encryptionconfig

package
v1.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 23, 2018 License: Apache-2.0, Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetAESPrefixTransformer 

func GetAESPrefixTransformer(config *AESConfig, fn BlockTransformerFunc, prefix string) (value.PrefixTransformer, error)

GetAESPrefixTransformer returns a prefix transformer from the provided configuration. Returns an AES transformer based on the provided prefix and block transformer.

func GetPrefixTransformers 

func GetPrefixTransformers(config *ResourceConfig) ([]value.PrefixTransformer, error)

GetPrefixTransformers constructs and returns the appropriate prefix transformers for the passed resource using its configuration

func GetSecretboxPrefixTransformer 

func GetSecretboxPrefixTransformer(config *SecretboxConfig) (value.PrefixTransformer, error)

GetSecretboxPrefixTransformer returns a prefix transformer from the provided configuration

func GetTransformerOverrides 

func GetTransformerOverrides(filepath string) (map[schema.GroupResource]value.Transformer, error)

GetTransformerOverrides returns the transformer overrides by reading and parsing the encryption provider configuration file

func ParseEncryptionConfiguration 

func ParseEncryptionConfiguration(f io.Reader) (map[schema.GroupResource]value.Transformer, error)

ParseEncryptionConfiguration parses configuration data and returns the transformer overrides

Types

type AESConfig 

type AESConfig struct {
	// keys is a list of keys to be used for creating the AES transformer.
	// Each key has to be 32 bytes long for AES-CBC and 16, 24 or 32 bytes for AES-GCM.
	Keys []Key `json:"keys"`
}

AESConfig contains the API configuration for an AES transformer.

type BlockTransformerFunc 

type BlockTransformerFunc func(cipher.Block) value.Transformer

BlockTransformerFunc takes an AES cipher block and returns a value transformer.

type EncryptionConfig 

type EncryptionConfig struct {
	// kind is the type of configuration file.
	Kind string `json:"kind"`
	// apiVersion is the API version this file has to be parsed as.
	APIVersion string `json:"apiVersion"`
	// resources is a list containing resources, and their corresponding encryption providers.
	Resources []ResourceConfig `json:"resources"`
}

EncryptionConfig stores the complete configuration for encryption providers.

type IdentityConfig 

type IdentityConfig struct{}

IdentityConfig is an empty struct to allow identity transformer in provider configuration.

type KMSConfig added in v1.8.0 

type KMSConfig struct {
	// name is the name of the KMS plugin to be used.
	Name string `json:"name"`
	// cacheSize is the maximum number of secrets which are cached in memory. The default value is 1000.
	// +optional
	CacheSize int `json:"cachesize,omitempty"`
	// the gRPC server listening address, for example "unix:///var/run/kms-provider.sock".
	Endpoint string `json:"endpoint"`
}

KMSConfig contains the name, cache size and path to configuration file for a KMS based envelope transformer.

type Key 

type Key struct {
	// name is the name of the key to be used while storing data to disk.
	Name string `json:"name"`
	// secret is the actual key, encoded in base64.
	Secret string `json:"secret"`
}

Key contains name and secret of the provided key for a transformer.

type ProviderConfig 

type ProviderConfig struct {
	// aesgcm is the configuration for the AES-GCM transformer.
	AESGCM *AESConfig `json:"aesgcm,omitempty"`
	// aescbc is the configuration for the AES-CBC transformer.
	AESCBC *AESConfig `json:"aescbc,omitempty"`
	// secretbox is the configuration for the Secretbox based transformer.
	Secretbox *SecretboxConfig `json:"secretbox,omitempty"`
	// identity is the (empty) configuration for the identity transformer.
	Identity *IdentityConfig `json:"identity,omitempty"`
	// kms contains the name, cache size and path to configuration file for a KMS based envelope transformer.
	KMS *KMSConfig `json:"kms,omitempty"`
}

ProviderConfig stores the provided configuration for an encryption provider.

type ResourceConfig 

type ResourceConfig struct {
	// resources is a list of kubernetes resources which have to be encrypted.
	Resources []string `json:"resources"`
	// providers is a list of transformers to be used for reading and writing the resources to disk.
	// eg: aesgcm, aescbc, secretbox, identity.
	Providers []ProviderConfig `json:"providers"`
}

ResourceConfig stores per resource configuration.

type SecretboxConfig 

type SecretboxConfig struct {
	// keys is a list of keys to be used for creating the Secretbox transformer.
	// Each key has to be 32 bytes long.
	Keys []Key `json:"keys"`
}

SecretboxConfig contains the API configuration for an Secretbox transformer.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.