Documentation
¶
Overview ¶
Package kms contains an implementation of the github.com/getsops/sops/v3.MasterKey interface that encrypts and decrypts the data key using AWS KMS with the SDK for Go V2.
Index ¶
- func ParseKMSContext(in interface{}) map[string]*string
- type CredentialsProvider
- type MasterKey
- func (key *MasterKey) Decrypt() ([]byte, error)
- func (key *MasterKey) Encrypt(dataKey []byte) error
- func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error
- func (key *MasterKey) EncryptedDataKey() []byte
- func (key *MasterKey) NeedsRotation() bool
- func (key *MasterKey) SetEncryptedDataKey(enc []byte)
- func (key MasterKey) ToMap() map[string]interface{}
- func (key *MasterKey) ToString() string
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ParseKMSContext ¶
ParseKMSContext takes either a KMS context map or a comma-separated list of KMS context key:value pairs, and returns a map.
Types ¶
type CredentialsProvider ¶
type CredentialsProvider struct {
// contains filtered or unexported fields
}
CredentialsProvider is a wrapper around aws.CredentialsProvider used for authentication towards AWS KMS.
func NewCredentialsProvider ¶
func NewCredentialsProvider(cp aws.CredentialsProvider) *CredentialsProvider
NewCredentialsProvider returns a CredentialsProvider object with the provided aws.CredentialsProvider.
func (CredentialsProvider) ApplyToMasterKey ¶
func (c CredentialsProvider) ApplyToMasterKey(key *MasterKey)
ApplyToMasterKey configures the credentials on the provided key.
type MasterKey ¶
type MasterKey struct {
// Arn associated with the AWS KMS key.
Arn string
// Role ARN used to assume a role through AWS STS.
Role string
// EncryptedKey stores the data key in it's encrypted form.
EncryptedKey string
// CreationDate is when this MasterKey was created.
CreationDate time.Time
// EncryptionContext provides additional context about the data key.
// Ref: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
EncryptionContext map[string]*string
// AwsProfile is the profile to use for loading configuration and credentials.
// Ref: https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/#specifying-profiles
AwsProfile string
// contains filtered or unexported fields
}
MasterKey is an AWS KMS key used to encrypt and decrypt SOPS' data key using AWS SDK for Go V2.
func MasterKeysFromArnString ¶
func MasterKeysFromArnString(arn string, context map[string]*string, awsProfile string) []*MasterKey
MasterKeysFromArnString takes a comma separated list of AWS KMS ARNs, and returns a slice of new MasterKeys for those ARNs.
func NewMasterKey ¶
NewMasterKey creates a new MasterKey from an ARN, role and context, setting the creation date to the current date.
func NewMasterKeyFromArn ¶
NewMasterKeyFromArn takes an ARN string and returns a new MasterKey for that ARN.
func (*MasterKey) Decrypt ¶
Decrypt decrypts the EncryptedKey with a newly created AWS KMS config, and returns the result.
func (*MasterKey) Encrypt ¶
Encrypt takes a SOPS data key, encrypts it with KMS and stores the result in the EncryptedKey field.
func (*MasterKey) EncryptIfNeeded ¶
EncryptIfNeeded encrypts the provided SOPS data key, if it has not been encrypted yet.
func (*MasterKey) EncryptedDataKey ¶
EncryptedDataKey returns the encrypted data key this master key holds.
func (*MasterKey) NeedsRotation ¶
NeedsRotation returns whether the data key needs to be rotated or not.
func (*MasterKey) SetEncryptedDataKey ¶
SetEncryptedDataKey sets the encrypted data key for this master key.
Source Files