azurekeyvault

package
v0.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 20, 2019 License: Apache-2.0 Imports: 14 Imported by: 19

Documentation

Overview

Package azurekeyvault provides a secrets implementation backed by Azure KeyVault. See https://docs.microsoft.com/en-us/azure/key-vault/key-vault-whatis for more information. Use NewKeeper to construct a *secrets.Keeper.

URLs

For secrets.OpenKeeper, azurekeyvault registers for the scheme "azurekeyvault". The default URL opener will use Dial, which gets default credentials from the environment. To customize the URL opener, or for more details on the URL format, see URLOpener. See https://godoc.org/gocloud.dev#hdr-URLs for background information.

As

azurekeyvault exposes the following type for As: - Error: autorest.DetailedError, see https://godoc.org/github.com/Azure/go-autorest/autorest#DetailedError

Example 
package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/services/keyvault/v7.0/keyvault"

	akv "gocloud.dev/secrets/azurekeyvault"
)

func main() {
	// Get a client to use with the Azure KeyVault API.
	// See API docs for Authentication options.
	// https://github.com/Azure/azure-sdk-for-go
	client, err := akv.Dial()
	if err != nil {
		log.Fatal(err)
	}

	// Construct a *secrets.Keeper.
	// List of Parameters:
	// - client: *keyvault.BaseClient instance, see https://godoc.org/github.com/Azure/azure-sdk-for-go/services/keyvault/v7.0/keyvault#BaseClient
	// - keyVaultName: string representing the KeyVault name, see https://docs.microsoft.com/en-us/azure/key-vault/common-parameters-and-headers
	// - keyName: string representing the keyName, see https://docs.microsoft.com/en-us/rest/api/keyvault/encrypt/encrypt#uri-parameters
	// - keyVersion: string representing the keyVersion, see https://docs.microsoft.com/en-us/rest/api/keyvault/encrypt/encrypt#uri-parameters
	// - opts: *KeeperOptions with the desired Algorithm to use for operations. See this link for more info: https://docs.microsoft.com/en-us/rest/api/keyvault/encrypt/encrypt#jsonwebkeyencryptionalgorithm
	keeper, err := akv.NewKeeper(
		client,
		"replace with keyVaultName",
		"replace with keyName",
		"", // replace with keyVersion if you don't want to use the default one.
		&akv.KeeperOptions{
			Algorithm: string(keyvault.RSAOAEP256),
		},
	)
	if err != nil {
		log.Fatal(err)
	}

	// Now we can use keeper to encrypt or decrypt.
	ctx := context.Background()
	plaintext := []byte("Hello, Secrets!")
	ciphertext, err := keeper.Encrypt(ctx, plaintext)
	if err != nil {
		log.Fatal(err)
	}
	decrypted, err := keeper.Decrypt(ctx, ciphertext)
	if err != nil {
		log.Fatal(err)
	}
	_ = decrypted
}

Output:
Example (OpenKeeper) 
package main

import (
	"context"

	"gocloud.dev/secrets"
)

func main() {
	ctx := context.Background()

	// OpenKeeper creates a *secrets.Keeper from a URL.
	// The URL's host holds the KeyVault name.
	// The first element of the URL's path holds the key name.
	// The second element of the URL's path, if included, holds the key version.
	// The "algorithm" query parameter (required) holds the algorithm.
	// See https://docs.microsoft.com/en-us/rest/api/keyvault/encrypt/encrypt
	// for more information.
	k, err := secrets.OpenKeeper(ctx, "azurekeyvault://mykeyvaultname/mykeyname?algorithm=RSA-OAEP-256")
	_, _ = k, err
}

Output:

Index

Examples

Constants

View Source 
const Scheme = "azurekeyvault"

Scheme is the URL scheme azurekeyvault registers its URLOpener under on secrets.DefaultMux.

Variables

This section is empty.

Functions

func Dial 

func Dial() (*keyvault.BaseClient, error)

Dial gets a new *keyvault.BaseClient, see https://godoc.org/github.com/Azure/azure-sdk-for-go/services/keyvault/v7.0/keyvault#BaseClient

func NewKeeper 

func NewKeeper(client *keyvault.BaseClient, keyVaultName, keyName, keyVersion string, opts *KeeperOptions) (*secrets.Keeper, error)

NewKeeper returns a *secrets.Keeper that uses Azure keyVault. List of Parameters: - client: *keyvault.BaseClient instance, see https://godoc.org/github.com/Azure/azure-sdk-for-go/services/keyvault/v7.0/keyvault#BaseClient - keyVaultName: string representing the KeyVault name, see https://docs.microsoft.com/en-us/azure/key-vault/common-parameters-and-headers - keyName: string representing the keyName, see https://docs.microsoft.com/en-us/rest/api/keyvault/encrypt/encrypt#uri-parameters - keyVersion: string representing the keyVersion, or ""; see https://docs.microsoft.com/en-us/rest/api/keyvault/encrypt/encrypt#uri-parameters - opts: *KeeperOptions with the desired Algorithm to use for operations. See this link for more info: https://docs.microsoft.com/en-us/rest/api/keyvault/encrypt/encrypt#jsonwebkeyencryptionalgorithm

Types

type KeeperOptions 

type KeeperOptions struct {
	Algorithm string
}

KeeperOptions provides configuration options for encryption/decryption operations.

type URLOpener 

type URLOpener struct {
	// Client must be set to a non-nil value.
	Client *keyvault.BaseClient

	// Options specifies the options to pass to NewKeeper.
	Options KeeperOptions
}

URLOpener opens Azure KeyVault URLs like "azurekeyvault://mykeyvaultname/mykeyname/mykeyversion?algorithm=RSA-OAEP-256".

No other query parameters are supported.

func (*URLOpener) OpenKeeperURL 

func (o *URLOpener) OpenKeeperURL(ctx context.Context, u *url.URL) (*secrets.Keeper, error)

OpenKeeperURL opens an Azure KeyVault Keeper based on u.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.