Documentation

Index

Constants

View Source
const KMS_ENC_CTX_BUG_FIXED_VERSION = "3.3.0"

    KMS_ENC_CTX_BUG_FIXED_VERSION represents the SOPS version in which the encryption context bug was fixed

    Variables

    This section is empty.

    Functions

    func DecryptTree

    func DecryptTree(opts DecryptTreeOpts) (dataKey []byte, err error)

      DecryptTree decrypts the tree passed in through the DecryptTreeOpts and additionally returns the decrypted data key

      func DetectKMSEncryptionContextBug

      func DetectKMSEncryptionContextBug(tree *sops.Tree) (bool, error)

        DetectKMSEncryptionContextBug returns true if the encryption context bug is detected in a given runtime sops.Tree object

        func EncryptTree

        func EncryptTree(opts EncryptTreeOpts) error

          EncryptTree encrypts the tree passed in through the EncryptTreeOpts

          func FixAWSKMSEncryptionContextBug

          func FixAWSKMSEncryptionContextBug(opts GenericDecryptOpts, tree *sops.Tree) (*sops.Tree, error)

            FixAWSKMSEncryptionContextBug is used to fix the issue described in https://github.com/mozilla/sops/pull/435

            func GetKMSKeyWithEncryptionCtx

            func GetKMSKeyWithEncryptionCtx(tree *sops.Tree) (keyGroupIndex int, keyIndex int, key *kms.MasterKey)

              GetKMSKeyWithEncryptionCtx returns the first KMS key affected by the encryption context bug as well as its location in the key groups.

              func LoadEncryptedFile

              func LoadEncryptedFile(loader sops.EncryptedFileLoader, inputPath string) (*sops.Tree, error)

                LoadEncryptedFile loads an encrypted SOPS file, returning a SOPS tree

                func LoadEncryptedFileWithBugFixes

                func LoadEncryptedFileWithBugFixes(opts GenericDecryptOpts) (*sops.Tree, error)

                  LoadEncryptedFileWithBugFixes is a wrapper around LoadEncryptedFile which includes check for the issue described in https://github.com/mozilla/sops/pull/435

                  func NewExitError

                  func NewExitError(i interface{}, exitCode int) *cli.ExitError

                    NewExitError returns a cli.ExitError given an error (wrapped in a generic interface{}) and an exit code to represent the failure

                    func PrettyPrintDiffs

                    func PrettyPrintDiffs(diffs []Diff)

                      PrettyPrintDiffs prints a slice of Diff objects to stdout

                      func RecoverDataKeyFromBuggyKMS

                      func RecoverDataKeyFromBuggyKMS(opts GenericDecryptOpts, tree *sops.Tree) []byte

                        RecoverDataKeyFromBuggyKMS loops through variations on Encryption Context to recover the datakey. This is used to fix the issue described in https://github.com/mozilla/sops/pull/435

                        Types

                        type DecryptTreeOpts

                        type DecryptTreeOpts struct {
                        	// Tree is the tree to be decrypted
                        	Tree *sops.Tree
                        	// KeyServices are the key services to be used for decryption of the data key
                        	KeyServices []keyservice.KeyServiceClient
                        	// IgnoreMac is whether or not to ignore the Message Authentication Code included in the SOPS tree
                        	IgnoreMac bool
                        	// Cipher is the cryptographic cipher to use to decrypt the values inside the tree
                        	Cipher sops.Cipher
                        }

                          DecryptTreeOpts are the options needed to decrypt a tree

                          type Diff

                          type Diff struct {
                          	Common  []keys.MasterKey
                          	Added   []keys.MasterKey
                          	Removed []keys.MasterKey
                          }

                            Diff represents a key diff

                            func DiffKeyGroups

                            func DiffKeyGroups(ours, theirs []sops.KeyGroup) []Diff

                              DiffKeyGroups returns the list of diffs found in two sops.keyGroup slices

                              type EncryptTreeOpts

                              type EncryptTreeOpts struct {
                              	// Tree is the tree to be encrypted
                              	Tree *sops.Tree
                              	// Cipher is the cryptographic cipher to use to encrypt the values inside the tree
                              	Cipher sops.Cipher
                              	// DataKey is the key the cipher should use to encrypt the values inside the tree
                              	DataKey []byte
                              }

                                EncryptTreeOpts are the options needed to encrypt a tree

                                type ExampleFileEmitter

                                type ExampleFileEmitter interface {
                                	EmitExample() []byte
                                }

                                  ExampleFileEmitter emits example files. This is used by the `sops` binary whenever a new file is created, in order to present the user with a non-empty file

                                  type GenericDecryptOpts

                                  type GenericDecryptOpts struct {
                                  	Cipher      sops.Cipher
                                  	InputStore  sops.Store
                                  	InputPath   string
                                  	IgnoreMAC   bool
                                  	KeyServices []keyservice.KeyServiceClient
                                  }

                                    GenericDecryptOpts represents decryption options and config

                                    type Store

                                    type Store interface {
                                    	sops.Store
                                    	ExampleFileEmitter
                                    }

                                      Store handles marshaling and unmarshaling from SOPS files

                                      func DefaultStoreForPath

                                      func DefaultStoreForPath(path string) Store

                                        DefaultStoreForPath returns the correct format-specific implementation of the Store interface given the path to a file

                                        func DefaultStoreForPathOrFormat

                                        func DefaultStoreForPathOrFormat(path, format string) Store

                                          DefaultStoreForPathOrFormat returns the correct format-specific implementation of the Store interface given the formatString if specified, or the path to a file. This is to support the cli, where both are provided.

                                          func StoreForFormat

                                          func StoreForFormat(format Format) Store

                                            StoreForFormat returns the correct format-specific implementation of the Store interface given the format.

                                            Source Files