Package kms contains an implementation of the interface that encrypts and decrypts the data key using AWS KMS with the AWS Go SDK.



    This section is empty.


    This section is empty.


    func ParseKMSContext

    func ParseKMSContext(in interface{}) map[string]*string

      ParseKMSContext takes either a KMS context map or a comma-separated list of KMS context key:value pairs and returns a map


      type MasterKey

      type MasterKey struct {
      	Arn               string
      	Role              string
      	EncryptedKey      string
      	CreationDate      time.Time
      	EncryptionContext map[string]*string
      	AwsProfile        string

        MasterKey is a AWS KMS key used to encrypt and decrypt sops' data key.

        func MasterKeysFromArnString

        func MasterKeysFromArnString(arn string, context map[string]*string, awsProfile string) []*MasterKey

          MasterKeysFromArnString takes a comma separated list of AWS KMS ARNs and returns a slice of new MasterKeys for those ARNs

          func NewMasterKey

          func NewMasterKey(arn string, role string, context map[string]*string) *MasterKey

            NewMasterKey creates a new MasterKey from an ARN, role and context, setting the creation date to the current date

            func NewMasterKeyFromArn

            func NewMasterKeyFromArn(arn string, context map[string]*string, awsProfile string) *MasterKey

              NewMasterKeyFromArn takes an ARN string and returns a new MasterKey for that ARN

              func (*MasterKey) Decrypt

              func (key *MasterKey) Decrypt() ([]byte, error)

                Decrypt decrypts the EncryptedKey field with AWS KMS and returns the result.

                func (*MasterKey) Encrypt

                func (key *MasterKey) Encrypt(dataKey []byte) error

                  Encrypt takes a sops data key, encrypts it with KMS and stores the result in the EncryptedKey field

                  func (*MasterKey) EncryptIfNeeded

                  func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error

                    EncryptIfNeeded encrypts the provided sops' data key and encrypts it if it hasn't been encrypted yet

                    func (*MasterKey) EncryptedDataKey

                    func (key *MasterKey) EncryptedDataKey() []byte

                      EncryptedDataKey returns the encrypted data key this master key holds

                      func (*MasterKey) NeedsRotation

                      func (key *MasterKey) NeedsRotation() bool

                        NeedsRotation returns whether the data key needs to be rotated or not.

                        func (*MasterKey) SetEncryptedDataKey

                        func (key *MasterKey) SetEncryptedDataKey(enc []byte)

                          SetEncryptedDataKey sets the encrypted data key for this master key

                          func (MasterKey) ToMap

                          func (key MasterKey) ToMap() map[string]interface{}

                            ToMap converts the MasterKey to a map for serialization purposes

                            func (*MasterKey) ToString

                            func (key *MasterKey) ToString() string

                              ToString converts the key to a string representation

                              Source Files


                              Path Synopsis