Version: v0.33.0 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Aug 20, 2021 License: Apache-2.0 Imports: 14 Imported by: 1



Package aws provides Keyless Authentication for services running on AWS.



This section is empty.


View Source
var (
	ErrNoAWSCredentials     = awsErr.Code("no_aws_credentials").Error("could not find any AWS credentials. See for how to configure your credentials")
	ErrInvalidAWSCredential = awsErr.Code("invalid_credential").Error("credentials were not accepted by AWS")
	ErrAWSRequestError      = awsErr.Code("request_error").Error("could not send AWS request")
	ErrAWSNotFound          = awsErr.Code("not_found")
	ErrAWSAccessDenied      = awsErr.Code("access_denied")



func GetEncryptRequest

func GetEncryptRequest(plaintext string, keyID string, kmsSvc kmsiface.KMSAPI) ([]byte, error)

GetEncryptRequest returns the raw bytes of a signed AWS KMS EncryptRequest.

func HandleError added in v0.28.0

func HandleError(err error) error


type CredentialCreator

type CredentialCreator struct {
	// contains filtered or unexported fields

CredentialCreator is an implementation of the secrethub.Verifier and secrethub.Encrypter interface that can be used to create an AWS service account.

func NewCredentialCreator

func NewCredentialCreator(keyID, role string, cfgs ...*aws.Config) (*CredentialCreator, map[string]string, error)

NewCredentialCreator returns a CredentialCreator that uses the provided AWS KMS key and IAM role to create a new credential. The AWS credential is configured with the optionally provided aws.Config.

func (CredentialCreator) AddProof

AddProof adds proof of access to the AWS account to the CreateCredentialRequest.

func (CredentialCreator) Export

func (c CredentialCreator) Export() ([]byte, string, error)

Verifier returns the verifier of an AWS service.

func (CredentialCreator) Type

Type returns the credential type of an AWS service.

func (CredentialCreator) Wrap

func (c CredentialCreator) Wrap(plaintext []byte) (*api.EncryptedData, error)

Wrap the provided plaintext with using AWS KMS.

type KMSDecrypter

type KMSDecrypter struct {
	// contains filtered or unexported fields

KMSDecrypter is an implementation of the secrethub.Decrypter interface that uses AWS KMS for decryption.

func NewKMSDecrypter

func NewKMSDecrypter(cfgs ...*aws.Config) (*KMSDecrypter, error)

NewKMSDecrypter returns a new KMSDecrypter that uses the provided configuration to configure the AWS session.

func (KMSDecrypter) Unwrap

func (d KMSDecrypter) Unwrap(ciphertext *api.EncryptedData) ([]byte, error)

Unwrap the provided ciphertext using AWS KMS.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL