README
¶
kms provider
The KMS provider uses the AWS KMS service to encrypt every secret value.
Example
crypto:
provider: kms
key: arn:aws:kms:us-east-1:000000000000:key/00000000-0000-0000-0000-000000000000
zero:
ciphertext: AKMSTHiNG0123456789AAAA...0XyZ
encrypted: true
hash: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Environment variables
go-config-yourself strives to behave like any other AWS SDK client.
The following AWS_* environment variables are implemented:
AWS_PROFILE: if set, go-config-yourself will use the profile configuration from~/.aws/configto prompt for MFA tokens when required or assuming a role.
Known Issues
- Since not all regions are enabled by default, and there is currently no API endpoint to list the available regions for the user's AWS account,
gcy (init|rekey)will only warn onUnrecognizedClientExceptionand continue querying for keys in all regions.
Documentation
¶
Overview ¶
Package kms adds kms support for go-config-yourself
It uses the AWS KMS (https://aws.amazon.com/kms/) service to encrypt every secret value.
Index ¶
- func New(config map[string]interface{}) (pvd.Crypto, error)
- type Provider
- func (provider *Provider) Decrypt(encryptedBytes []byte) (string, error)
- func (provider *Provider) Enabled() bool
- func (provider *Provider) Encrypt(plainText []byte) ([]byte, error)
- func (provider *Provider) Replace(args map[string]interface{}) (err error)
- func (provider *Provider) Serialize() (serialized map[string]interface{})
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Provider ¶
type Provider struct {
// contains filtered or unexported fields
}
Provider implements provider.Crypto for KMS
Source Files
Click to show internal directories.
Click to hide internal directories.