kms

package

v3.7.3 Latest Latest Go to latest Published: May 9, 2022 License: MPL-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/mozilla/sops

Links

Open Source Insights

Documentation ¶

Overview ¶

Package kms contains an implementation of the go.mozilla.org/sops/v3.MasterKey interface that encrypts and decrypts the data key using AWS KMS with the AWS Go SDK.

Index ¶

func ParseKMSContext(in interface{}) map[string]*string
type MasterKey

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ParseKMSContext ¶

func ParseKMSContext(in interface{}) map[string]*string

ParseKMSContext takes either a KMS context map or a comma-separated list of KMS context key:value pairs and returns a map

Types ¶

type MasterKey ¶

type MasterKey struct {
	Arn               string
	Role              string
	EncryptedKey      string
	CreationDate      time.Time
	EncryptionContext map[string]*string
	AwsProfile        string
}

MasterKey is a AWS KMS key used to encrypt and decrypt sops' data key.

func MasterKeysFromArnString ¶

func MasterKeysFromArnString(arn string, context map[string]*string, awsProfile string) []*MasterKey

MasterKeysFromArnString takes a comma separated list of AWS KMS ARNs and returns a slice of new MasterKeys for those ARNs

func NewMasterKey ¶

func NewMasterKey(arn string, role string, context map[string]*string) *MasterKey

NewMasterKey creates a new MasterKey from an ARN, role and context, setting the creation date to the current date

func NewMasterKeyFromArn ¶

func NewMasterKeyFromArn(arn string, context map[string]*string, awsProfile string) *MasterKey

NewMasterKeyFromArn takes an ARN string and returns a new MasterKey for that ARN

func (*MasterKey) Decrypt ¶

func (key *MasterKey) Decrypt() ([]byte, error)

Decrypt decrypts the EncryptedKey field with AWS KMS and returns the result.

func (*MasterKey) Encrypt ¶

func (key *MasterKey) Encrypt(dataKey []byte) error

Encrypt takes a sops data key, encrypts it with KMS and stores the result in the EncryptedKey field

func (*MasterKey) EncryptIfNeeded ¶

func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error

EncryptIfNeeded encrypts the provided sops' data key and encrypts it if it hasn't been encrypted yet

func (*MasterKey) EncryptedDataKey ¶

func (key *MasterKey) EncryptedDataKey() []byte

EncryptedDataKey returns the encrypted data key this master key holds

func (*MasterKey) NeedsRotation ¶

func (key *MasterKey) NeedsRotation() bool

NeedsRotation returns whether the data key needs to be rotated or not.

func (*MasterKey) SetEncryptedDataKey ¶

func (key *MasterKey) SetEncryptedDataKey(enc []byte)

SetEncryptedDataKey sets the encrypted data key for this master key

func (MasterKey) ToMap ¶

func (key MasterKey) ToMap() map[string]interface{}

ToMap converts the MasterKey to a map for serialization purposes

func (*MasterKey) ToString ¶

func (key *MasterKey) ToString() string

ToString converts the key to a string representation

Source Files ¶

View all Source files

keysource.go

Directories ¶

Path	Synopsis
mocks

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL