Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrMissingEncType = newSecureS3ClientError("Object metadata missing encryptionType")
ErrMissingEncType indicates the object metadata missing encryptionType
var ErrMissingIV = newSecureS3ClientError("Object metadata missing encryptionIV")
ErrMissingIV indicates object metadata missing encryptionIv
Functions ¶
func NewCredProvider ¶
func NewCredProvider(accessKeyID string, secretKey string) credentials.Provider
NewCredProvider returns an implementation of aws credentials.Provider. The returned object stores the credentials in memory and does not support key rotation.
Types ¶
type AESDecryptor ¶
type AESDecryptor struct {
// contains filtered or unexported fields
}
AESDecryptor is an implementation of io.Reader that takes a cipher text reader and converts it into plain text
func NewAESDecryptor ¶
func NewAESDecryptor(encKey []byte, encIv []byte, reader io.ReadCloser) (*AESDecryptor, error)
NewAESDecryptor returns a new decryptor stream that decrypts using the given key and iv
func (*AESDecryptor) Close ¶
func (e *AESDecryptor) Close() error
Close closes the underlying stream
type AESEncryptor ¶
type AESEncryptor struct {
// contains filtered or unexported fields
}
AESEncryptor is an implementation of io.Reader that takes a plain text Reader and converts it into AES cipher text
func NewAESEncryptor ¶
NewAESEncryptor returns a new encryptor stream that encrypts using the given key and iv
type CredProvider ¶
type CredProvider struct {
// contains filtered or unexported fields
}
CredProvider is an implementation of aws credentials.Provider interface
func (*CredProvider) IsExpired ¶
func (p *CredProvider) IsExpired() bool
IsExpired returns true if the credentials are expired. Always returns false
func (*CredProvider) Retrieve ¶
func (p *CredProvider) Retrieve() (credentials.Value, error)
Retrieve returns the credentials stored
type SecureS3Client ¶
type SecureS3Client interface {
// Get fetches an object from S3 and decrypts it
Get(bucket string, key string) (io.ReadCloser, error)
// Put encrypts and stores the object in S3
Put(bucket string, key string, body io.Reader) error
// List lists objects with prefix
List(bucket string, prefix string) (map[string]int64, error)
}
SecureS3Client is an interface that all implementations doing client side encryption and decryption on top of s3 must adhere to.
func NewSecureS3Client ¶
func NewSecureS3Client(region string, credProvider credentials.Provider, aesKey []byte) SecureS3Client
NewSecureS3Client creates and returns a new SecureS3Client The returned client will do client side encryption and decryption for all objects stored / fetched from S3. Only objects previously stored using this client can be retrieved. For decryption, its the caller's responsiblility to make sure the same aes key used for encryption is supplied.
type SecureS3ClientError ¶
type SecureS3ClientError struct {
// contains filtered or unexported fields
}
SecureS3ClientError indicates any
error from SecureS3Client
func (*SecureS3ClientError) Error ¶
func (c *SecureS3ClientError) Error() string
Error implements error interface
Source Files