azurekms

package
v0.31.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 25, 2023 License: Apache-2.0 Imports: 22 Imported by: 5

Documentation

Index

Constants

View Source
const Scheme = string(apiv1.AzureKMS)

Scheme is the scheme used for the Azure Key Vault uris, the string "azurekms".

Variables

This section is empty.

Functions

func NewSigner

func NewSigner(lazyClient *lazyClient, signingKey string, defaults defaultOptions) (crypto.Signer, error)

NewSigner creates a new signer using a key in the AWS KMS.

Types

type KeyVault

type KeyVault struct {
	// contains filtered or unexported fields
}

KeyVault implements a KMS using Azure Key Vault.

To initialize the client we need to define a URI with the following format:

  • azurekms:
  • azurekms:vault=vault-name
  • azurekms:environment=env-name
  • azurekms:vault=vault-name;environment=env-name
  • azurekms:vault=vault-name?hsm=true

The scheme is "azurekms"; "vault" defines the default key vault to use; "environment" defines the Azure Cloud environment to use, options are "public" or "AzurePublicCloud", "usgov" or "AzureUSGovernmentCloud", "china" or "AzureChinaCloud", "german" or "AzureGermanCloud", it will default to the public cloud if not specified; "hsm" defines if a key will be generated by an HSM by default.

The URI format for a key in Azure Key Vault is the following:

  • azurekms:name=key-name;vault=vault-name
  • azurekms:name=key-name;vault=vault-name?version=key-version
  • azurekms:name=key-name;vault=vault-name?hsm=true
  • azurekms:name=key-name;vault=vault-name

The "name" is the key name inside the "vault"; "version" is an optional parameter that defines the version of they key, if version is not given, the latest one will be used; "vault" and "hsm" will override the default value if set. The "environment" can only be set to initialize the client.

func New

func New(ctx context.Context, opts apiv1.Options) (*KeyVault, error)

New initializes a new KMS implemented using Azure Key Vault.

The URI format used to initialized the Azure Key Vault client is the following:

  • azurekms:
  • azurekms:vault=vault-name
  • azurekms:vault=vault-name;environment=env-name
  • azurekms:vault=vault-name?hsm=true

func (*KeyVault) Close

func (k *KeyVault) Close() error

Close closes the client connection to the Azure Key Vault. This is a noop.

func (*KeyVault) CreateKey

CreateKey creates a asymmetric key in Azure Key Vault.

func (*KeyVault) CreateSigner

func (k *KeyVault) CreateSigner(req *apiv1.CreateSignerRequest) (crypto.Signer, error)

CreateSigner returns a crypto.Signer from a previously created asymmetric key.

func (*KeyVault) GetPublicKey

func (k *KeyVault) GetPublicKey(req *apiv1.GetPublicKeyRequest) (crypto.PublicKey, error)

GetPublicKey loads a public key from Azure Key Vault by its resource name.

func (*KeyVault) ValidateName

func (k *KeyVault) ValidateName(s string) error

ValidateName validates that the given string is a valid URI.

type KeyVaultClient

type KeyVaultClient interface {
	GetKey(ctx context.Context, name string, version string, options *azkeys.GetKeyOptions) (azkeys.GetKeyResponse, error)
	CreateKey(ctx context.Context, name string, parameters azkeys.CreateKeyParameters, options *azkeys.CreateKeyOptions) (azkeys.CreateKeyResponse, error)
	Sign(ctx context.Context, name string, version string, parameters azkeys.SignParameters, options *azkeys.SignOptions) (azkeys.SignResponse, error)
}

KeyVaultClient is the interface implemented by keyvault.BaseClient. It will be used for testing purposes.

type Signer

type Signer struct {
	// contains filtered or unexported fields
}

Signer implements a crypto.Signer using the AWS KMS.

func (*Signer) Public

func (s *Signer) Public() crypto.PublicKey

Public returns the public key of this signer or an error.

func (*Signer) Sign

func (s *Signer) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

Sign signs digest with the private key stored in the Azure Key Vault.

Directories

Path Synopsis
internal
mock
Package mock is a generated GoMock package.
Package mock is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL