kmsv2

package
v0.26.12 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 20, 2023 License: Apache-2.0 Imports: 23 Imported by: 1

Documentation

Overview

Package kmsv2 transforms values for storage at rest using a Envelope v2 provider

Package kmsv2 transforms values for storage at rest using a Envelope provider

Index

Constants

View Source
const (
	// KMSAPIVersion is the version of the KMS API.
	KMSAPIVersion = "v2alpha1"
)

Variables

This section is empty.

Functions

func NewEnvelopeTransformer

func NewEnvelopeTransformer(envelopeService Service, cacheSize int, baseTransformerFunc func(cipher.Block) value.Transformer) value.Transformer

NewEnvelopeTransformer returns a transformer which implements a KEK-DEK based envelope encryption scheme. It uses envelopeService to encrypt and decrypt DEKs. Respective DEKs (in encrypted form) are prepended to the data items they encrypt. A cache (of size cacheSize) is maintained to store the most recently used decrypted DEKs in memory.

Types

type DecryptRequest

type DecryptRequest struct {
	Ciphertext  []byte
	KeyID       string
	Annotations map[string][]byte
}

DecryptRequest is the request to the Envelope service when decrypting data.

type EncryptResponse

type EncryptResponse struct {
	Ciphertext  []byte
	KeyID       string
	Annotations map[string][]byte
}

EncryptResponse is the response from the Envelope service when encrypting data.

type Service

type Service interface {
	// Decrypt a given bytearray to obtain the original data as bytes.
	Decrypt(ctx context.Context, uid string, req *DecryptRequest) ([]byte, error)
	// Encrypt bytes to a ciphertext.
	Encrypt(ctx context.Context, uid string, data []byte) (*EncryptResponse, error)
	// Status returns the status of the KMS.
	Status(ctx context.Context) (*StatusResponse, error)
}

Service allows encrypting and decrypting data using an external Key Management Service.

func NewGRPCService

func NewGRPCService(ctx context.Context, endpoint string, callTimeout time.Duration) (Service, error)

NewGRPCService returns an envelope.Service which use gRPC to communicate the remote KMS provider.

type StatusResponse

type StatusResponse struct {
	Version string
	Healthz string
	KeyID   string
}

StatusResponse is the response from the Envelope service when getting the status of the service.

Directories

Path Synopsis
Package v2alpha1 contains definition of kms-plugin's serialized types.
Package v2alpha1 contains definition of kms-plugin's serialized types.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL