awskms

package

v0.9.0 Latest Latest Go to latest Published: Jan 15, 2019 License: Apache-2.0 Imports: 5 Imported by: 15

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/google/go-cloud

Links

Open Source Insights

Documentation ¶

Overview ¶

Package awskms provides functionality to encrypt and decrypt secrets using AWS KMS.

Example (Decrypt) ¶

package main

import (
	"context"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/session"
	"gocloud.dev/secrets/awskms"
)

func main() {
	sess, err := session.NewSession(&aws.Config{
		Region: aws.String("us-west-1"),
	})
	if err != nil {
		panic(err)
	}

	// Get a client to use with the KMS API.
	client, err := awskms.Dial(sess)
	if err != nil {
		panic(err)
	}

	// Get the secret to be decrypted from some kind of storage.
	var ciphertext []byte

	// keyID is not needed when doing decryption.
	keeper := awskms.NewKeeper(client, "", nil)

	// Makes the request to the KMS API to decrypt the binary into plain text.
	decrypted, err := keeper.Decrypt(context.Background(), ciphertext)
	if err != nil {
		panic(err)
	}
	// Use the decrypted secret.
	_ = decrypted
}

Output:

Example (Encrypt) ¶

package main

import (
	"context"
	"log"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/session"
	"gocloud.dev/secrets/awskms"
)

func main() {
	sess, err := session.NewSession(&aws.Config{
		Region: aws.String("us-west-1"),
	})
	if err != nil {
		log.Fatal(err)
	}

	// Get a client to use with the KMS API.
	client, err := awskms.Dial(sess)
	if err != nil {
		log.Fatal(err)
	}

	plaintext := []byte("Hello, Secrets!")

	keeper := awskms.NewKeeper(
		client,
		// Get the key resource ID. Here is an example of using an alias. See
		// https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn
		// for more details.
		"alias/test-secrets",
		nil,
	)

	// Makes the request to the KMS API to encrypt the plain text into a binary.
	encrypted, err := keeper.Encrypt(context.Background(), plaintext)
	if err != nil {
		log.Fatal(err)
	}
	// Store the encrypted secret.
	_ = encrypted
}

Output:

Index ¶

func Dial(p client.ConfigProvider) (*kms.KMS, error)
func NewKeeper(client *kms.KMS, keyID string, opts *KeeperOptions) *secrets.Keeper
type KeeperOptions

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Dial ¶

func Dial(p client.ConfigProvider) (*kms.KMS, error)

Dial gets a AWS KMS service client.

func NewKeeper ¶

func NewKeeper(client *kms.KMS, keyID string, opts *KeeperOptions) *secrets.Keeper

NewKeeper returns a new Keeper to do encryption and decryption.

Types ¶

type KeeperOptions ¶

type KeeperOptions struct{}

KeeperOptions controls Keeper behaviors. It is provided for future extensibility.

Source Files ¶

View all Source files

kms.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL