kmsv2

package
v0.28.0-alpha.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 9, 2023 License: Apache-2.0 Imports: 30 Imported by: 1

Documentation

Overview

Package kmsv2 transforms values for storage at rest using a Envelope v2 provider

Package kmsv2 transforms values for storage at rest using a Envelope v2 provider

Package kmsv2 transforms values for storage at rest using a Envelope provider

Index

Constants

View Source
const (
	// KMSAPIVersion is the version of the KMS API.
	KMSAPIVersion = "v2beta1"

	// KeyIDMaxSize is the maximum size of the keyID.
	KeyIDMaxSize = 1 * 1024 // 1 kB

)

Variables

View Source
var NowFunc = time.Now

NowFunc is exported so tests can override it.

Functions

func GenerateTransformer added in v0.27.0

func GenerateTransformer(ctx context.Context, uid string, envelopeService kmsservice.Service) (value.Transformer, *kmsservice.EncryptResponse, []byte, error)

GenerateTransformer generates a new transformer and encrypts the DEK using the envelope service. It returns the transformer, the encrypted DEK, cache key and error.

func NewEnvelopeTransformer

func NewEnvelopeTransformer(envelopeService kmsservice.Service, providerName string, stateFunc StateFunc) value.Transformer

NewEnvelopeTransformer returns a transformer which implements a KEK-DEK based envelope encryption scheme. It uses envelopeService to encrypt and decrypt DEKs. Respective DEKs (in encrypted form) are prepended to the data items they encrypt.

func NewGRPCService

func NewGRPCService(ctx context.Context, endpoint, providerName string, callTimeout time.Duration) (kmsservice.Service, error)

NewGRPCService returns an envelope.Service which use gRPC to communicate the remote KMS provider.

Types

type ErrCodeKeyID added in v0.27.0

type ErrCodeKeyID string

func ValidateKeyID added in v0.27.0

func ValidateKeyID(keyID string) (ErrCodeKeyID, error)

ValidateKeyID tests the following: 1. The keyID is not empty. 2. The size of keyID is less than 1 kB.

type State added in v0.27.0

type State struct {
	Transformer  value.Transformer
	EncryptedDEK []byte
	KeyID        string
	Annotations  map[string][]byte

	UID string

	ExpirationTimestamp time.Time

	// CacheKey is the key used to cache the DEK in transformer.cache.
	CacheKey []byte
}

func (*State) ValidateEncryptCapability added in v0.27.0

func (s *State) ValidateEncryptCapability() error

type StateFunc added in v0.27.0

type StateFunc func() (State, error)

Directories

Path Synopsis
Package v2 contains definition of kms-plugin's serialized types.
Package v2 contains definition of kms-plugin's serialized types.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL