Documentation
¶
Index ¶
- Constants
- func NewSigner(client KeyVaultClient, signingKey string, defaults DefaultOptions) (crypto.Signer, error)
- type DefaultOptions
- type KeyVault
- func (k *KeyVault) Close() error
- func (k *KeyVault) CreateKey(req *apiv1.CreateKeyRequest) (*apiv1.CreateKeyResponse, error)
- func (k *KeyVault) CreateSigner(req *apiv1.CreateSignerRequest) (crypto.Signer, error)
- func (k *KeyVault) GetPublicKey(req *apiv1.GetPublicKeyRequest) (crypto.PublicKey, error)
- func (k *KeyVault) ValidateName(s string) error
- type KeyVaultClient
- type Signer
Constants ¶
const Scheme = "azurekms"
Scheme is the scheme used for the Azure Key Vault uris.
Variables ¶
This section is empty.
Functions ¶
func NewSigner ¶
func NewSigner(client KeyVaultClient, signingKey string, defaults DefaultOptions) (crypto.Signer, error)
NewSigner creates a new signer using a key in the AWS KMS.
Types ¶
type DefaultOptions ¶
type DefaultOptions struct {
Vault string
ProtectionLevel apiv1.ProtectionLevel
}
DefaultOptions are custom options that can be passed as defaults using the URI in apiv1.Options.
type KeyVault ¶
type KeyVault struct {
// contains filtered or unexported fields
}
KeyVault implements a KMS using Azure Key Vault.
The URI format used in Azure Key Vault is the following:
- azurekms:name=key-name;vault=vault-name
- azurekms:name=key-name;vault=vault-name?version=key-version
- azurekms:name=key-name;vault=vault-name?hsm=true
The scheme is "azurekms"; "name" is the key name; "vault" is the key vault name where the key is located; "version" is an optional parameter that defines the version of they key, if version is not given, the latest one will be used; "hsm" defines if an HSM want to be used for this key, this is specially useful when this is used from `step`.
TODO(mariano): The implementation is using /services/keyvault/v7.1/keyvault package, at some point Azure might create a keyvault client with all the functionality in /sdk/keyvault, we should migrate to that once available.
func (*KeyVault) CreateKey ¶
func (k *KeyVault) CreateKey(req *apiv1.CreateKeyRequest) (*apiv1.CreateKeyResponse, error)
CreateKey creates a asymmetric key in Azure Key Vault.
func (*KeyVault) CreateSigner ¶
CreateSigner returns a crypto.Signer from a previously created asymmetric key.
func (*KeyVault) GetPublicKey ¶
GetPublicKey loads a public key from Azure Key Vault by its resource name.
func (*KeyVault) ValidateName ¶
ValidateName validates that the given string is a valid URI.
type KeyVaultClient ¶
type KeyVaultClient interface {
GetKey(ctx context.Context, vaultBaseURL string, keyName string, keyVersion string) (keyvault.KeyBundle, error)
CreateKey(ctx context.Context, vaultBaseURL string, keyName string, parameters keyvault.KeyCreateParameters) (keyvault.KeyBundle, error)
Sign(ctx context.Context, vaultBaseURL string, keyName string, keyVersion string, parameters keyvault.KeySignParameters) (keyvault.KeyOperationResult, error)
}
KeyVaultClient is the interface implemented by keyvault.BaseClient. It will be used for testing purposes.
Source Files
Directories