common

package
v3.7.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 9, 2022 License: MPL-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source
const KMS_ENC_CTX_BUG_FIXED_VERSION = "3.3.0"

KMS_ENC_CTX_BUG_FIXED_VERSION represents the SOPS version in which the encryption context bug was fixed

Variables

This section is empty.

Functions

func DecryptTree

func DecryptTree(opts DecryptTreeOpts) (dataKey []byte, err error)

DecryptTree decrypts the tree passed in through the DecryptTreeOpts and additionally returns the decrypted data key

func DetectKMSEncryptionContextBug

func DetectKMSEncryptionContextBug(tree *sops.Tree) (bool, error)

DetectKMSEncryptionContextBug returns true if the encryption context bug is detected in a given runtime sops.Tree object

func EncryptTree

func EncryptTree(opts EncryptTreeOpts) error

EncryptTree encrypts the tree passed in through the EncryptTreeOpts

func FixAWSKMSEncryptionContextBug

func FixAWSKMSEncryptionContextBug(opts GenericDecryptOpts, tree *sops.Tree) (*sops.Tree, error)

FixAWSKMSEncryptionContextBug is used to fix the issue described in https://github.com/mozilla/sops/pull/435

func GetKMSKeyWithEncryptionCtx

func GetKMSKeyWithEncryptionCtx(tree *sops.Tree) (keyGroupIndex int, keyIndex int, key *kms.MasterKey)

GetKMSKeyWithEncryptionCtx returns the first KMS key affected by the encryption context bug as well as its location in the key groups.

func LoadEncryptedFile

func LoadEncryptedFile(loader sops.EncryptedFileLoader, inputPath string) (*sops.Tree, error)

LoadEncryptedFile loads an encrypted SOPS file, returning a SOPS tree

func LoadEncryptedFileWithBugFixes

func LoadEncryptedFileWithBugFixes(opts GenericDecryptOpts) (*sops.Tree, error)

LoadEncryptedFileWithBugFixes is a wrapper around LoadEncryptedFile which includes check for the issue described in https://github.com/mozilla/sops/pull/435

func NewExitError

func NewExitError(i interface{}, exitCode int) *cli.ExitError

NewExitError returns a cli.ExitError given an error (wrapped in a generic interface{}) and an exit code to represent the failure

func PrettyPrintDiffs

func PrettyPrintDiffs(diffs []Diff)

PrettyPrintDiffs prints a slice of Diff objects to stdout

func RecoverDataKeyFromBuggyKMS

func RecoverDataKeyFromBuggyKMS(opts GenericDecryptOpts, tree *sops.Tree) []byte

RecoverDataKeyFromBuggyKMS loops through variations on Encryption Context to recover the datakey. This is used to fix the issue described in https://github.com/mozilla/sops/pull/435

Types

type DecryptTreeOpts

type DecryptTreeOpts struct {
	// Tree is the tree to be decrypted
	Tree *sops.Tree
	// KeyServices are the key services to be used for decryption of the data key
	KeyServices []keyservice.KeyServiceClient
	// IgnoreMac is whether or not to ignore the Message Authentication Code included in the SOPS tree
	IgnoreMac bool
	// Cipher is the cryptographic cipher to use to decrypt the values inside the tree
	Cipher sops.Cipher
}

DecryptTreeOpts are the options needed to decrypt a tree

type Diff

type Diff struct {
	Common  []keys.MasterKey
	Added   []keys.MasterKey
	Removed []keys.MasterKey
}

Diff represents a key diff

func DiffKeyGroups

func DiffKeyGroups(ours, theirs []sops.KeyGroup) []Diff

DiffKeyGroups returns the list of diffs found in two sops.keyGroup slices

type EncryptTreeOpts

type EncryptTreeOpts struct {
	// Tree is the tree to be encrypted
	Tree *sops.Tree
	// Cipher is the cryptographic cipher to use to encrypt the values inside the tree
	Cipher sops.Cipher
	// DataKey is the key the cipher should use to encrypt the values inside the tree
	DataKey []byte
}

EncryptTreeOpts are the options needed to encrypt a tree

type ExampleFileEmitter

type ExampleFileEmitter interface {
	EmitExample() []byte
}

ExampleFileEmitter emits example files. This is used by the `sops` binary whenever a new file is created, in order to present the user with a non-empty file

type GenericDecryptOpts

type GenericDecryptOpts struct {
	Cipher      sops.Cipher
	InputStore  sops.Store
	InputPath   string
	IgnoreMAC   bool
	KeyServices []keyservice.KeyServiceClient
}

GenericDecryptOpts represents decryption options and config

type Store

type Store interface {
	sops.Store
	ExampleFileEmitter
}

Store handles marshaling and unmarshaling from SOPS files

func DefaultStoreForPath

func DefaultStoreForPath(path string) Store

DefaultStoreForPath returns the correct format-specific implementation of the Store interface given the path to a file

func DefaultStoreForPathOrFormat

func DefaultStoreForPathOrFormat(path, format string) Store

DefaultStoreForPathOrFormat returns the correct format-specific implementation of the Store interface given the formatString if specified, or the path to a file. This is to support the cli, where both are provided.

func StoreForFormat

func StoreForFormat(format Format) Store

StoreForFormat returns the correct format-specific implementation of the Store interface given the format.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL