keyservice

package
v3.6.0-barbican Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 19, 2020 License: MPL-2.0 Imports: 15 Imported by: 0

Documentation

Overview

Package keyservice implements a gRPC API that can be used by SOPS to encrypt and decrypt the data key using remote master keys.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RegisterKeyServiceServer 

func RegisterKeyServiceServer(s *grpc.Server, srv KeyServiceServer)

Types

type AzureKeyVaultKey 

type AzureKeyVaultKey struct {
	VaultUrl             string   `protobuf:"bytes,1,opt,name=vault_url,json=vaultUrl,proto3" json:"vault_url,omitempty"`
	Name                 string   `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
	Version              string   `protobuf:"bytes,3,opt,name=version,proto3" json:"version,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*AzureKeyVaultKey) Descriptor 

func (*AzureKeyVaultKey) Descriptor() ([]byte, []int)

func (*AzureKeyVaultKey) GetName 

func (m *AzureKeyVaultKey) GetName() string

func (*AzureKeyVaultKey) GetVaultUrl 

func (m *AzureKeyVaultKey) GetVaultUrl() string

func (*AzureKeyVaultKey) GetVersion 

func (m *AzureKeyVaultKey) GetVersion() string

func (*AzureKeyVaultKey) ProtoMessage 

func (*AzureKeyVaultKey) ProtoMessage()

func (*AzureKeyVaultKey) Reset 

func (m *AzureKeyVaultKey) Reset()

func (*AzureKeyVaultKey) String 

func (m *AzureKeyVaultKey) String() string

func (*AzureKeyVaultKey) XXX_DiscardUnknown 

func (m *AzureKeyVaultKey) XXX_DiscardUnknown()

func (*AzureKeyVaultKey) XXX_Marshal 

func (m *AzureKeyVaultKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AzureKeyVaultKey) XXX_Merge 

func (m *AzureKeyVaultKey) XXX_Merge(src proto.Message)

func (*AzureKeyVaultKey) XXX_Size 

func (m *AzureKeyVaultKey) XXX_Size() int

func (*AzureKeyVaultKey) XXX_Unmarshal 

func (m *AzureKeyVaultKey) XXX_Unmarshal(b []byte) error

type BarbicanKey 

type BarbicanKey struct {
	SecretHref           string   `protobuf:"bytes,1,opt,name=secret_href,json=secretHref,proto3" json:"secret_href,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*BarbicanKey) Descriptor 

func (*BarbicanKey) Descriptor() ([]byte, []int)

func (*BarbicanKey) GetSecretHref 

func (m *BarbicanKey) GetSecretHref() string

func (*BarbicanKey) ProtoMessage 

func (*BarbicanKey) ProtoMessage()

func (*BarbicanKey) Reset 

func (m *BarbicanKey) Reset()

func (*BarbicanKey) String 

func (m *BarbicanKey) String() string

func (*BarbicanKey) XXX_DiscardUnknown 

func (m *BarbicanKey) XXX_DiscardUnknown()

func (*BarbicanKey) XXX_Marshal 

func (m *BarbicanKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*BarbicanKey) XXX_Merge 

func (m *BarbicanKey) XXX_Merge(src proto.Message)

func (*BarbicanKey) XXX_Size 

func (m *BarbicanKey) XXX_Size() int

func (*BarbicanKey) XXX_Unmarshal 

func (m *BarbicanKey) XXX_Unmarshal(b []byte) error

type DecryptRequest 

type DecryptRequest struct {
	Key                  *Key     `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
	Ciphertext           []byte   `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*DecryptRequest) Descriptor 

func (*DecryptRequest) Descriptor() ([]byte, []int)

func (*DecryptRequest) GetCiphertext 

func (m *DecryptRequest) GetCiphertext() []byte

func (*DecryptRequest) GetKey 

func (m *DecryptRequest) GetKey() *Key

func (*DecryptRequest) ProtoMessage 

func (*DecryptRequest) ProtoMessage()

func (*DecryptRequest) Reset 

func (m *DecryptRequest) Reset()

func (*DecryptRequest) String 

func (m *DecryptRequest) String() string

func (*DecryptRequest) XXX_DiscardUnknown 

func (m *DecryptRequest) XXX_DiscardUnknown()

func (*DecryptRequest) XXX_Marshal 

func (m *DecryptRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DecryptRequest) XXX_Merge 

func (m *DecryptRequest) XXX_Merge(src proto.Message)

func (*DecryptRequest) XXX_Size 

func (m *DecryptRequest) XXX_Size() int

func (*DecryptRequest) XXX_Unmarshal 

func (m *DecryptRequest) XXX_Unmarshal(b []byte) error

type DecryptResponse 

type DecryptResponse struct {
	Plaintext            []byte   `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*DecryptResponse) Descriptor 

func (*DecryptResponse) Descriptor() ([]byte, []int)

func (*DecryptResponse) GetPlaintext 

func (m *DecryptResponse) GetPlaintext() []byte

func (*DecryptResponse) ProtoMessage 

func (*DecryptResponse) ProtoMessage()

func (*DecryptResponse) Reset 

func (m *DecryptResponse) Reset()

func (*DecryptResponse) String 

func (m *DecryptResponse) String() string

func (*DecryptResponse) XXX_DiscardUnknown 

func (m *DecryptResponse) XXX_DiscardUnknown()

func (*DecryptResponse) XXX_Marshal 

func (m *DecryptResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DecryptResponse) XXX_Merge 

func (m *DecryptResponse) XXX_Merge(src proto.Message)

func (*DecryptResponse) XXX_Size 

func (m *DecryptResponse) XXX_Size() int

func (*DecryptResponse) XXX_Unmarshal 

func (m *DecryptResponse) XXX_Unmarshal(b []byte) error

type EncryptRequest 

type EncryptRequest struct {
	Key                  *Key     `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
	Plaintext            []byte   `protobuf:"bytes,2,opt,name=plaintext,proto3" json:"plaintext,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*EncryptRequest) Descriptor 

func (*EncryptRequest) Descriptor() ([]byte, []int)

func (*EncryptRequest) GetKey 

func (m *EncryptRequest) GetKey() *Key

func (*EncryptRequest) GetPlaintext 

func (m *EncryptRequest) GetPlaintext() []byte

func (*EncryptRequest) ProtoMessage 

func (*EncryptRequest) ProtoMessage()

func (*EncryptRequest) Reset 

func (m *EncryptRequest) Reset()

func (*EncryptRequest) String 

func (m *EncryptRequest) String() string

func (*EncryptRequest) XXX_DiscardUnknown 

func (m *EncryptRequest) XXX_DiscardUnknown()

func (*EncryptRequest) XXX_Marshal 

func (m *EncryptRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*EncryptRequest) XXX_Merge 

func (m *EncryptRequest) XXX_Merge(src proto.Message)

func (*EncryptRequest) XXX_Size 

func (m *EncryptRequest) XXX_Size() int

func (*EncryptRequest) XXX_Unmarshal 

func (m *EncryptRequest) XXX_Unmarshal(b []byte) error

type EncryptResponse 

type EncryptResponse struct {
	Ciphertext           []byte   `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*EncryptResponse) Descriptor 

func (*EncryptResponse) Descriptor() ([]byte, []int)

func (*EncryptResponse) GetCiphertext 

func (m *EncryptResponse) GetCiphertext() []byte

func (*EncryptResponse) ProtoMessage 

func (*EncryptResponse) ProtoMessage()

func (*EncryptResponse) Reset 

func (m *EncryptResponse) Reset()

func (*EncryptResponse) String 

func (m *EncryptResponse) String() string

func (*EncryptResponse) XXX_DiscardUnknown 

func (m *EncryptResponse) XXX_DiscardUnknown()

func (*EncryptResponse) XXX_Marshal 

func (m *EncryptResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*EncryptResponse) XXX_Merge 

func (m *EncryptResponse) XXX_Merge(src proto.Message)

func (*EncryptResponse) XXX_Size 

func (m *EncryptResponse) XXX_Size() int

func (*EncryptResponse) XXX_Unmarshal 

func (m *EncryptResponse) XXX_Unmarshal(b []byte) error

type GcpKmsKey 

type GcpKmsKey struct {
	ResourceId           string   `protobuf:"bytes,1,opt,name=resource_id,json=resourceId,proto3" json:"resource_id,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*GcpKmsKey) Descriptor 

func (*GcpKmsKey) Descriptor() ([]byte, []int)

func (*GcpKmsKey) GetResourceId 

func (m *GcpKmsKey) GetResourceId() string

func (*GcpKmsKey) ProtoMessage 

func (*GcpKmsKey) ProtoMessage()

func (*GcpKmsKey) Reset 

func (m *GcpKmsKey) Reset()

func (*GcpKmsKey) String 

func (m *GcpKmsKey) String() string

func (*GcpKmsKey) XXX_DiscardUnknown 

func (m *GcpKmsKey) XXX_DiscardUnknown()

func (*GcpKmsKey) XXX_Marshal 

func (m *GcpKmsKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*GcpKmsKey) XXX_Merge 

func (m *GcpKmsKey) XXX_Merge(src proto.Message)

func (*GcpKmsKey) XXX_Size 

func (m *GcpKmsKey) XXX_Size() int

func (*GcpKmsKey) XXX_Unmarshal 

func (m *GcpKmsKey) XXX_Unmarshal(b []byte) error

type Key 

type Key struct {
	// Types that are valid to be assigned to KeyType:
	//	*Key_KmsKey
	//	*Key_PgpKey
	//	*Key_GcpKmsKey
	//	*Key_AzureKeyvaultKey
	//	*Key_VaultKey
	//	*Key_BarbicanKey
	KeyType              isKey_KeyType `protobuf_oneof:"key_type"`
	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
	XXX_unrecognized     []byte        `json:"-"`
	XXX_sizecache        int32         `json:"-"`
}

func KeyFromMasterKey 

func KeyFromMasterKey(mk keys.MasterKey) Key

KeyFromMasterKey converts a SOPS internal MasterKey to an RPC Key that can be serialized with Protocol Buffers

func (*Key) Descriptor 

func (*Key) Descriptor() ([]byte, []int)

func (*Key) GetAzureKeyvaultKey 

func (m *Key) GetAzureKeyvaultKey() *AzureKeyVaultKey

func (*Key) GetBarbicanKey 

func (m *Key) GetBarbicanKey() *BarbicanKey

func (*Key) GetGcpKmsKey 

func (m *Key) GetGcpKmsKey() *GcpKmsKey

func (*Key) GetKeyType 

func (m *Key) GetKeyType() isKey_KeyType

func (*Key) GetKmsKey 

func (m *Key) GetKmsKey() *KmsKey

func (*Key) GetPgpKey 

func (m *Key) GetPgpKey() *PgpKey

func (*Key) GetVaultKey 

func (m *Key) GetVaultKey() *VaultKey

func (*Key) ProtoMessage 

func (*Key) ProtoMessage()

func (*Key) Reset 

func (m *Key) Reset()

func (*Key) String 

func (m *Key) String() string

func (*Key) XXX_DiscardUnknown 

func (m *Key) XXX_DiscardUnknown()

func (*Key) XXX_Marshal 

func (m *Key) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Key) XXX_Merge 

func (m *Key) XXX_Merge(src proto.Message)

func (*Key) XXX_OneofWrappers 

func (*Key) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*Key) XXX_Size 

func (m *Key) XXX_Size() int

func (*Key) XXX_Unmarshal 

func (m *Key) XXX_Unmarshal(b []byte) error

type KeyServiceClient 

type KeyServiceClient interface {
	Encrypt(ctx context.Context, in *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error)
	Decrypt(ctx context.Context, in *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error)
}

KeyServiceClient is the client API for KeyService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewKeyServiceClient 

func NewKeyServiceClient(cc *grpc.ClientConn) KeyServiceClient

type KeyServiceServer 

type KeyServiceServer interface {
	Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error)
	Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error)
}

KeyServiceServer is the server API for KeyService service.

type Key_AzureKeyvaultKey 

type Key_AzureKeyvaultKey struct {
	AzureKeyvaultKey *AzureKeyVaultKey `protobuf:"bytes,4,opt,name=azure_keyvault_key,json=azureKeyvaultKey,proto3,oneof"`
}

type Key_BarbicanKey 

type Key_BarbicanKey struct {
	BarbicanKey *BarbicanKey `protobuf:"bytes,6,opt,name=barbican_key,json=barbicanKey,proto3,oneof"`
}

type Key_GcpKmsKey 

type Key_GcpKmsKey struct {
	GcpKmsKey *GcpKmsKey `protobuf:"bytes,3,opt,name=gcp_kms_key,json=gcpKmsKey,proto3,oneof"`
}

type Key_KmsKey 

type Key_KmsKey struct {
	KmsKey *KmsKey `protobuf:"bytes,1,opt,name=kms_key,json=kmsKey,proto3,oneof"`
}

type Key_PgpKey 

type Key_PgpKey struct {
	PgpKey *PgpKey `protobuf:"bytes,2,opt,name=pgp_key,json=pgpKey,proto3,oneof"`
}

type Key_VaultKey 

type Key_VaultKey struct {
	VaultKey *VaultKey `protobuf:"bytes,5,opt,name=vault_key,json=vaultKey,proto3,oneof"`
}

type KmsKey 

type KmsKey struct {
	Arn                  string            `protobuf:"bytes,1,opt,name=arn,proto3" json:"arn,omitempty"`
	Role                 string            `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"`
	Context              map[string]string `` /* 155-byte string literal not displayed */
	AwsProfile           string            `protobuf:"bytes,4,opt,name=aws_profile,json=awsProfile,proto3" json:"aws_profile,omitempty"`
	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
	XXX_unrecognized     []byte            `json:"-"`
	XXX_sizecache        int32             `json:"-"`
}

func (*KmsKey) Descriptor 

func (*KmsKey) Descriptor() ([]byte, []int)

func (*KmsKey) GetArn 

func (m *KmsKey) GetArn() string

func (*KmsKey) GetAwsProfile 

func (m *KmsKey) GetAwsProfile() string

func (*KmsKey) GetContext 

func (m *KmsKey) GetContext() map[string]string

func (*KmsKey) GetRole 

func (m *KmsKey) GetRole() string

func (*KmsKey) ProtoMessage 

func (*KmsKey) ProtoMessage()

func (*KmsKey) Reset 

func (m *KmsKey) Reset()

func (*KmsKey) String 

func (m *KmsKey) String() string

func (*KmsKey) XXX_DiscardUnknown 

func (m *KmsKey) XXX_DiscardUnknown()

func (*KmsKey) XXX_Marshal 

func (m *KmsKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*KmsKey) XXX_Merge 

func (m *KmsKey) XXX_Merge(src proto.Message)

func (*KmsKey) XXX_Size 

func (m *KmsKey) XXX_Size() int

func (*KmsKey) XXX_Unmarshal 

func (m *KmsKey) XXX_Unmarshal(b []byte) error

type LocalClient 

type LocalClient struct {
	Server Server
}

LocalClient is a key service client that performs all operations locally

func NewLocalClient 

func NewLocalClient() LocalClient

NewLocalClient creates a new local client

func (LocalClient) Decrypt 

func (c LocalClient) Decrypt(ctx context.Context,
	req *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error)

Decrypt processes a decrypt request locally See keyservice/server.go for more details

func (LocalClient) Encrypt 

func (c LocalClient) Encrypt(ctx context.Context,
	req *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error)

Encrypt processes an encrypt request locally See keyservice/server.go for more details

type PgpKey 

type PgpKey struct {
	Fingerprint          string   `protobuf:"bytes,1,opt,name=fingerprint,proto3" json:"fingerprint,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*PgpKey) Descriptor 

func (*PgpKey) Descriptor() ([]byte, []int)

func (*PgpKey) GetFingerprint 

func (m *PgpKey) GetFingerprint() string

func (*PgpKey) ProtoMessage 

func (*PgpKey) ProtoMessage()

func (*PgpKey) Reset 

func (m *PgpKey) Reset()

func (*PgpKey) String 

func (m *PgpKey) String() string

func (*PgpKey) XXX_DiscardUnknown 

func (m *PgpKey) XXX_DiscardUnknown()

func (*PgpKey) XXX_Marshal 

func (m *PgpKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PgpKey) XXX_Merge 

func (m *PgpKey) XXX_Merge(src proto.Message)

func (*PgpKey) XXX_Size 

func (m *PgpKey) XXX_Size() int

func (*PgpKey) XXX_Unmarshal 

func (m *PgpKey) XXX_Unmarshal(b []byte) error

type Server 

type Server struct {
	// Prompt indicates whether the server should prompt before decrypting or encrypting data
	Prompt bool
}

Server is a key service server that uses SOPS MasterKeys to fulfill requests

func (Server) Decrypt 

func (ks Server) Decrypt(ctx context.Context,
	req *DecryptRequest) (*DecryptResponse, error)

Decrypt takes a decrypt request and decrypts the provided ciphertext with the provided key, returning the decrypted result

func (Server) Encrypt 

func (ks Server) Encrypt(ctx context.Context,
	req *EncryptRequest) (*EncryptResponse, error)

Encrypt takes an encrypt request and encrypts the provided plaintext with the provided key, returning the encrypted result

type UnimplementedKeyServiceServer 

type UnimplementedKeyServiceServer struct {
}

UnimplementedKeyServiceServer can be embedded to have forward compatible implementations.

func (*UnimplementedKeyServiceServer) Decrypt 

func (*UnimplementedKeyServiceServer) Decrypt(ctx context.Context, req *DecryptRequest) (*DecryptResponse, error)

func (*UnimplementedKeyServiceServer) Encrypt 

func (*UnimplementedKeyServiceServer) Encrypt(ctx context.Context, req *EncryptRequest) (*EncryptResponse, error)

type VaultKey 

type VaultKey struct {
	VaultAddress         string   `protobuf:"bytes,1,opt,name=vault_address,json=vaultAddress,proto3" json:"vault_address,omitempty"`
	EnginePath           string   `protobuf:"bytes,2,opt,name=engine_path,json=enginePath,proto3" json:"engine_path,omitempty"`
	KeyName              string   `protobuf:"bytes,3,opt,name=key_name,json=keyName,proto3" json:"key_name,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*VaultKey) Descriptor 

func (*VaultKey) Descriptor() ([]byte, []int)

func (*VaultKey) GetEnginePath 

func (m *VaultKey) GetEnginePath() string

func (*VaultKey) GetKeyName 

func (m *VaultKey) GetKeyName() string

func (*VaultKey) GetVaultAddress 

func (m *VaultKey) GetVaultAddress() string

func (*VaultKey) ProtoMessage 

func (*VaultKey) ProtoMessage()

func (*VaultKey) Reset 

func (m *VaultKey) Reset()

func (*VaultKey) String 

func (m *VaultKey) String() string

func (*VaultKey) XXX_DiscardUnknown 

func (m *VaultKey) XXX_DiscardUnknown()

func (*VaultKey) XXX_Marshal 

func (m *VaultKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*VaultKey) XXX_Merge 

func (m *VaultKey) XXX_Merge(src proto.Message)

func (*VaultKey) XXX_Size 

func (m *VaultKey) XXX_Size() int

func (*VaultKey) XXX_Unmarshal 

func (m *VaultKey) XXX_Unmarshal(b []byte) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.