Documentation

Overview

Package azkv contains an implementation of the go.mozilla.org/sops/keys.MasterKey interface that encrypts and decrypts the data key using Azure Key Vault with the Azure Go SDK.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type MasterKey

type MasterKey struct {
	VaultURL string
	Name     string
	Version  string

	EncryptedKey string
	CreationDate time.Time
}

MasterKey is a Azure Key Vault key used to encrypt and decrypt sops' data key.

func MasterKeysFromURLs

func MasterKeysFromURLs(urls string) ([]*MasterKey, error)

MasterKeysFromURLs takes a comma separated list of Azure Key Vault URLs and returns a slice of new MasterKeys for them

func NewMasterKey

func NewMasterKey(vaultURL string, keyName string, keyVersion string) *MasterKey

NewMasterKey creates a new MasterKey from an URL, key name and version, setting the creation date to the current date

func NewMasterKeyFromURL

func NewMasterKeyFromURL(url string) (*MasterKey, error)

NewMasterKeyFromURL takes an Azure Key Vault key URL and returns a new MasterKey URL format is {vaultUrl}/keys/{key-name}/{key-version}

func (*MasterKey) Decrypt

func (key *MasterKey) Decrypt() ([]byte, error)

Decrypt decrypts the EncryptedKey field with Azure Key Vault and returns the result.

func (*MasterKey) Encrypt

func (key *MasterKey) Encrypt(dataKey []byte) error

Encrypt takes a sops data key, encrypts it with Key Vault and stores the result in the EncryptedKey field

func (*MasterKey) EncryptIfNeeded

func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error

EncryptIfNeeded encrypts the provided sops' data key and encrypts it if it hasn't been encrypted yet

func (*MasterKey) EncryptedDataKey

func (key *MasterKey) EncryptedDataKey() []byte

EncryptedDataKey returns the encrypted data key this master key holds

func (*MasterKey) NeedsRotation

func (key *MasterKey) NeedsRotation() bool

NeedsRotation returns whether the data key needs to be rotated or not.

func (*MasterKey) SetEncryptedDataKey

func (key *MasterKey) SetEncryptedDataKey(enc []byte)

SetEncryptedDataKey sets the encrypted data key for this master key

func (MasterKey) ToMap

func (key MasterKey) ToMap() map[string]interface{}

ToMap converts the MasterKey to a map for serialization purposes

func (*MasterKey) ToString

func (key *MasterKey) ToString() string

ToString converts the key to a string representation

Source Files