Documentation

Overview

    Package keyservice implements a gRPC API that can be used by SOPS to encrypt and decrypt the data key using remote master keys.

    Package keyservice is a generated protocol buffer package.

    It is generated from these files:

    keyservice/keyservice.proto
    

    It has these top-level messages:

    Key
    PgpKey
    KmsKey
    GcpKmsKey
    AzureKeyVaultKey
    EncryptRequest
    EncryptResponse
    DecryptRequest
    DecryptResponse
    

    Index

    Constants

    This section is empty.

    Variables

    This section is empty.

    Functions

    func RegisterKeyServiceServer

    func RegisterKeyServiceServer(s *grpc.Server, srv KeyServiceServer)

    Types

    type AzureKeyVaultKey

    type AzureKeyVaultKey struct {
    	VaultUrl string `protobuf:"bytes,1,opt,name=vault_url,json=vaultUrl" json:"vault_url,omitempty"`
    	Name     string `protobuf:"bytes,2,opt,name=name" json:"name,omitempty"`
    	Version  string `protobuf:"bytes,3,opt,name=version" json:"version,omitempty"`
    }

    func (*AzureKeyVaultKey) Descriptor

    func (*AzureKeyVaultKey) Descriptor() ([]byte, []int)

    func (*AzureKeyVaultKey) GetName

    func (m *AzureKeyVaultKey) GetName() string

    func (*AzureKeyVaultKey) GetVaultUrl

    func (m *AzureKeyVaultKey) GetVaultUrl() string

    func (*AzureKeyVaultKey) GetVersion

    func (m *AzureKeyVaultKey) GetVersion() string

    func (*AzureKeyVaultKey) ProtoMessage

    func (*AzureKeyVaultKey) ProtoMessage()

    func (*AzureKeyVaultKey) Reset

    func (m *AzureKeyVaultKey) Reset()

    func (*AzureKeyVaultKey) String

    func (m *AzureKeyVaultKey) String() string

    type DecryptRequest

    type DecryptRequest struct {
    	Key        *Key   `protobuf:"bytes,1,opt,name=key" json:"key,omitempty"`
    	Ciphertext []byte `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
    }

    func (*DecryptRequest) Descriptor

    func (*DecryptRequest) Descriptor() ([]byte, []int)

    func (*DecryptRequest) GetCiphertext

    func (m *DecryptRequest) GetCiphertext() []byte

    func (*DecryptRequest) GetKey

    func (m *DecryptRequest) GetKey() *Key

    func (*DecryptRequest) ProtoMessage

    func (*DecryptRequest) ProtoMessage()

    func (*DecryptRequest) Reset

    func (m *DecryptRequest) Reset()

    func (*DecryptRequest) String

    func (m *DecryptRequest) String() string

    type DecryptResponse

    type DecryptResponse struct {
    	Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"`
    }

    func (*DecryptResponse) Descriptor

    func (*DecryptResponse) Descriptor() ([]byte, []int)

    func (*DecryptResponse) GetPlaintext

    func (m *DecryptResponse) GetPlaintext() []byte

    func (*DecryptResponse) ProtoMessage

    func (*DecryptResponse) ProtoMessage()

    func (*DecryptResponse) Reset

    func (m *DecryptResponse) Reset()

    func (*DecryptResponse) String

    func (m *DecryptResponse) String() string

    type EncryptRequest

    type EncryptRequest struct {
    	Key       *Key   `protobuf:"bytes,1,opt,name=key" json:"key,omitempty"`
    	Plaintext []byte `protobuf:"bytes,2,opt,name=plaintext,proto3" json:"plaintext,omitempty"`
    }

    func (*EncryptRequest) Descriptor

    func (*EncryptRequest) Descriptor() ([]byte, []int)

    func (*EncryptRequest) GetKey

    func (m *EncryptRequest) GetKey() *Key

    func (*EncryptRequest) GetPlaintext

    func (m *EncryptRequest) GetPlaintext() []byte

    func (*EncryptRequest) ProtoMessage

    func (*EncryptRequest) ProtoMessage()

    func (*EncryptRequest) Reset

    func (m *EncryptRequest) Reset()

    func (*EncryptRequest) String

    func (m *EncryptRequest) String() string

    type EncryptResponse

    type EncryptResponse struct {
    	Ciphertext []byte `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
    }

    func (*EncryptResponse) Descriptor

    func (*EncryptResponse) Descriptor() ([]byte, []int)

    func (*EncryptResponse) GetCiphertext

    func (m *EncryptResponse) GetCiphertext() []byte

    func (*EncryptResponse) ProtoMessage

    func (*EncryptResponse) ProtoMessage()

    func (*EncryptResponse) Reset

    func (m *EncryptResponse) Reset()

    func (*EncryptResponse) String

    func (m *EncryptResponse) String() string

    type GcpKmsKey

    type GcpKmsKey struct {
    	ResourceId string `protobuf:"bytes,1,opt,name=resource_id,json=resourceId" json:"resource_id,omitempty"`
    }

    func (*GcpKmsKey) Descriptor

    func (*GcpKmsKey) Descriptor() ([]byte, []int)

    func (*GcpKmsKey) GetResourceId

    func (m *GcpKmsKey) GetResourceId() string

    func (*GcpKmsKey) ProtoMessage

    func (*GcpKmsKey) ProtoMessage()

    func (*GcpKmsKey) Reset

    func (m *GcpKmsKey) Reset()

    func (*GcpKmsKey) String

    func (m *GcpKmsKey) String() string

    type Key

    type Key struct {
    	// Types that are valid to be assigned to KeyType:
    	//	*Key_KmsKey
    	//	*Key_PgpKey
    	//	*Key_GcpKmsKey
    	//	*Key_AzureKeyvaultKey
    	KeyType isKey_KeyType `protobuf_oneof:"key_type"`
    }

    func KeyFromMasterKey

    func KeyFromMasterKey(mk keys.MasterKey) Key

      KeyFromMasterKey converts a SOPS internal MasterKey to an RPC Key that can be serialized with Protocol Buffers

      func (*Key) Descriptor

      func (*Key) Descriptor() ([]byte, []int)

      func (*Key) GetAzureKeyvaultKey

      func (m *Key) GetAzureKeyvaultKey() *AzureKeyVaultKey

      func (*Key) GetGcpKmsKey

      func (m *Key) GetGcpKmsKey() *GcpKmsKey

      func (*Key) GetKeyType

      func (m *Key) GetKeyType() isKey_KeyType

      func (*Key) GetKmsKey

      func (m *Key) GetKmsKey() *KmsKey

      func (*Key) GetPgpKey

      func (m *Key) GetPgpKey() *PgpKey

      func (*Key) ProtoMessage

      func (*Key) ProtoMessage()

      func (*Key) Reset

      func (m *Key) Reset()

      func (*Key) String

      func (m *Key) String() string

      func (*Key) XXX_OneofFuncs

      func (*Key) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{})

        XXX_OneofFuncs is for the internal use of the proto package.

        type KeyServiceClient

        type KeyServiceClient interface {
        	Encrypt(ctx context.Context, in *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error)
        	Decrypt(ctx context.Context, in *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error)
        }

        func NewKeyServiceClient

        func NewKeyServiceClient(cc *grpc.ClientConn) KeyServiceClient

        type KeyServiceServer

        type KeyServiceServer interface {
        	Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error)
        	Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error)
        }

        type Key_AzureKeyvaultKey

        type Key_AzureKeyvaultKey struct {
        	AzureKeyvaultKey *AzureKeyVaultKey `protobuf:"bytes,4,opt,name=azure_keyvault_key,json=azureKeyvaultKey,oneof"`
        }

        type Key_GcpKmsKey

        type Key_GcpKmsKey struct {
        	GcpKmsKey *GcpKmsKey `protobuf:"bytes,3,opt,name=gcp_kms_key,json=gcpKmsKey,oneof"`
        }

        type Key_KmsKey

        type Key_KmsKey struct {
        	KmsKey *KmsKey `protobuf:"bytes,1,opt,name=kms_key,json=kmsKey,oneof"`
        }

        type Key_PgpKey

        type Key_PgpKey struct {
        	PgpKey *PgpKey `protobuf:"bytes,2,opt,name=pgp_key,json=pgpKey,oneof"`
        }

        type KmsKey

        type KmsKey struct {
        	Arn        string            `protobuf:"bytes,1,opt,name=arn" json:"arn,omitempty"`
        	Role       string            `protobuf:"bytes,2,opt,name=role" json:"role,omitempty"`
        	Context    map[string]string `` /* 134-byte string literal not displayed */
        	AwsProfile string            `protobuf:"bytes,4,opt,name=aws_profile" json:"aws_profile,omitempty"`
        }

        func (*KmsKey) Descriptor

        func (*KmsKey) Descriptor() ([]byte, []int)

        func (*KmsKey) GetArn

        func (m *KmsKey) GetArn() string

        func (*KmsKey) GetContext

        func (m *KmsKey) GetContext() map[string]string

        func (*KmsKey) GetRole

        func (m *KmsKey) GetRole() string

        func (*KmsKey) ProtoMessage

        func (*KmsKey) ProtoMessage()

        func (*KmsKey) Reset

        func (m *KmsKey) Reset()

        func (*KmsKey) String

        func (m *KmsKey) String() string

        type LocalClient

        type LocalClient struct {
        	Server Server
        }

          LocalClient is a key service client that performs all operations locally

          func NewLocalClient

          func NewLocalClient() LocalClient

            NewLocalClient creates a new local client

            func (LocalClient) Decrypt

            func (c LocalClient) Decrypt(ctx context.Context,
            	req *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error)

              Decrypt processes a decrypt request locally See keyservice/server.go for more details

              func (LocalClient) Encrypt

              func (c LocalClient) Encrypt(ctx context.Context,
              	req *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error)

                Encrypt processes an encrypt request locally See keyservice/server.go for more details

                type PgpKey

                type PgpKey struct {
                	Fingerprint string `protobuf:"bytes,1,opt,name=fingerprint" json:"fingerprint,omitempty"`
                }

                func (*PgpKey) Descriptor

                func (*PgpKey) Descriptor() ([]byte, []int)

                func (*PgpKey) GetFingerprint

                func (m *PgpKey) GetFingerprint() string

                func (*PgpKey) ProtoMessage

                func (*PgpKey) ProtoMessage()

                func (*PgpKey) Reset

                func (m *PgpKey) Reset()

                func (*PgpKey) String

                func (m *PgpKey) String() string

                type Server

                type Server struct {
                	// Prompt indicates whether the server should prompt before decrypting or encrypting data
                	Prompt bool
                }

                  Server is a key service server that uses SOPS MasterKeys to fulfill requests

                  func (Server) Decrypt

                  func (ks Server) Decrypt(ctx context.Context,
                  	req *DecryptRequest) (*DecryptResponse, error)

                    Decrypt takes a decrypt request and decrypts the provided ciphertext with the provided key, returning the decrypted result

                    func (Server) Encrypt

                    func (ks Server) Encrypt(ctx context.Context,
                    	req *EncryptRequest) (*EncryptResponse, error)

                      Encrypt takes an encrypt request and encrypts the provided plaintext with the provided key, returning the encrypted result