peacemakr_go_sdk

package module
v0.0.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 3, 2019 License: Apache-2.0 Imports: 23 Imported by: 0

README

Peacemakr

CircleCI

A cloud or on-prem backed service that which provides simple, backward compatible, and secure key lifecycle management.

Getting started

How Do build this?

(1) Get dependencies (alternatively, just build the dependecy to core-crypto locally)
  • Docker
  • AWS CLI tools
  • AWS account with read permissions to peacemakr's AWS ECR
    • 716293438869.dkr.ecr.us-east-2.amazonaws.com/corecrypto:latest
    • 716293438869.dkr.ecr.us-east-2.amazonaws.com/corecrypto-dependencies:latest
(2) Generate all stubs from swagger
./generate-all-stubs.sh
(3) Build base images, containing all dependencies for peacemakr-api artifacts
./build-dependencies.sh
(4) Build binaries for all peacmakr-api artifactors,
./build-binaries.sh
Run all backend services locally, and some integration tests
docker-compose up

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var DEBUG = true
View Source 
var RSAKEYLENGTH = 4096

Functions

func ECPemString 

func ECPemString(key *ecdsa.PrivateKey) string

func PublicECPemKey 

func PublicECPemKey(key ecdsa.PublicKey) string

Types

type LocallizedKeyFetcherService 

type LocallizedKeyFetcherService struct {
	LocalPubKeys  map[string]string
	LocalPrivKeys map[string]string
}

type PeacemakrAAD 

type PeacemakrAAD struct {
	CryptoKeyID string `json:"cryptoKeyID"`
	SenderKeyID string `json:"senderKeyID"`
}

type PeacemakrSDK 

type PeacemakrSDK interface {

	//
	// Registers to PeaceMakr as a client. The persister is used to detect prior registrations on this client, so safe
	// to call multiple times. Once a successful invocation of Register is executed once, subsequent calls become a
	// noop. One successful call is required before any
	// cryptographic use of this SDK. Successful registration returns a nil error.
	//
	// Registration may fail with invalid apiKey, missing network connectivity, or an invalid persister. On failure,
	// take corrections action and invoke again.
	//
	Register() error

	//
	// Pre-Load all available keys for this client. This invocation will help performance of subsequent encryption
	// and decryption calls
	//
	// Pre-Loading may fail, if registration was not invoked, if there's network connectivity issues, or
	// unexpected authorization issues.
	//
	PreLoad() error

	//
	// Encrypt the plaintext. Returns a b64 encoded ciphertext blob on success, else returns a non-nil error.
	//
	EncryptStr(plaintext string) (string, error)

	Encrypt(plaintext []byte) ([]byte, error)

	//
	// Encrypt the plaintext, but restrict which keys may be used to a Use Domain of this specific name. Names of Use
	// Domains are not unique, and this non-unique property of your Organization's Use Domains allows for graceful
	// rotation of encryption keys off of old (retiring, stale, or compromised) Use Domains, simply by creating a new
	// Use Domain with the same name. The transitional purity, both Use Domains may be selected for encryption use by
	// clients restricted to one particular name. Then, retiring of one of the two Use Domains is possible without
	// disrupting your deployed application.
	//
	// Returns a b64 encoded ciphertext blob on success, else returns a non-nil error.
	//
	EncryptStrInDomain(plaintext string, useDomainName string) (string, error)

	EncryptInDomain(plaintext []byte, useDomainName string) ([]byte, error)

	//
	// Decrypt the ciphertexts. Returns original plaintext on success, else returns a non-nil error.
	//
	DecryptStr(ciphertext string) (string, error)

	Decrypt(ciphertext []byte) ([]byte, error)

	//
	// For visibility or debugging purposes, identify which client and configuration this client is running.
	// Also forwards debug info to peacemakr if phonehome enabled.
	//
	GetDebugInfo() string

	//
	// Under certain conditions, it may be necessary to release back to the system memory space consumed by this
	// SDK instance. This method releases internally managed hot cache of keys and metadata used for cryptographic
	// operations. Note: Invoking this method my result in increased network traffic and latency during subsequent
	// cryptographic operations, as these keys must be retrieved and decrypted before they're cached and available
	// for use again.
	//
	ReleaseMemory()
}

func GetPeacemakrSDK 

func GetPeacemakrSDK(apiKey, clientName string, peacemakrHostname *string, persister utils.Persister) (PeacemakrSDK, error)

Get a PeaceMakr SDK instance, given an apiKey, clientName, customerKeyManagerId, and persister.

The apiKey must be a valid apiKey associated with your organization. Please see management console to produce a valid apiKey for your organization.

The optional customerKeyManagerId identifies a specific customer's preferred key manager for key derivation. custeromKeyManagerId may be nil, in which case, your default crypto configurations are used.

The optional peacemakrServiceHost is the hostname for peacemakr hostname. Available for testing or customerized deployments, but by default, it points to public production peacemakr host.

ClientName may be any string, and may be helpful in identifying this specific client PeaceMakr management dashboards.

The provided persister, will be used to save local cryptographic material, used for key deliver, encryption, decyrption, signing, and verification.

Source Files

View all Source files

Directories

Path Synopsis
generated
client
client/client
client/crypto_config
client/key_derivation_service_registry
client/key_service
client/login
client/org
client/phone_home
client/server_management
models

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.