Documentation ¶
Index ¶
- type Client
- func (c *Client) AssignIdentity(policy string, id Identity) error
- func (c *Client) CreateKey(name string) error
- func (c *Client) DecryptDataKey(name string, ciphertext, context []byte) ([]byte, error)
- func (c *Client) DeleteKey(name string) error
- func (c *Client) DeletePolicy(name string) error
- func (c *Client) ForgetIdentity(id Identity) error
- func (c *Client) GenerateDataKey(name string, context []byte) ([]byte, []byte, error)
- func (c *Client) ImportKey(name string, key []byte) error
- func (c *Client) ListIdentities(pattern string) (map[Identity]string, error)
- func (c *Client) ListPolicies(pattern string) ([]string, error)
- func (c *Client) ReadPolicy(name string) (*Policy, error)
- func (c *Client) TraceAuditLog() (io.ReadCloser, error)
- func (c *Client) Transport(transport http.RoundTripper)
- func (c *Client) Version() (string, error)
- func (c *Client) WritePolicy(name string, policy *Policy) error
- type Error
- type Identity
- type Policy
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
func (*Client) CreateKey ¶
CreateKey tries to create a new master key with the specified name. The master key will be generated by the KES server.
func (*Client) DecryptDataKey ¶
func (*Client) DeletePolicy ¶
func (*Client) ForgetIdentity ¶
func (*Client) GenerateDataKey ¶
func (*Client) ImportKey ¶ added in v0.5.0
ImportKey tries to import key as new master key with the specified name. In contrast to CreateKey, the client specifies, and therefore, knows the value of the master key.
func (*Client) ListIdentities ¶
func (*Client) TraceAuditLog ¶ added in v0.5.0
func (c *Client) TraceAuditLog() (io.ReadCloser, error)
func (*Client) Transport ¶
func (c *Client) Transport(transport http.RoundTripper)
type Error ¶ added in v0.6.0
type Error struct {
// contains filtered or unexported fields
}
Error is the type of client-server API errors. A Client returns an Error if a server responds with a well-formed error message.
An Error contains the HTTP status code sent by the server. Errors with the same status code and error message are equal. In particular:
ErrKeyExists == NewError(400, "key does already exist") // true
The client may distinguish errors as following:
switch err := client.CreateKey("example-key"); err { case nil: // Success! case ErrKeyExists: // The key "example-key" already exists. case ErrNotAllowed: // We don't have the permission to create this key. default: // Something else when wrong. }
var ( ErrKeyNotFound Error = NewError(http.StatusNotFound, "key does not exist") ErrKeyExists Error = NewError(http.StatusBadRequest, "key does already exist") ErrNotAllowed Error = NewError(http.StatusForbidden, "prohibited by policy") )
type Identity ¶
type Identity string
An Identity should uniquely identify a client and is computed from the X.509 certificate presented by the client during the TLS handshake using an IdentityFunc.
const IdentityUnknown Identity = ""
IdentityUnknown is the identity returned by an IdentityFunc if it cannot map a particular X.509 certificate to an actual identity.
type Policy ¶
type Policy struct {
// contains filtered or unexported fields
}
func (Policy) MarshalJSON ¶
func (Policy) MarshalTOML ¶
func (*Policy) UnmarshalJSON ¶
func (*Policy) UnmarshalTOML ¶
Directories ¶
Path | Synopsis |
---|---|
cmd
|
|
internal
|
|
cache
Package cache implements an in-memory cache for secret keys.
|
Package cache implements an in-memory cache for secret keys. |
fs
Package fs implements a secret key store that stores secret keys as files on the file system.
|
Package fs implements a secret key store that stores secret keys as files on the file system. |
mem
Package mem implements an in-memory secret key store.
|
Package mem implements an in-memory secret key store. |
vault
Package vault implements a secret key store that stores secret keys as key-value entries on the Hashicorp Vault K/V secret backend.
|
Package vault implements a secret key store that stores secret keys as key-value entries on the Hashicorp Vault K/V secret backend. |