hcvault

package

v0.3.5 Latest Latest Go to latest Published: Apr 11, 2024 License: Apache-2.0, MPL-2.0, Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/bedag/subst

Links

Open Source Insights

Documentation ¶

Index ¶

type MasterKey
- func MasterKeyFromAddress(address, enginePath, keyName string) *MasterKey
type VaultToken
- func (t VaultToken) ApplyToMasterKey(key *MasterKey)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type MasterKey ¶

type MasterKey struct {
	KeyName      string
	EnginePath   string
	VaultAddress string

	EncryptedKey string
	CreationDate time.Time
	// contains filtered or unexported fields
}

MasterKey is a Vault Transit backend path used to Encrypt and Decrypt SOPS' data key.

Adapted from https://github.com/mozilla/sops/blob/v3.7.1/hcvault/keysource.go to be able to have fine-grain control over the used decryption keys without relying on the existence of environment variable or file.

func MasterKeyFromAddress ¶

func MasterKeyFromAddress(address, enginePath, keyName string) *MasterKey

MasterKeyFromAddress creates a new MasterKey from a Vault address, Transit backend path and a key name.

func (*MasterKey) Decrypt ¶

func (key *MasterKey) Decrypt() ([]byte, error)

Decrypt decrypts the EncryptedKey field with Vault Transit and returns the result.

func (*MasterKey) Encrypt ¶

func (key *MasterKey) Encrypt(dataKey []byte) error

Encrypt takes a SOPS data key, encrypts it with Vault Transit, and stores the result in the EncryptedKey field.

func (*MasterKey) EncryptIfNeeded ¶

func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error

EncryptIfNeeded encrypts the provided SOPS data key, if it has not been encrypted yet.

func (*MasterKey) EncryptedDataKey ¶

func (key *MasterKey) EncryptedDataKey() []byte

EncryptedDataKey returns the encrypted data key this master key holds.

func (*MasterKey) NeedsRotation ¶

func (key *MasterKey) NeedsRotation() bool

NeedsRotation returns whether the data key needs to be rotated or not.

func (*MasterKey) SetEncryptedDataKey ¶

func (key *MasterKey) SetEncryptedDataKey(enc []byte)

SetEncryptedDataKey sets the encrypted data key for this master key.

func (MasterKey) ToMap ¶

func (key MasterKey) ToMap() map[string]interface{}

ToMap converts the MasterKey to a map for serialization purposes.

func (*MasterKey) ToString ¶

func (key *MasterKey) ToString() string

ToString converts the key to a string representation.

type VaultToken ¶

type VaultToken string

VaultToken used for authenticating towards a Vault server.

func (VaultToken) ApplyToMasterKey ¶

func (t VaultToken) ApplyToMasterKey(key *MasterKey)

ApplyToMasterKey configures the token on the provided key.

Source Files ¶

View all Source files

keysource.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL