kms

package

v3.9.1 Latest Latest Go to latest Published: Aug 16, 2024 License: MPL-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

codeberg.org/CodingPuffin/sops.git

Links

Open Source Insights

Documentation ¶

Overview ¶

Package kms contains an implementation of the codeberg.org/CodingPuffin/sops/v3.MasterKey interface that encrypts and decrypts the data key using AWS KMS with the SDK for Go V2.

Index ¶

Constants
func ParseKMSContext(in interface{}) map[string]*string
type CredentialsProvider
- func NewCredentialsProvider(cp aws.CredentialsProvider) *CredentialsProvider
- func (c CredentialsProvider) ApplyToMasterKey(key *MasterKey)
type MasterKey

Constants ¶

View Source

const (

	// KeyTypeIdentifier is the string used to identify an AWS KMS MasterKey.
	KeyTypeIdentifier = "kms"
)

Variables ¶

This section is empty.

Functions ¶

func ParseKMSContext ¶

func ParseKMSContext(in interface{}) map[string]*string

ParseKMSContext takes either a KMS context map or a comma-separated list of KMS context key:value pairs, and returns a map.

Types ¶

type CredentialsProvider ¶

type CredentialsProvider struct {
	// contains filtered or unexported fields
}

CredentialsProvider is a wrapper around aws.CredentialsProvider used for authentication towards AWS KMS.

func NewCredentialsProvider ¶

func NewCredentialsProvider(cp aws.CredentialsProvider) *CredentialsProvider

NewCredentialsProvider returns a CredentialsProvider object with the provided aws.CredentialsProvider.

func (CredentialsProvider) ApplyToMasterKey ¶

func (c CredentialsProvider) ApplyToMasterKey(key *MasterKey)

ApplyToMasterKey configures the credentials on the provided key.

type MasterKey ¶

type MasterKey struct {
	// Arn associated with the AWS KMS key.
	Arn string
	// Role ARN used to assume a role through AWS STS.
	Role string
	// EncryptedKey stores the data key in it's encrypted form.
	EncryptedKey string
	// CreationDate is when this MasterKey was created.
	CreationDate time.Time
	// EncryptionContext provides additional context about the data key.
	// Ref: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
	EncryptionContext map[string]*string
	// AwsProfile is the profile to use for loading configuration and credentials.
	// Ref: https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/#specifying-profiles
	AwsProfile string
	// contains filtered or unexported fields
}

MasterKey is an AWS KMS key used to encrypt and decrypt SOPS' data key using AWS SDK for Go V2.

func MasterKeysFromArnString ¶

func MasterKeysFromArnString(arn string, context map[string]*string, awsProfile string) []*MasterKey

MasterKeysFromArnString takes a comma separated list of AWS KMS ARNs, and returns a slice of new MasterKeys for those ARNs.

func NewMasterKey ¶

func NewMasterKey(arn string, role string, context map[string]*string) *MasterKey

NewMasterKey creates a new MasterKey from an ARN, role and context, setting the creation date to the current date.

func NewMasterKeyFromArn ¶

func NewMasterKeyFromArn(arn string, context map[string]*string, awsProfile string) *MasterKey

NewMasterKeyFromArn takes an ARN string and returns a new MasterKey for that ARN.

func NewMasterKeyWithProfile ¶

func NewMasterKeyWithProfile(arn string, role string, context map[string]*string, awsProfile string) *MasterKey

NewMasterKeyWithProfile creates a new MasterKey from an ARN, role, context and awsProfile, setting the creation date to the current date.

func (*MasterKey) Decrypt ¶

func (key *MasterKey) Decrypt() ([]byte, error)

Decrypt decrypts the EncryptedKey with a newly created AWS KMS config, and returns the result.

func (*MasterKey) Encrypt ¶

func (key *MasterKey) Encrypt(dataKey []byte) error

Encrypt takes a SOPS data key, encrypts it with KMS and stores the result in the EncryptedKey field.

func (*MasterKey) EncryptIfNeeded ¶

func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error

EncryptIfNeeded encrypts the provided SOPS data key, if it has not been encrypted yet.

func (*MasterKey) EncryptedDataKey ¶

func (key *MasterKey) EncryptedDataKey() []byte

EncryptedDataKey returns the encrypted data key this master key holds.

func (*MasterKey) NeedsRotation ¶

func (key *MasterKey) NeedsRotation() bool

NeedsRotation returns whether the data key needs to be rotated or not.

func (*MasterKey) SetEncryptedDataKey ¶

func (key *MasterKey) SetEncryptedDataKey(enc []byte)

SetEncryptedDataKey sets the encrypted data key for this master key.

func (MasterKey) ToMap ¶

func (key MasterKey) ToMap() map[string]interface{}

ToMap converts the MasterKey to a map for serialization purposes.

func (*MasterKey) ToString ¶

func (key *MasterKey) ToString() string

ToString converts the key to a string representation.

func (*MasterKey) TypeToIdentifier ¶

func (key *MasterKey) TypeToIdentifier() string

TypeToIdentifier returns the string identifier for the MasterKey type.

Source Files ¶

View all Source files

keysource.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL