacheConfig

type EngineCacheConfig struct {
	Size int `json:"size"`
}

type EngineConfig

type EngineConfig struct {
	Cache EngineCacheConfig
}

type EngineEntity

type EngineEntity interface {
	core.MountPathEntity
	GetPluginName() (string, error)
	GetTransitEngineConfig() (*EngineConfig, error)
}

type Key

type Key struct {
	Name   string
	Type   KeyType
	Config *KeyConfig
}

func (*Key) GetTransitKeyConfig

func (t *Key) GetTransitKeyConfig() (*KeyConfig, error)

func (*Key) GetTransitKeyName

func (t *Key) GetTransitKeyName() (string, error)

func (*Key) GetTransitKeyType

func (t *Key) GetTransitKeyType() (KeyType, error)

type KeyConfig

type KeyConfig struct {
	MinimumDecryptionVersion int  `json:"min_decryption_version,omitempty"`
	MinimumEncryptionVersion int  `json:"min_encryption_version,omitempty"`
	DeletionAllowed          bool `json:"deletion_allowed,omitempty"`
	Exportable               bool `json:"exportable,omitempty"`
	AllowPlaintextBackup     bool `json:"allow_plaintext_backup,omitempty"`
}

type KeyEntity

type KeyEntity interface {
	KeyNameEntity
	GetTransitKeyType() (KeyType, error)
	GetTransitKeyConfig() (*KeyConfig, error)
}

type KeyName

type KeyName string

func (KeyName) GetTransitKeyName

func (t KeyName) GetTransitKeyName() (string, error)

type KeyNameEntity

type KeyNameEntity interface {
	GetTransitKeyName() (string, error)
}

type KeyType

type KeyType string

KeyType are defined keys that the vault transit engine supports. Details: https://www.vaultproject.io/docs/secrets/transit#key-types.

const (
	// TypeAes128Gcm96 AES-GCM with a 128-bit AES key and a 96-bit nonce; supports encryption,
	// decryption, key derivation, and convergent encryption.
	TypeAes128Gcm96 KeyType = "aes128-gcm96"
	// TypeAes256Gcm96 AES-GCM with a 256-bit AES key and a 96-bit nonce; supports encryption,
	// decryption, key derivation, and convergent encryption.
	TypeAes256Gcm96 KeyType = "aes256-gcm96"
	// TypeChacha20Poly1305 ChaCha20-Poly1305 with a 256-bit key; supports encryption, decryption,
	// key derivation, and convergent encryption.
	TypeChacha20Poly1305 KeyType = "chacha20-poly1305"
	// TypeED25519 Ed25519; supports signing, signature verification, and key derivation.
	TypeED25519 KeyType = "ed25519"
	// TypeEcdsaP256 ECDSA using curve P-256; supports signing and signature verification.
	TypeEcdsaP256 KeyType = "ecdsa-p256"
	// TypeEcdsaP384 ECDSA using curve P-384; supports signing and signature verification.
	TypeEcdsaP384 KeyType = "ecdsa-p384"
	// TypeEcdsaP521 ECDSA using curve P-521; supports signing and signature verification.
	TypeEcdsaP521 KeyType = "ecdsa-p521"
	// TypeRSA2048 2048-bit RSA key; supports encryption, decryption, signing, and signature verification.
	TypeRSA2048 KeyType = "rsa-2048"
	// TypeRSA3072 3072-bit RSA key; supports encryption, decryption, signing, and signature verification.
	TypeRSA3072 KeyType = "rsa-3072"
	// TypeRSA4096 4096-bit RSA key; supports encryption, decryption, signing, and signature verification.
	TypeRSA4096 KeyType = "rsa-4096"
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL