Version: v0.0.0-...-14a22d7 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Sep 12, 2019 License: MPL-2.0 Imports: 15 Imported by: 0



Package kms contains an implementation of the interface that encrypts and decrypts the data key using AWS KMS with the AWS Go SDK.



This section is empty.


This section is empty.


func ParseKMSContext

func ParseKMSContext(in interface{}) map[string]*string

ParseKMSContext takes either a KMS context map or a comma-separated list of KMS context key:value pairs and returns a map


type MasterKey

type MasterKey struct {
	Arn               string
	Role              string
	EncryptedKey      string
	CreationDate      time.Time
	EncryptionContext map[string]*string
	AwsProfile        string

MasterKey is a AWS KMS key used to encrypt and decrypt sops' data key.

func MasterKeysFromArnString

func MasterKeysFromArnString(arn string, context map[string]*string, awsProfile string) []*MasterKey

MasterKeysFromArnString takes a comma separated list of AWS KMS ARNs and returns a slice of new MasterKeys for those ARNs

func NewMasterKey

func NewMasterKey(arn string, role string, context map[string]*string) *MasterKey

NewMasterKey creates a new MasterKey from an ARN, role and context, setting the creation date to the current date

func NewMasterKeyFromArn

func NewMasterKeyFromArn(arn string, context map[string]*string, awsProfile string) *MasterKey

NewMasterKeyFromArn takes an ARN string and returns a new MasterKey for that ARN

func (*MasterKey) Decrypt

func (key *MasterKey) Decrypt() ([]byte, error)

Decrypt decrypts the EncryptedKey field with AWS KMS and returns the result.

func (*MasterKey) Encrypt

func (key *MasterKey) Encrypt(dataKey []byte) error

Encrypt takes a sops data key, encrypts it with KMS and stores the result in the EncryptedKey field

func (*MasterKey) EncryptIfNeeded

func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error

EncryptIfNeeded encrypts the provided sops' data key and encrypts it if it hasn't been encrypted yet

func (*MasterKey) EncryptedDataKey

func (key *MasterKey) EncryptedDataKey() []byte

EncryptedDataKey returns the encrypted data key this master key holds

func (*MasterKey) NeedsRotation

func (key *MasterKey) NeedsRotation() bool

NeedsRotation returns whether the data key needs to be rotated or not.

func (*MasterKey) SetEncryptedDataKey

func (key *MasterKey) SetEncryptedDataKey(enc []byte)

SetEncryptedDataKey sets the encrypted data key for this master key

func (MasterKey) ToMap

func (key MasterKey) ToMap() map[string]interface{}

ToMap converts the MasterKey to a map for serialization purposes

func (*MasterKey) ToString

func (key *MasterKey) ToString() string

ToString converts the key to a string representation

Source Files


Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL