Documentation ¶
Index ¶
Constants ¶
View Source
const ( ResourceIdManagedHSM = "https%3A%2F%2Fmanagedhsm.azure.net" ResourceIdVault = "https%3A%2F%2Fvault.azure.net" )
Variables ¶
This section is empty.
Functions ¶
func SecureKeyRelease ¶
func SecureKeyRelease(identity common.Identity, certState attest.CertState, SKRKeyBlob common.KeyBlob, uvmInformation common.UvmInformation) (_ jwk.Key, err error)
SecureKeyRelease releases a key identified by the KID and AKV in the keyblob.
- Retrieve an MAA token using the attestation package. This token can be presented to a Azure Key Vault to release a secret.
- Present the MAA token to the AKV for each secret that will be released. The AKV uses the public key presented as runtime-claims in the MAA token to wrap the released secret. This ensures that only the utility VM in posession of the private wrapping key can decrypt the material
The method requires serveral attributes including the uVM infomration, keyblob that contains information about the AKV, authority and the key to be released.
The return type is a JWK key
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.