encryption

package

v0.3.0 Latest Latest Go to latest Published: May 18, 2025 License: Apache-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/steveh/ecstoolkit

Links

Open Source Insights

Documentation ¶

Overview ¶

Package encryption provides encryption and decryption functionality using AWS KMS.

Index ¶

Constants
func KMSGenerateDataKey(ctx context.Context, kmsKeyID string, svc *kms.Client, ...) ([]byte, []byte, error)
type Context
type Encrypter
- func NewEncrypter(ctx context.Context, logger log.T, kmsKeyID string, encryptionContext Context, ...) (*Encrypter, error)
type IEncrypter
type KMSKeyProvider

Constants ¶

View Source

const KMSKeySizeInBytes int32 = 64

KMSKeySizeInBytes is the key size that is fetched from KMS. 64 bytes key is split into two halves. First half 32 bytes key is used by agent for encryption and second half 32 bytes by clients like cli/console.

Variables ¶

This section is empty.

Functions ¶

func KMSGenerateDataKey ¶

func KMSGenerateDataKey(ctx context.Context, kmsKeyID string, svc *kms.Client, encryptionContext Context) ([]byte, []byte, error)

KMSGenerateDataKey gets cipher text and plain text keys from KMS service. It returns the encrypted data key and the plaintext data key.

Types ¶

type Context ¶

type Context map[string]string

Context is a map that holds the encryption context for KMS.

type Encrypter ¶

type Encrypter struct {
	KMSService *kms.Client
	// contains filtered or unexported fields
}

Encrypter implements the IEncrypter interface using AWS KMS for key management.

func NewEncrypter ¶

func NewEncrypter(ctx context.Context, logger log.T, kmsKeyID string, encryptionContext Context, kmsService *kms.Client) (*Encrypter, error)

NewEncrypter creates a new Encrypter instance with the given KMS key and encryption context.

func (*Encrypter) Decrypt ¶

func (e *Encrypter) Decrypt(cipherText []byte) ([]byte, error)

Decrypt decrypts a byte slice and returns the decrypted slice.

func (*Encrypter) Encrypt ¶

func (e *Encrypter) Encrypt(plainText []byte) ([]byte, error)

Encrypt encrypts a byte slice and returns the encrypted slice.

func (*Encrypter) GetEncryptedDataKey ¶

func (e *Encrypter) GetEncryptedDataKey() []byte

GetEncryptedDataKey returns the cipherText that was pulled from KMS.

func (*Encrypter) GetKMSKeyID ¶

func (e *Encrypter) GetKMSKeyID() string

GetKMSKeyID gets the KMS key id that is used to generate the encryption key.

type IEncrypter ¶

type IEncrypter interface {
	Encrypt(plainText []byte) (cipherText []byte, err error)
	Decrypt(cipherText []byte) (plainText []byte, err error)
	GetEncryptedDataKey() (ciptherTextBlob []byte)
}

IEncrypter defines the interface for encryption and decryption operations.

type KMSKeyProvider ¶

type KMSKeyProvider interface {
	GenerateDataKey()
}

KMSKeyProvider defines the interface for AWS KMS key operations.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mocks Package mocks provides a mock implementation of the IEncryptorBuilder interface for testing purposes.	Package mocks provides a mock implementation of the IEncryptorBuilder interface for testing purposes.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL