Documentation
¶
Index ¶
- Variables
- func NewKeyManager(credentialPath string) (baseKMS.KeyManager, error)
- type Configuration
- type KMSClient
- func (e *KMSClient) CreateAlias(ctx context.Context, keyID, aliasName string) error
- func (e *KMSClient) CreateKey(ctx context.Context, keyMetadata baseKMS.CreateKeyMetadata) (*types.KeyMetadata, error)
- func (e *KMSClient) Decrypt(ctx context.Context, keyID string, blob []byte, context map[string]string) ([]byte, error)
- func (e *KMSClient) Encrypt(ctx context.Context, keyID string, data []byte, context map[string]string) ([]byte, error)
- func (e *KMSClient) ListAliases(ctx context.Context, keyID *string) ([]types.AliasListEntry, error)
- type KeyManager
- func (k *KeyManager) CreateKey(ctx context.Context, metaData baseKMS.CreateKeyMetadata) (*baseKMS.KeyMetadata, error)
- func (k *KeyManager) Decrypt(ctx context.Context, keyID []byte, blob []byte, context []byte) ([]byte, error)
- func (k *KeyManager) Encrypt(ctx context.Context, keyID []byte, data []byte, context []byte) ([]byte, error)
- func (k *KeyManager) ID() string
- func (k *KeyManager) IsKeyExist(ctx context.Context, keyID string) (bool, error)
Constants ¶
This section is empty.
Variables ¶
var ErrAliasIsNotAppliedToKey = errors.New("error creating alias for KMS key")
ErrAliasIsNotAppliedToKey describe the error returned if AWS KMS cant applied alias for created key
Functions ¶
func NewKeyManager ¶
func NewKeyManager(credentialPath string) (baseKMS.KeyManager, error)
NewKeyManager create new AWS KeyManager which implement kms.KeyManager interface
Types ¶
type Configuration ¶
type Configuration struct {
AccessKeyID string `json:"access_key_id"`
SecretAccessKey string `json:"secret_access_key"`
Region string `json:"region"`
Endpoint *string `json:"endpoint,omitempty"`
}
Configuration represent configuration file structure for AWS KMS
type KMSClient ¶
type KMSClient struct {
// contains filtered or unexported fields
}
KMSClient represent general AWS KMS client
func NewKMSClient ¶
func NewKMSClient(cfg *Configuration) (*KMSClient, error)
NewKMSClient create new KMS AWS client
func (*KMSClient) CreateAlias ¶
CreateAlias create alias for provided KeyID
func (*KMSClient) CreateKey ¶
func (e *KMSClient) CreateKey(ctx context.Context, keyMetadata baseKMS.CreateKeyMetadata) (*types.KeyMetadata, error)
CreateKey create KMS KEK with provided metadata
func (*KMSClient) Decrypt ¶
func (e *KMSClient) Decrypt(ctx context.Context, keyID string, blob []byte, context map[string]string) ([]byte, error)
Decrypt AWS KMS Decrypt call
func (*KMSClient) Encrypt ¶
func (e *KMSClient) Encrypt(ctx context.Context, keyID string, data []byte, context map[string]string) ([]byte, error)
Encrypt AWS KMS Encrypt call
func (*KMSClient) ListAliases ¶
ListAliases list all available KMS key aliases in different regions
type KeyManager ¶
type KeyManager struct {
// contains filtered or unexported fields
}
KeyManager is AWS implementation of kms.KeyManager
func (*KeyManager) CreateKey ¶
func (k *KeyManager) CreateKey(ctx context.Context, metaData baseKMS.CreateKeyMetadata) (*baseKMS.KeyMetadata, error)
CreateKey create key on KMS according to specification
func (*KeyManager) Decrypt ¶
func (k *KeyManager) Decrypt(ctx context.Context, keyID []byte, blob []byte, context []byte) ([]byte, error)
Decrypt implementation of kms.Encryptor method
func (*KeyManager) Encrypt ¶
func (k *KeyManager) Encrypt(ctx context.Context, keyID []byte, data []byte, context []byte) ([]byte, error)
Encrypt implementation of kms.Encryptor method
func (*KeyManager) IsKeyExist ¶
IsKeyExist check if key is present on KMS
Source Files