Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewKMSWrapper ¶
NewKMSWrapper returns a core.KeyEngineWrapper. It securly generates and encrypts keys' values using a KMS Master key.
It lightens the wrapped engine's security requirements which can be built on top of a regular database.
Using a cacheWrapper on top of KMSWrapper may significantly reduce costs related to the latter in exchange of some risks i.e., plain-text data keys may be kept longer in memory.
Types ¶
type ClientAPI ¶
type ClientAPI interface {
GenerateDataKey(ctx context.Context, params *kms.GenerateDataKeyInput, optFns ...func(*kms.Options)) (*kms.GenerateDataKeyOutput, error)
Encrypt(ctx context.Context, params *kms.EncryptInput, optFns ...func(*kms.Options)) (*kms.EncryptOutput, error)
Decrypt(ctx context.Context, params *kms.DecryptInput, optFns ...func(*kms.Options)) (*kms.DecryptOutput, error)
ReEncrypt(ctx context.Context, params *kms.ReEncryptInput, optFns ...func(*kms.Options)) (*kms.ReEncryptOutput, error)
}
ClientAPI presents an interface for a sub-part of the AWS KMS client service: "github.com/aws/aws-sdk-go-v2/service/kms"
type KMSKeyResolver ¶
type KMSKeyResolver interface {
KeyOf(ctx context.Context, namespace, subID string) (kmsKey string, err error)
}
KMSKeyResolver allows to map a namespace or subject to a KMS Key.
func NewStaticKMSKeyResolver ¶
func NewStaticKMSKeyResolver(kmsKey string) KMSKeyResolver
NewStaticKMSKeyResolver returns KMSKeyResolver that associate the given KMS Key to all namespaces.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.