awskms

package
v0.54.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 14, 2024 License: Apache-2.0 Imports: 15 Imported by: 4

Documentation

Index

Constants

View Source
const Scheme = string(apiv1.AmazonKMS)

Scheme is the scheme used in uris, the string "awskms".

Variables

This section is empty.

Functions

This section is empty.

Types

type KMS

type KMS struct {
	// contains filtered or unexported fields
}

KMS implements a KMS using AWS Key Management Service.

func New

func New(ctx context.Context, opts apiv1.Options) (*KMS, error)

New creates a new AWSKMS. By default, clients will be created using the credentials in `~/.aws/credentials`, but this can be overridden using the CredentialsFile option, the Region and Profile can also be configured as options.

AWS clients can also be configured with environment variables, see docs at https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/ for all the options.

func (*KMS) Close

func (k *KMS) Close() error

Close closes the connection of the KMS client.

func (*KMS) CreateKey

func (k *KMS) CreateKey(req *apiv1.CreateKeyRequest) (*apiv1.CreateKeyResponse, error)

CreateKey generates a new key in KMS and returns the public key version of it.

func (*KMS) CreateSigner

func (k *KMS) CreateSigner(req *apiv1.CreateSignerRequest) (crypto.Signer, error)

CreateSigner creates a new crypto.Signer with a previously configured key.

func (*KMS) GetPublicKey

func (k *KMS) GetPublicKey(req *apiv1.GetPublicKeyRequest) (crypto.PublicKey, error)

GetPublicKey returns a public key from KMS.

type KeyManagementClient

type KeyManagementClient interface {
	GetPublicKey(ctx context.Context, input *kms.GetPublicKeyInput, opts ...func(*kms.Options)) (*kms.GetPublicKeyOutput, error)
	CreateKey(ctx context.Context, input *kms.CreateKeyInput, opts ...func(*kms.Options)) (*kms.CreateKeyOutput, error)
	CreateAlias(ctx context.Context, input *kms.CreateAliasInput, opts ...func(*kms.Options)) (*kms.CreateAliasOutput, error)
	Sign(ctx context.Context, input *kms.SignInput, opts ...func(*kms.Options)) (*kms.SignOutput, error)
}

KeyManagementClient defines the methods on KeyManagementClient that this package will use. This interface will be used for unit testing.

type Signer

type Signer struct {
	// contains filtered or unexported fields
}

Signer implements a crypto.Signer using the AWS KMS.

func NewSigner

func NewSigner(client KeyManagementClient, signingKey string) (*Signer, error)

NewSigner creates a new signer using a key in the AWS KMS.

func (*Signer) Public

func (s *Signer) Public() crypto.PublicKey

Public returns the public key of this signer or an error.

func (*Signer) Sign

func (s *Signer) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

Sign signs digest with the private key stored in the AWS KMS.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL