Documentation
¶
Overview ¶
Package options defines options for KMS clients
Package options contains functional options for the various SignerVerifiers
Index ¶
- type NoOpOptionImpl
- func (NoOpOptionImpl) ApplyContext(ctx *context.Context)
- func (NoOpOptionImpl) ApplyCryptoSignerOpts(opts *crypto.SignerOpts)
- func (NoOpOptionImpl) ApplyDigest(digest *[]byte)
- func (NoOpOptionImpl) ApplyKeyVersion(keyVersion *string)
- func (NoOpOptionImpl) ApplyKeyVersionUsed(keyVersion **string)
- func (NoOpOptionImpl) ApplyRPCAuthOpts(opts *RPCAuth)
- func (NoOpOptionImpl) ApplyRand(rand *io.Reader)
- func (NoOpOptionImpl) ApplyRemoteVerification(remoteVerification *bool)
- type RPCAuth
- type RPCAuthOIDC
- type RPCAuthOpts
- type RequestContext
- type RequestCryptoSignerOpts
- type RequestDigest
- type RequestKeyVersion
- type RequestKeyVersionUsed
- type RequestRand
- type RequestRemoteVerification
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type NoOpOptionImpl ¶
type NoOpOptionImpl struct{}
NoOpOptionImpl implements the RPCOption, SignOption, VerifyOption interfaces as no-ops.
func (NoOpOptionImpl) ApplyContext ¶
func (NoOpOptionImpl) ApplyContext(ctx *context.Context)
ApplyContext is a no-op required to fully implement the requisite interfaces
func (NoOpOptionImpl) ApplyCryptoSignerOpts ¶
func (NoOpOptionImpl) ApplyCryptoSignerOpts(opts *crypto.SignerOpts)
ApplyCryptoSignerOpts is a no-op required to fully implement the requisite interfaces
func (NoOpOptionImpl) ApplyDigest ¶
func (NoOpOptionImpl) ApplyDigest(digest *[]byte)
ApplyDigest is a no-op required to fully implement the requisite interfaces
func (NoOpOptionImpl) ApplyKeyVersion ¶
func (NoOpOptionImpl) ApplyKeyVersion(keyVersion *string)
ApplyKeyVersion is a no-op required to fully implement the requisite interfaces
func (NoOpOptionImpl) ApplyKeyVersionUsed ¶
func (NoOpOptionImpl) ApplyKeyVersionUsed(keyVersion **string)
ApplyKeyVersionUsed is a no-op required to fully implement the requisite interfaces
func (NoOpOptionImpl) ApplyRPCAuthOpts ¶
func (NoOpOptionImpl) ApplyRPCAuthOpts(opts *RPCAuth)
ApplyRPCAuthOpts is a no-op required to fully implement the requisite interfaces
func (NoOpOptionImpl) ApplyRand ¶
func (NoOpOptionImpl) ApplyRand(rand *io.Reader)
ApplyRand is a no-op required to fully implement the requisite interfaces
func (NoOpOptionImpl) ApplyRemoteVerification ¶
func (NoOpOptionImpl) ApplyRemoteVerification(remoteVerification *bool)
ApplyRemoteVerification is a no-op required to fully implement the requisite interfaces
type RPCAuth ¶
type RPCAuth struct {
Address string // address is the remote server address, e.g. https://vault:8200
Path string // path for the RPC, in vault this is the transit path which default to "transit"
Token string // token used for RPC, in vault this is the VAULT_TOKEN value
OIDC RPCAuthOIDC
}
RPCAuth provides credentials for RPC calls, empty fields are ignored
type RPCAuthOIDC ¶
type RPCAuthOIDC struct {
Path string // path defaults to "jwt" for vault
Role string // role is required for jwt logins
Token string // token is a jwt with vault
}
RPCAuthOIDC is used to perform the RPC login using OIDC instead of a fixed token
type RPCAuthOpts ¶
type RPCAuthOpts struct {
NoOpOptionImpl
// contains filtered or unexported fields
}
RPCAuthOpts includes authentication settings for RPC calls
func WithRPCAuthOpts ¶
func WithRPCAuthOpts(opts RPCAuth) RPCAuthOpts
WithRPCAuthOpts specifies RPCAuth settings to be used with RPC logins
func (RPCAuthOpts) ApplyRPCAuthOpts ¶
func (r RPCAuthOpts) ApplyRPCAuthOpts(opts *RPCAuth)
ApplyRPCAuthOpts sets the RPCAuth as a function option
type RequestContext ¶
type RequestContext struct {
NoOpOptionImpl
// contains filtered or unexported fields
}
RequestContext implements the functional option pattern for including a context during RPC
func WithContext ¶
func WithContext(ctx context.Context) RequestContext
WithContext specifies that the given context should be used in RPC to external services
func (RequestContext) ApplyContext ¶
func (r RequestContext) ApplyContext(ctx *context.Context)
ApplyContext sets the specified context as the functional option
type RequestCryptoSignerOpts ¶
type RequestCryptoSignerOpts struct {
NoOpOptionImpl
// contains filtered or unexported fields
}
RequestCryptoSignerOpts implements the functional option pattern for supplying crypto.SignerOpts when signing or verifying
func WithCryptoSignerOpts ¶
func WithCryptoSignerOpts(opts crypto.SignerOpts) RequestCryptoSignerOpts
WithCryptoSignerOpts specifies that provided crypto.SignerOpts be used during signing and verification operations
func (RequestCryptoSignerOpts) ApplyCryptoSignerOpts ¶
func (r RequestCryptoSignerOpts) ApplyCryptoSignerOpts(opts *crypto.SignerOpts)
ApplyCryptoSignerOpts sets crypto.SignerOpts as a functional option
type RequestDigest ¶
type RequestDigest struct {
NoOpOptionImpl
// contains filtered or unexported fields
}
RequestDigest implements the functional option pattern for specifying a digest value
func WithDigest ¶
func WithDigest(digest []byte) RequestDigest
WithDigest specifies that the given digest can be used by underlying signature implementations WARNING: When verifying a digest with ECDSA, it is trivial to craft a valid signature over a random message given a public key. Do not use this unles you understand the implications and do not need to protect against malleability.
func (RequestDigest) ApplyDigest ¶
func (r RequestDigest) ApplyDigest(digest *[]byte)
ApplyDigest sets the specified digest value as the functional option
type RequestKeyVersion ¶
type RequestKeyVersion struct {
NoOpOptionImpl
// contains filtered or unexported fields
}
RequestKeyVersion implements the functional option pattern for specifying the KMS key version during signing or verification
func WithKeyVersion ¶
func WithKeyVersion(keyVersion string) RequestKeyVersion
WithKeyVersion specifies that a specific KMS key version be used during signing and verification operations; a value of 0 will use the latest version of the key (default)
func (RequestKeyVersion) ApplyKeyVersion ¶
func (r RequestKeyVersion) ApplyKeyVersion(keyVersion *string)
ApplyKeyVersion sets the KMS's key version as a functional option
type RequestKeyVersionUsed ¶
type RequestKeyVersionUsed struct {
NoOpOptionImpl
// contains filtered or unexported fields
}
RequestKeyVersionUsed implements the functional option pattern for obtaining the KMS key version used during signing
func ReturnKeyVersionUsed ¶
func ReturnKeyVersionUsed(keyVersionUsed *string) RequestKeyVersionUsed
ReturnKeyVersionUsed specifies that the specific KMS key version that was used during signing should be stored in the pointer provided
func (RequestKeyVersionUsed) ApplyKeyVersionUsed ¶
func (r RequestKeyVersionUsed) ApplyKeyVersionUsed(keyVersionUsed **string)
ApplyKeyVersionUsed requests to store the KMS's key version that was used as a functional option
type RequestRand ¶
type RequestRand struct {
NoOpOptionImpl
// contains filtered or unexported fields
}
RequestRand implements the functional option pattern for using a specific source of entropy
func WithRand ¶
func WithRand(rand io.Reader) RequestRand
WithRand specifies that the given source of entropy should be used in signing operations
func (RequestRand) ApplyRand ¶
func (r RequestRand) ApplyRand(rand *io.Reader)
ApplyRand sets the specified source of entropy as the functional option
type RequestRemoteVerification ¶
type RequestRemoteVerification struct {
NoOpOptionImpl
// contains filtered or unexported fields
}
RequestRemoteVerification implements the functional option pattern for remotely verifiying signatures when possible
func WithRemoteVerification ¶
func WithRemoteVerification(remoteVerification bool) RequestRemoteVerification
WithRemoteVerification specifies that the verification operation should be performed remotely (vs in the process of the caller)
func (RequestRemoteVerification) ApplyRemoteVerification ¶
func (r RequestRemoteVerification) ApplyRemoteVerification(remoteVerification *bool)
ApplyRemoteVerification sets remote verification as a functional option
Source Files