Version: v3.6.0-barbican Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Jul 19, 2020 License: MPL-2.0 Imports: 15 Imported by: 0




This section is empty.


This section is empty.


This section is empty.


type MasterKey

type MasterKey struct {
	EncryptedKey string
	KeyName      string
	EnginePath   string
	VaultAddress string
	CreationDate time.Time

MasterKey is a Vault Transit backend path used to encrypt and decrypt sops' data key.

func NewMasterKey

func NewMasterKey(addess, enginePath, keyName string) *MasterKey

NewMasterKey creates a new MasterKey from a vault address, transit backend path and a key name and setting the creation date to the current date

func NewMasterKeyFromURI

func NewMasterKeyFromURI(uri string) (*MasterKey, error)

NewMasterKeyFromURI obtains the vaultAddress the transit backend path and the key name from the full URI of the key

func NewMasterKeysFromURIs

func NewMasterKeysFromURIs(uris string) ([]*MasterKey, error)

NewMasterKeysFromURIs gets lots of keys from lots of URIs

func (*MasterKey) Decrypt

func (key *MasterKey) Decrypt() ([]byte, error)

Decrypt decrypts the EncryptedKey field with Vault Transit and returns the result.

func (*MasterKey) Encrypt

func (key *MasterKey) Encrypt(dataKey []byte) error

Encrypt takes a sops data key, encrypts it with Vault Transit and stores the result in the EncryptedKey field

func (*MasterKey) EncryptIfNeeded

func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error

EncryptIfNeeded encrypts the provided sops' data key and encrypts it if it hasn't been encrypted yet

func (*MasterKey) EncryptedDataKey

func (key *MasterKey) EncryptedDataKey() []byte

EncryptedDataKey returns the encrypted data key this master key holds

func (*MasterKey) NeedsRotation

func (key *MasterKey) NeedsRotation() bool

NeedsRotation returns whether the data key needs to be rotated or not. This is simply copied from GCPKMS TODO: handle key rotation on vault side

func (*MasterKey) SetEncryptedDataKey

func (key *MasterKey) SetEncryptedDataKey(enc []byte)

SetEncryptedDataKey sets the encrypted data key for this master key

func (MasterKey) ToMap

func (key MasterKey) ToMap() map[string]interface{}

ToMap converts the MasterKey to a map for serialization purposes

func (*MasterKey) ToString

func (key *MasterKey) ToString() string

ToString converts the key to a string representation

Source Files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL