kms

package
Version: v3.7.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 8, 2021 License: MPL-2.0 Imports: 15 Imported by: 0

Documentation

Overview

Package kms contains an implementation of the go.mozilla.org/sops/v3.MasterKey interface that encrypts and decrypts the data key using AWS KMS with the AWS Go SDK.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ParseKMSContext

func ParseKMSContext(in interface{}) map[string]*string

ParseKMSContext takes either a KMS context map or a comma-separated list of KMS context key:value pairs and returns a map

Types

type MasterKey

type MasterKey struct {
	Arn               string
	Role              string
	EncryptedKey      string
	CreationDate      time.Time
	EncryptionContext map[string]*string
	AwsProfile        string
}

MasterKey is a AWS KMS key used to encrypt and decrypt sops' data key.

func MasterKeysFromArnString

func MasterKeysFromArnString(arn string, context map[string]*string, awsProfile string) []*MasterKey

MasterKeysFromArnString takes a comma separated list of AWS KMS ARNs and returns a slice of new MasterKeys for those ARNs

func NewMasterKey

func NewMasterKey(arn string, role string, context map[string]*string) *MasterKey

NewMasterKey creates a new MasterKey from an ARN, role and context, setting the creation date to the current date

func NewMasterKeyFromArn

func NewMasterKeyFromArn(arn string, context map[string]*string, awsProfile string) *MasterKey

NewMasterKeyFromArn takes an ARN string and returns a new MasterKey for that ARN

func (*MasterKey) Decrypt

func (key *MasterKey) Decrypt() ([]byte, error)

Decrypt decrypts the EncryptedKey field with AWS KMS and returns the result.

func (*MasterKey) Encrypt

func (key *MasterKey) Encrypt(dataKey []byte) error

Encrypt takes a sops data key, encrypts it with KMS and stores the result in the EncryptedKey field

func (*MasterKey) EncryptIfNeeded

func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error

EncryptIfNeeded encrypts the provided sops' data key and encrypts it if it hasn't been encrypted yet

func (*MasterKey) EncryptedDataKey

func (key *MasterKey) EncryptedDataKey() []byte

EncryptedDataKey returns the encrypted data key this master key holds

func (*MasterKey) NeedsRotation

func (key *MasterKey) NeedsRotation() bool

NeedsRotation returns whether the data key needs to be rotated or not.

func (*MasterKey) SetEncryptedDataKey

func (key *MasterKey) SetEncryptedDataKey(enc []byte)

SetEncryptedDataKey sets the encrypted data key for this master key

func (MasterKey) ToMap

func (key MasterKey) ToMap() map[string]interface{}

ToMap converts the MasterKey to a map for serialization purposes

func (*MasterKey) ToString

func (key *MasterKey) ToString() string

ToString converts the key to a string representation

Source Files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL