Documentation
¶
Index ¶
- Constants
- func NewSigner(lazyClient *lazyClient, signingKey string, defaults defaultOptions) (crypto.Signer, error)
- type KeyVault
- func (k *KeyVault) Close() error
- func (k *KeyVault) CreateKey(req *apiv1.CreateKeyRequest) (*apiv1.CreateKeyResponse, error)
- func (k *KeyVault) CreateSigner(req *apiv1.CreateSignerRequest) (crypto.Signer, error)
- func (k *KeyVault) GetPublicKey(req *apiv1.GetPublicKeyRequest) (crypto.PublicKey, error)
- func (k *KeyVault) ValidateName(s string) error
- type KeyVaultClient
- type Signer
Constants ¶
const Scheme = string(apiv1.AzureKMS)
Scheme is the scheme used for the Azure Key Vault uris, the string "azurekms".
Variables ¶
This section is empty.
Functions ¶
Types ¶
type KeyVault ¶
type KeyVault struct {
// contains filtered or unexported fields
}
KeyVault implements a KMS using Azure Key Vault.
To initialize the client we need to define a URI with the following format:
- azurekms:
- azurekms:vault=vault-name
- azurekms:environment=env-name
- azurekms:vault=vault-name;environment=env-name
- azurekms:vault=vault-name?hsm=true
The scheme is "azurekms"; "vault" defines the default key vault to use; "environment" defines the Azure Cloud environment to use, options are "public" or "AzurePublicCloud", "usgov" or "AzureUSGovernmentCloud", "china" or "AzureChinaCloud", "german" or "AzureGermanCloud", it will default to the public cloud if not specified; "hsm" defines if a key will be generated by an HSM by default.
The URI format for a key in Azure Key Vault is the following:
- azurekms:name=key-name;vault=vault-name
- azurekms:name=key-name;vault=vault-name?version=key-version
- azurekms:name=key-name;vault=vault-name?hsm=true
- azurekms:name=key-name;vault=vault-name
The "name" is the key name inside the "vault"; "version" is an optional parameter that defines the version of they key, if version is not given, the latest one will be used; "vault" and "hsm" will override the default value if set. The "environment" can only be set to initialize the client.
func New ¶
New initializes a new KMS implemented using Azure Key Vault.
The URI format used to initialized the Azure Key Vault client is the following:
- azurekms:
- azurekms:vault=vault-name
- azurekms:vault=vault-name;environment=env-name
- azurekms:vault=vault-name?hsm=true
func (*KeyVault) CreateKey ¶
func (k *KeyVault) CreateKey(req *apiv1.CreateKeyRequest) (*apiv1.CreateKeyResponse, error)
CreateKey creates a asymmetric key in Azure Key Vault.
func (*KeyVault) CreateSigner ¶
CreateSigner returns a crypto.Signer from a previously created asymmetric key.
func (*KeyVault) GetPublicKey ¶
GetPublicKey loads a public key from Azure Key Vault by its resource name.
func (*KeyVault) ValidateName ¶
ValidateName validates that the given string is a valid URI.
type KeyVaultClient ¶
type KeyVaultClient interface {
GetKey(ctx context.Context, name string, version string, options *azkeys.GetKeyOptions) (azkeys.GetKeyResponse, error)
CreateKey(ctx context.Context, name string, parameters azkeys.CreateKeyParameters, options *azkeys.CreateKeyOptions) (azkeys.CreateKeyResponse, error)
Sign(ctx context.Context, name string, version string, parameters azkeys.SignParameters, options *azkeys.SignOptions) (azkeys.SignResponse, error)
}
KeyVaultClient is the interface implemented by keyvault.BaseClient. It will be used for testing purposes.
Source Files
Directories