Documentation
¶
Overview ¶
Package v2 contains definition of kms-plugin's serialized types.
Index ¶
- Variables
- type EncryptedDEKSourceType
- type EncryptedObject
- func (*EncryptedObject) Descriptor() ([]byte, []int)
- func (m *EncryptedObject) GetAnnotations() map[string][]byte
- func (m *EncryptedObject) GetEncryptedDEKSource() []byte
- func (m *EncryptedObject) GetEncryptedDEKSourceType() EncryptedDEKSourceType
- func (m *EncryptedObject) GetEncryptedData() []byte
- func (m *EncryptedObject) GetKeyID() string
- func (*EncryptedObject) ProtoMessage()
- func (m *EncryptedObject) Reset()
- func (m *EncryptedObject) String() string
- func (m *EncryptedObject) XXX_DiscardUnknown()
- func (m *EncryptedObject) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *EncryptedObject) XXX_Merge(src proto.Message)
- func (m *EncryptedObject) XXX_Size() int
- func (m *EncryptedObject) XXX_Unmarshal(b []byte) error
Constants ¶
This section is empty.
Variables ¶
View Source
var EncryptedDEKSourceType_name = map[int32]string{
0: "AES_GCM_KEY",
1: "HKDF_SHA256_XNONCE_AES_GCM_SEED",
}
View Source
var EncryptedDEKSourceType_value = map[string]int32{
"AES_GCM_KEY": 0,
"HKDF_SHA256_XNONCE_AES_GCM_SEED": 1,
}
Functions ¶
This section is empty.
Types ¶
type EncryptedDEKSourceType ¶ added in v0.28.0
type EncryptedDEKSourceType int32
const ( // AES_GCM_KEY means that the plaintext of encryptedDEKSource is the DEK itself, with AES-GCM as the encryption algorithm. EncryptedDEKSourceType_AES_GCM_KEY EncryptedDEKSourceType = 0 // HKDF_SHA256_XNONCE_AES_GCM_SEED means that the plaintext of encryptedDEKSource is the pseudo random key // (referred to as the seed throughout the code) that is fed into HKDF expand. SHA256 is the hash algorithm // and first 32 bytes of encryptedData are the info param. The first 32 bytes from the HKDF stream are used // as the DEK with AES-GCM as the encryption algorithm. EncryptedDEKSourceType_HKDF_SHA256_XNONCE_AES_GCM_SEED EncryptedDEKSourceType = 1 )
func (EncryptedDEKSourceType) EnumDescriptor ¶ added in v0.28.0
func (EncryptedDEKSourceType) EnumDescriptor() ([]byte, []int)
func (EncryptedDEKSourceType) String ¶ added in v0.28.0
func (x EncryptedDEKSourceType) String() string
type EncryptedObject ¶
type EncryptedObject struct {
// EncryptedData is the encrypted data.
EncryptedData []byte `protobuf:"bytes,1,opt,name=encryptedData,proto3" json:"encryptedData,omitempty"`
// KeyID is the KMS key ID used for encryption operations.
// keyID must satisfy the following constraints:
// 1. The keyID is not empty.
// 2. The size of keyID is less than 1 kB.
KeyID string `protobuf:"bytes,2,opt,name=keyID,proto3" json:"keyID,omitempty"`
// EncryptedDEKSource is the ciphertext of the source of the DEK used to encrypt the data stored in encryptedData.
// encryptedDEKSourceType defines the process of using the plaintext of this field to determine the aforementioned DEK.
// encryptedDEKSource must satisfy the following constraints:
// 1. The encrypted DEK source is not empty.
// 2. The size of encrypted DEK source is less than 1 kB.
EncryptedDEKSource []byte `protobuf:"bytes,3,opt,name=encryptedDEKSource,proto3" json:"encryptedDEKSource,omitempty"`
// Annotations is additional metadata that was provided by the KMS plugin.
// Annotations must satisfy the following constraints:
// 1. Annotation key must be a fully qualified domain name that conforms to the definition in DNS (RFC 1123).
// 2. The size of annotations keys + values is less than 32 kB.
Annotations map[string][]byte `` /* 163-byte string literal not displayed */
// encryptedDEKSourceType defines the process of using the plaintext of encryptedDEKSource to determine the DEK.
EncryptedDEKSourceType EncryptedDEKSourceType `` /* 129-byte string literal not displayed */
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
EncryptedObject is the representation of data stored in etcd after envelope encryption.
func (*EncryptedObject) Descriptor ¶
func (*EncryptedObject) Descriptor() ([]byte, []int)
func (*EncryptedObject) GetAnnotations ¶
func (m *EncryptedObject) GetAnnotations() map[string][]byte
func (*EncryptedObject) GetEncryptedDEKSource ¶ added in v0.28.0
func (m *EncryptedObject) GetEncryptedDEKSource() []byte
func (*EncryptedObject) GetEncryptedDEKSourceType ¶ added in v0.28.0
func (m *EncryptedObject) GetEncryptedDEKSourceType() EncryptedDEKSourceType
func (*EncryptedObject) GetEncryptedData ¶
func (m *EncryptedObject) GetEncryptedData() []byte
func (*EncryptedObject) GetKeyID ¶
func (m *EncryptedObject) GetKeyID() string
func (*EncryptedObject) ProtoMessage ¶
func (*EncryptedObject) ProtoMessage()
func (*EncryptedObject) Reset ¶
func (m *EncryptedObject) Reset()
func (*EncryptedObject) String ¶
func (m *EncryptedObject) String() string
func (*EncryptedObject) XXX_DiscardUnknown ¶
func (m *EncryptedObject) XXX_DiscardUnknown()
func (*EncryptedObject) XXX_Marshal ¶
func (m *EncryptedObject) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*EncryptedObject) XXX_Merge ¶
func (m *EncryptedObject) XXX_Merge(src proto.Message)
func (*EncryptedObject) XXX_Size ¶
func (m *EncryptedObject) XXX_Size() int
func (*EncryptedObject) XXX_Unmarshal ¶
func (m *EncryptedObject) XXX_Unmarshal(b []byte) error
Source Files
Click to show internal directories.
Click to hide internal directories.