envelope

package
Version: v1.14.6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 16, 2019 License: Apache-2.0, Apache-2.0 Imports: 17 Imported by: 0

Documentation

Overview

Package envelope transforms values for storage at rest using a Envelope provider

Package envelope transforms values for storage at rest using a Envelope provider

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewEnvelopeTransformer

func NewEnvelopeTransformer(envelopeService Service, cacheSize int, baseTransformerFunc func(cipher.Block) value.Transformer) (value.Transformer, error)

NewEnvelopeTransformer returns a transformer which implements a KEK-DEK based envelope encryption scheme. It uses envelopeService to encrypt and decrypt DEKs. Respective DEKs (in encrypted form) are prepended to the data items they encrypt. A cache (of size cacheSize) is maintained to store the most recently used decrypted DEKs in memory.

Types

type Service

type Service interface {
	// Decrypt a given bytearray to obtain the original data as bytes.
	Decrypt(data []byte) ([]byte, error)
	// Encrypt bytes to a ciphertext.
	Encrypt(data []byte) ([]byte, error)
}

Service allows encrypting and decrypting data using an external Key Management Service.

func NewGRPCService added in v1.10.0

func NewGRPCService(endpoint string, callTimeout time.Duration) (Service, error)

NewGRPCService returns an envelope.Service which use gRPC to communicate the remote KMS provider.

Directories

Path Synopsis
Package v1beta1 is a generated protocol buffer package.
Package v1beta1 is a generated protocol buffer package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL