keyservice

package
v3.6.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 14, 2020 License: MPL-2.0 Imports: 14 Imported by: 0

Documentation

Overview

Package keyservice implements a gRPC API that can be used by SOPS to encrypt and decrypt the data key using remote master keys.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RegisterKeyServiceServer 

func RegisterKeyServiceServer(s *grpc.Server, srv KeyServiceServer)

Types

type AzureKeyVaultKey 

type AzureKeyVaultKey struct {
	VaultUrl             string   `protobuf:"bytes,1,opt,name=vault_url,json=vaultUrl,proto3" json:"vault_url,omitempty"`
	Name                 string   `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
	Version              string   `protobuf:"bytes,3,opt,name=version,proto3" json:"version,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*AzureKeyVaultKey) Descriptor 

func (*AzureKeyVaultKey) Descriptor() ([]byte, []int)

func (*AzureKeyVaultKey) GetName 

func (m *AzureKeyVaultKey) GetName() string

func (*AzureKeyVaultKey) GetVaultUrl 

func (m *AzureKeyVaultKey) GetVaultUrl() string

func (*AzureKeyVaultKey) GetVersion 

func (m *AzureKeyVaultKey) GetVersion() string

func (*AzureKeyVaultKey) ProtoMessage 

func (*AzureKeyVaultKey) ProtoMessage()

func (*AzureKeyVaultKey) Reset 

func (m *AzureKeyVaultKey) Reset()

func (*AzureKeyVaultKey) String 

func (m *AzureKeyVaultKey) String() string

func (*AzureKeyVaultKey) XXX_DiscardUnknown added in v3.6.0 

func (m *AzureKeyVaultKey) XXX_DiscardUnknown()

func (*AzureKeyVaultKey) XXX_Marshal added in v3.6.0 

func (m *AzureKeyVaultKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AzureKeyVaultKey) XXX_Merge added in v3.6.0 

func (m *AzureKeyVaultKey) XXX_Merge(src proto.Message)

func (*AzureKeyVaultKey) XXX_Size added in v3.6.0 

func (m *AzureKeyVaultKey) XXX_Size() int

func (*AzureKeyVaultKey) XXX_Unmarshal added in v3.6.0 

func (m *AzureKeyVaultKey) XXX_Unmarshal(b []byte) error

type DecryptRequest 

type DecryptRequest struct {
	Key                  *Key     `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
	Ciphertext           []byte   `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*DecryptRequest) Descriptor 

func (*DecryptRequest) Descriptor() ([]byte, []int)

func (*DecryptRequest) GetCiphertext 

func (m *DecryptRequest) GetCiphertext() []byte

func (*DecryptRequest) GetKey 

func (m *DecryptRequest) GetKey() *Key

func (*DecryptRequest) ProtoMessage 

func (*DecryptRequest) ProtoMessage()

func (*DecryptRequest) Reset 

func (m *DecryptRequest) Reset()

func (*DecryptRequest) String 

func (m *DecryptRequest) String() string

func (*DecryptRequest) XXX_DiscardUnknown added in v3.6.0 

func (m *DecryptRequest) XXX_DiscardUnknown()

func (*DecryptRequest) XXX_Marshal added in v3.6.0 

func (m *DecryptRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DecryptRequest) XXX_Merge added in v3.6.0 

func (m *DecryptRequest) XXX_Merge(src proto.Message)

func (*DecryptRequest) XXX_Size added in v3.6.0 

func (m *DecryptRequest) XXX_Size() int

func (*DecryptRequest) XXX_Unmarshal added in v3.6.0 

func (m *DecryptRequest) XXX_Unmarshal(b []byte) error

type DecryptResponse 

type DecryptResponse struct {
	Plaintext            []byte   `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*DecryptResponse) Descriptor 

func (*DecryptResponse) Descriptor() ([]byte, []int)

func (*DecryptResponse) GetPlaintext 

func (m *DecryptResponse) GetPlaintext() []byte

func (*DecryptResponse) ProtoMessage 

func (*DecryptResponse) ProtoMessage()

func (*DecryptResponse) Reset 

func (m *DecryptResponse) Reset()

func (*DecryptResponse) String 

func (m *DecryptResponse) String() string

func (*DecryptResponse) XXX_DiscardUnknown added in v3.6.0 

func (m *DecryptResponse) XXX_DiscardUnknown()

func (*DecryptResponse) XXX_Marshal added in v3.6.0 

func (m *DecryptResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DecryptResponse) XXX_Merge added in v3.6.0 

func (m *DecryptResponse) XXX_Merge(src proto.Message)

func (*DecryptResponse) XXX_Size added in v3.6.0 

func (m *DecryptResponse) XXX_Size() int

func (*DecryptResponse) XXX_Unmarshal added in v3.6.0 

func (m *DecryptResponse) XXX_Unmarshal(b []byte) error

type EncryptRequest 

type EncryptRequest struct {
	Key                  *Key     `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
	Plaintext            []byte   `protobuf:"bytes,2,opt,name=plaintext,proto3" json:"plaintext,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*EncryptRequest) Descriptor 

func (*EncryptRequest) Descriptor() ([]byte, []int)

func (*EncryptRequest) GetKey 

func (m *EncryptRequest) GetKey() *Key

func (*EncryptRequest) GetPlaintext 

func (m *EncryptRequest) GetPlaintext() []byte

func (*EncryptRequest) ProtoMessage 

func (*EncryptRequest) ProtoMessage()

func (*EncryptRequest) Reset 

func (m *EncryptRequest) Reset()

func (*EncryptRequest) String 

func (m *EncryptRequest) String() string

func (*EncryptRequest) XXX_DiscardUnknown added in v3.6.0 

func (m *EncryptRequest) XXX_DiscardUnknown()

func (*EncryptRequest) XXX_Marshal added in v3.6.0 

func (m *EncryptRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*EncryptRequest) XXX_Merge added in v3.6.0 

func (m *EncryptRequest) XXX_Merge(src proto.Message)

func (*EncryptRequest) XXX_Size added in v3.6.0 

func (m *EncryptRequest) XXX_Size() int

func (*EncryptRequest) XXX_Unmarshal added in v3.6.0 

func (m *EncryptRequest) XXX_Unmarshal(b []byte) error

type EncryptResponse 

type EncryptResponse struct {
	Ciphertext           []byte   `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*EncryptResponse) Descriptor 

func (*EncryptResponse) Descriptor() ([]byte, []int)

func (*EncryptResponse) GetCiphertext 

func (m *EncryptResponse) GetCiphertext() []byte

func (*EncryptResponse) ProtoMessage 

func (*EncryptResponse) ProtoMessage()

func (*EncryptResponse) Reset 

func (m *EncryptResponse) Reset()

func (*EncryptResponse) String 

func (m *EncryptResponse) String() string

func (*EncryptResponse) XXX_DiscardUnknown added in v3.6.0 

func (m *EncryptResponse) XXX_DiscardUnknown()

func (*EncryptResponse) XXX_Marshal added in v3.6.0 

func (m *EncryptResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*EncryptResponse) XXX_Merge added in v3.6.0 

func (m *EncryptResponse) XXX_Merge(src proto.Message)

func (*EncryptResponse) XXX_Size added in v3.6.0 

func (m *EncryptResponse) XXX_Size() int

func (*EncryptResponse) XXX_Unmarshal added in v3.6.0 

func (m *EncryptResponse) XXX_Unmarshal(b []byte) error

type GcpKmsKey 

type GcpKmsKey struct {
	ResourceId           string   `protobuf:"bytes,1,opt,name=resource_id,json=resourceId,proto3" json:"resource_id,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*GcpKmsKey) Descriptor 

func (*GcpKmsKey) Descriptor() ([]byte, []int)

func (*GcpKmsKey) GetResourceId 

func (m *GcpKmsKey) GetResourceId() string

func (*GcpKmsKey) ProtoMessage 

func (*GcpKmsKey) ProtoMessage()

func (*GcpKmsKey) Reset 

func (m *GcpKmsKey) Reset()

func (*GcpKmsKey) String 

func (m *GcpKmsKey) String() string

func (*GcpKmsKey) XXX_DiscardUnknown added in v3.6.0 

func (m *GcpKmsKey) XXX_DiscardUnknown()

func (*GcpKmsKey) XXX_Marshal added in v3.6.0 

func (m *GcpKmsKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*GcpKmsKey) XXX_Merge added in v3.6.0 

func (m *GcpKmsKey) XXX_Merge(src proto.Message)

func (*GcpKmsKey) XXX_Size added in v3.6.0 

func (m *GcpKmsKey) XXX_Size() int

func (*GcpKmsKey) XXX_Unmarshal added in v3.6.0 

func (m *GcpKmsKey) XXX_Unmarshal(b []byte) error

type Key 

type Key struct {
	// Types that are valid to be assigned to KeyType:
	//	*Key_KmsKey
	//	*Key_PgpKey
	//	*Key_GcpKmsKey
	//	*Key_AzureKeyvaultKey
	//	*Key_VaultKey
	KeyType              isKey_KeyType `protobuf_oneof:"key_type"`
	XXX_NoUnkeyedLiteral struct{}      `json:"-"`
	XXX_unrecognized     []byte        `json:"-"`
	XXX_sizecache        int32         `json:"-"`
}

func KeyFromMasterKey 

func KeyFromMasterKey(mk keys.MasterKey) Key

KeyFromMasterKey converts a SOPS internal MasterKey to an RPC Key that can be serialized with Protocol Buffers

func (*Key) Descriptor 

func (*Key) Descriptor() ([]byte, []int)

func (*Key) GetAzureKeyvaultKey 

func (m *Key) GetAzureKeyvaultKey() *AzureKeyVaultKey

func (*Key) GetGcpKmsKey 

func (m *Key) GetGcpKmsKey() *GcpKmsKey

func (*Key) GetKeyType 

func (m *Key) GetKeyType() isKey_KeyType

func (*Key) GetKmsKey 

func (m *Key) GetKmsKey() *KmsKey

func (*Key) GetPgpKey 

func (m *Key) GetPgpKey() *PgpKey

func (*Key) GetVaultKey added in v3.6.0 

func (m *Key) GetVaultKey() *VaultKey

func (*Key) ProtoMessage 

func (*Key) ProtoMessage()

func (*Key) Reset 

func (m *Key) Reset()

func (*Key) String 

func (m *Key) String() string

func (*Key) XXX_DiscardUnknown added in v3.6.0 

func (m *Key) XXX_DiscardUnknown()

func (*Key) XXX_Marshal added in v3.6.0 

func (m *Key) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Key) XXX_Merge added in v3.6.0 

func (m *Key) XXX_Merge(src proto.Message)

func (*Key) XXX_OneofWrappers added in v3.6.0 

func (*Key) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*Key) XXX_Size added in v3.6.0 

func (m *Key) XXX_Size() int

func (*Key) XXX_Unmarshal added in v3.6.0 

func (m *Key) XXX_Unmarshal(b []byte) error

type KeyServiceClient 

type KeyServiceClient interface {
	Encrypt(ctx context.Context, in *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error)
	Decrypt(ctx context.Context, in *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error)
}

KeyServiceClient is the client API for KeyService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewKeyServiceClient 

func NewKeyServiceClient(cc *grpc.ClientConn) KeyServiceClient

type KeyServiceServer 

type KeyServiceServer interface {
	Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error)
	Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error)
}

KeyServiceServer is the server API for KeyService service.

type Key_AzureKeyvaultKey 

type Key_AzureKeyvaultKey struct {
	AzureKeyvaultKey *AzureKeyVaultKey `protobuf:"bytes,4,opt,name=azure_keyvault_key,json=azureKeyvaultKey,proto3,oneof"`
}

type Key_GcpKmsKey 

type Key_GcpKmsKey struct {
	GcpKmsKey *GcpKmsKey `protobuf:"bytes,3,opt,name=gcp_kms_key,json=gcpKmsKey,proto3,oneof"`
}

type Key_KmsKey 

type Key_KmsKey struct {
	KmsKey *KmsKey `protobuf:"bytes,1,opt,name=kms_key,json=kmsKey,proto3,oneof"`
}

type Key_PgpKey 

type Key_PgpKey struct {
	PgpKey *PgpKey `protobuf:"bytes,2,opt,name=pgp_key,json=pgpKey,proto3,oneof"`
}

type Key_VaultKey added in v3.6.0 

type Key_VaultKey struct {
	VaultKey *VaultKey `protobuf:"bytes,5,opt,name=vault_key,json=vaultKey,proto3,oneof"`
}

type KmsKey 

type KmsKey struct {
	Arn                  string            `protobuf:"bytes,1,opt,name=arn,proto3" json:"arn,omitempty"`
	Role                 string            `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"`
	Context              map[string]string `` /* 155-byte string literal not displayed */
	AwsProfile           string            `protobuf:"bytes,4,opt,name=aws_profile,json=awsProfile,proto3" json:"aws_profile,omitempty"`
	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
	XXX_unrecognized     []byte            `json:"-"`
	XXX_sizecache        int32             `json:"-"`
}

func (*KmsKey) Descriptor 

func (*KmsKey) Descriptor() ([]byte, []int)

func (*KmsKey) GetArn 

func (m *KmsKey) GetArn() string

func (*KmsKey) GetAwsProfile added in v3.6.0 

func (m *KmsKey) GetAwsProfile() string

func (*KmsKey) GetContext 

func (m *KmsKey) GetContext() map[string]string

func (*KmsKey) GetRole 

func (m *KmsKey) GetRole() string

func (*KmsKey) ProtoMessage 

func (*KmsKey) ProtoMessage()

func (*KmsKey) Reset 

func (m *KmsKey) Reset()

func (*KmsKey) String 

func (m *KmsKey) String() string

func (*KmsKey) XXX_DiscardUnknown added in v3.6.0 

func (m *KmsKey) XXX_DiscardUnknown()

func (*KmsKey) XXX_Marshal added in v3.6.0 

func (m *KmsKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*KmsKey) XXX_Merge added in v3.6.0 

func (m *KmsKey) XXX_Merge(src proto.Message)

func (*KmsKey) XXX_Size added in v3.6.0 

func (m *KmsKey) XXX_Size() int

func (*KmsKey) XXX_Unmarshal added in v3.6.0 

func (m *KmsKey) XXX_Unmarshal(b []byte) error

type LocalClient 

type LocalClient struct {
	Server Server
}

LocalClient is a key service client that performs all operations locally

func NewLocalClient 

func NewLocalClient() LocalClient

NewLocalClient creates a new local client

func (LocalClient) Decrypt 

func (c LocalClient) Decrypt(ctx context.Context,
	req *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error)

Decrypt processes a decrypt request locally See keyservice/server.go for more details

func (LocalClient) Encrypt 

func (c LocalClient) Encrypt(ctx context.Context,
	req *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error)

Encrypt processes an encrypt request locally See keyservice/server.go for more details

type PgpKey 

type PgpKey struct {
	Fingerprint          string   `protobuf:"bytes,1,opt,name=fingerprint,proto3" json:"fingerprint,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*PgpKey) Descriptor 

func (*PgpKey) Descriptor() ([]byte, []int)

func (*PgpKey) GetFingerprint 

func (m *PgpKey) GetFingerprint() string

func (*PgpKey) ProtoMessage 

func (*PgpKey) ProtoMessage()

func (*PgpKey) Reset 

func (m *PgpKey) Reset()

func (*PgpKey) String 

func (m *PgpKey) String() string

func (*PgpKey) XXX_DiscardUnknown added in v3.6.0 

func (m *PgpKey) XXX_DiscardUnknown()

func (*PgpKey) XXX_Marshal added in v3.6.0 

func (m *PgpKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PgpKey) XXX_Merge added in v3.6.0 

func (m *PgpKey) XXX_Merge(src proto.Message)

func (*PgpKey) XXX_Size added in v3.6.0 

func (m *PgpKey) XXX_Size() int

func (*PgpKey) XXX_Unmarshal added in v3.6.0 

func (m *PgpKey) XXX_Unmarshal(b []byte) error

type Server 

type Server struct {
	// Prompt indicates whether the server should prompt before decrypting or encrypting data
	Prompt bool
}

Server is a key service server that uses SOPS MasterKeys to fulfill requests

func (Server) Decrypt 

func (ks Server) Decrypt(ctx context.Context,
	req *DecryptRequest) (*DecryptResponse, error)

Decrypt takes a decrypt request and decrypts the provided ciphertext with the provided key, returning the decrypted result

func (Server) Encrypt 

func (ks Server) Encrypt(ctx context.Context,
	req *EncryptRequest) (*EncryptResponse, error)

Encrypt takes an encrypt request and encrypts the provided plaintext with the provided key, returning the encrypted result

type UnimplementedKeyServiceServer added in v3.6.0 

type UnimplementedKeyServiceServer struct {
}

UnimplementedKeyServiceServer can be embedded to have forward compatible implementations.

func (*UnimplementedKeyServiceServer) Decrypt added in v3.6.0 

func (*UnimplementedKeyServiceServer) Decrypt(ctx context.Context, req *DecryptRequest) (*DecryptResponse, error)

func (*UnimplementedKeyServiceServer) Encrypt added in v3.6.0 

func (*UnimplementedKeyServiceServer) Encrypt(ctx context.Context, req *EncryptRequest) (*EncryptResponse, error)

type VaultKey added in v3.6.0 

type VaultKey struct {
	VaultAddress         string   `protobuf:"bytes,1,opt,name=vault_address,json=vaultAddress,proto3" json:"vault_address,omitempty"`
	EnginePath           string   `protobuf:"bytes,2,opt,name=engine_path,json=enginePath,proto3" json:"engine_path,omitempty"`
	KeyName              string   `protobuf:"bytes,3,opt,name=key_name,json=keyName,proto3" json:"key_name,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*VaultKey) Descriptor added in v3.6.0 

func (*VaultKey) Descriptor() ([]byte, []int)

func (*VaultKey) GetEnginePath added in v3.6.0 

func (m *VaultKey) GetEnginePath() string

func (*VaultKey) GetKeyName added in v3.6.0 

func (m *VaultKey) GetKeyName() string

func (*VaultKey) GetVaultAddress added in v3.6.0 

func (m *VaultKey) GetVaultAddress() string

func (*VaultKey) ProtoMessage added in v3.6.0 

func (*VaultKey) ProtoMessage()

func (*VaultKey) Reset added in v3.6.0 

func (m *VaultKey) Reset()

func (*VaultKey) String added in v3.6.0 

func (m *VaultKey) String() string

func (*VaultKey) XXX_DiscardUnknown added in v3.6.0 

func (m *VaultKey) XXX_DiscardUnknown()

func (*VaultKey) XXX_Marshal added in v3.6.0 

func (m *VaultKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*VaultKey) XXX_Merge added in v3.6.0 

func (m *VaultKey) XXX_Merge(src proto.Message)

func (*VaultKey) XXX_Size added in v3.6.0 

func (m *VaultKey) XXX_Size() int

func (*VaultKey) XXX_Unmarshal added in v3.6.0 

func (m *VaultKey) XXX_Unmarshal(b []byte) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.