Documentation ¶
Overview ¶
Package awskms provides functionality to encrypt and decrypt secrets using AWS KMS.
Example (Decrypt) ¶
package main import ( "context" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/session" "gocloud.dev/secrets/awskms" ) func main() { sess, err := session.NewSession(&aws.Config{ Region: aws.String("us-west-1"), }) if err != nil { panic(err) } // Get a client to use with the KMS API. client, err := awskms.Dial(sess) if err != nil { panic(err) } // Get the secret to be decrypted from some kind of storage. var ciphertext []byte // keyID is not needed when doing decryption. keeper := awskms.NewKeeper(client, "", nil) // Makes the request to the KMS API to decrypt the binary into plain text. decrypted, err := keeper.Decrypt(context.Background(), ciphertext) if err != nil { panic(err) } // Use the decrypted secret. _ = decrypted }
Output:
Example (Encrypt) ¶
package main import ( "context" "log" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/session" "gocloud.dev/secrets/awskms" ) func main() { sess, err := session.NewSession(&aws.Config{ Region: aws.String("us-west-1"), }) if err != nil { log.Fatal(err) } // Get a client to use with the KMS API. client, err := awskms.Dial(sess) if err != nil { log.Fatal(err) } plaintext := []byte("Hello, Secrets!") keeper := awskms.NewKeeper( client, // Get the key resource ID. Here is an example of using an alias. See // https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn // for more details. "alias/test-secrets", nil, ) // Makes the request to the KMS API to encrypt the plain text into a binary. encrypted, err := keeper.Encrypt(context.Background(), plaintext) if err != nil { log.Fatal(err) } // Store the encrypted secret. _ = encrypted }
Output:
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type KeeperOptions ¶
type KeeperOptions struct{}
KeeperOptions controls Keeper behaviors. It is provided for future extensibility.
Click to show internal directories.
Click to hide internal directories.