README
¶
This package implements the Secure Key Release operation to release a secret previously imported to Azure Key Vault. It interacts with the local attesation library to fetch an MAA token and then uses the MAA token when interacting with the Azure Key Vault (AKV) service for releasing a secret previously imported to the key vault with a user-defined release policy. The AKV API expects an authentication token that has proper permissions to the AKV.
Documentation
¶
Index ¶
Constants ¶
const ( ResourceIdManagedHSM = "https%3A%2F%2Fmanagedhsm.azure.net" ResourceIdVault = "https%3A%2F%2Fvault.azure.net" )
Variables ¶
This section is empty.
Functions ¶
func SecureKeyRelease ¶
func SecureKeyRelease(identity common.Identity, certState attest.CertState, SKRKeyBlob common.KeyBlob, uvmInformation common.UvmInformation) (_ jwk.Key, err error)
SecureKeyRelease releases a key identified by the KID and AKV in the keyblob.
- Retrieve an MAA token using the attestation package. This token can be presented to a Azure Key Vault to release a secret.
- Present the MAA token to the AKV for each secret that will be released. The AKV uses the public key presented as runtime-claims in the MAA token to wrap the released secret. This ensures that only the utility VM in posession of the private wrapping key can decrypt the material
The method requires serveral attributes including the uVM infomration, keyblob that contains information about the AKV, authority and the key to be released.
The return type is a JWK key
Types ¶
This section is empty.
Source Files