pkg

package

v0.0.1 Latest Latest Go to latest Published: May 1, 2018 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jrnt30/k8-kms-enc-provider

Links

Open Source Insights

Documentation ¶

Index ¶

type AwsKmsProvider
- func NewAwsKmsProvider(cfg *AwsKmsProviderConfiguration) (*AwsKmsProvider, error)
type AwsKmsProviderConfiguration

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AwsKmsProvider ¶

type AwsKmsProvider struct {
	// contains filtered or unexported fields
}

AwsKmsProvider is an implementation of the K8 KMS provider specification https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/

In this implemenation we are using AWS KMS's encryption functionality to convert the plaintext into a ciphertext that is capable of being stored securely.

func NewAwsKmsProvider ¶

func NewAwsKmsProvider(cfg *AwsKmsProviderConfiguration) (*AwsKmsProvider, error)

NewAwsKmsProvider is a helper for generating a new KMS Key proxy that provide sensible defaults

func (AwsKmsProvider) Decrypt ¶

func (a AwsKmsProvider) Decrypt(c context.Context, req *v1beta1.DecryptRequest) (*v1beta1.DecryptResponse, error)

Decrypt is responsible for converting the *v1beta1.DecryptRequest.Cipher into a plaintext representation K8 itself.

func (AwsKmsProvider) Encrypt ¶

func (a AwsKmsProvider) Encrypt(c context.Context, req *v1beta1.EncryptRequest) (*v1beta1.EncryptResponse, error)

Encrypt is responsible for taking the plaintext from *v1beta1.EncryptRequest.Plain and transparently encrypting the value for K8.

func (AwsKmsProvider) Version ¶

func (a AwsKmsProvider) Version(context.Context, *v1beta1.VersionRequest) (*v1beta1.VersionResponse, error)

Version returns API information to consumers (primarily just the K8 masters themselves )

type AwsKmsProviderConfiguration ¶

type AwsKmsProviderConfiguration struct {
	// KeyId is the identifier for KMS key to use for encryption.
	// Can be either the Key ARN or the Key ID.
	// NOTE: Key Alias support is currently not implemented with the existing
	// validation logic
	KeyId *string

	// AwsRegion is the specifier on which AWS Region the KMS key resides in.
	AwsRegion *string
}

AwsKmsProviderConfiguration allows for the customization of the KMS provider with some sensible defaults

Source Files ¶

View all Source files

encryptor.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL