Version: v3.6.0-barbican Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Jul 19, 2020 License: MPL-2.0 Imports: 14 Imported by: 0



Package azkv contains an implementation of the interface that encrypts and decrypts the data key using Azure Key Vault with the Azure Go SDK.



This section is empty.


This section is empty.


This section is empty.


type MasterKey

type MasterKey struct {
	VaultURL string
	Name     string
	Version  string

	EncryptedKey string
	CreationDate time.Time

MasterKey is a Azure Key Vault key used to encrypt and decrypt sops' data key.

func MasterKeysFromURLs

func MasterKeysFromURLs(urls string) ([]*MasterKey, error)

MasterKeysFromURLs takes a comma separated list of Azure Key Vault URLs and returns a slice of new MasterKeys for them

func NewMasterKey

func NewMasterKey(vaultURL string, keyName string, keyVersion string) *MasterKey

NewMasterKey creates a new MasterKey from an URL, key name and version, setting the creation date to the current date

func NewMasterKeyFromURL

func NewMasterKeyFromURL(url string) (*MasterKey, error)

NewMasterKeyFromURL takes an Azure Key Vault key URL and returns a new MasterKey URL format is {vaultUrl}/keys/{key-name}/{key-version}

func (*MasterKey) Decrypt

func (key *MasterKey) Decrypt() ([]byte, error)

Decrypt decrypts the EncryptedKey field with Azure Key Vault and returns the result.

func (*MasterKey) Encrypt

func (key *MasterKey) Encrypt(dataKey []byte) error

Encrypt takes a sops data key, encrypts it with Key Vault and stores the result in the EncryptedKey field

func (*MasterKey) EncryptIfNeeded

func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error

EncryptIfNeeded encrypts the provided sops' data key and encrypts it if it hasn't been encrypted yet

func (*MasterKey) EncryptedDataKey

func (key *MasterKey) EncryptedDataKey() []byte

EncryptedDataKey returns the encrypted data key this master key holds

func (*MasterKey) NeedsRotation

func (key *MasterKey) NeedsRotation() bool

NeedsRotation returns whether the data key needs to be rotated or not.

func (*MasterKey) SetEncryptedDataKey

func (key *MasterKey) SetEncryptedDataKey(enc []byte)

SetEncryptedDataKey sets the encrypted data key for this master key

func (MasterKey) ToMap

func (key MasterKey) ToMap() map[string]interface{}

ToMap converts the MasterKey to a map for serialization purposes

func (*MasterKey) ToString

func (key *MasterKey) ToString() string

ToString converts the key to a string representation

Source Files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL