Documentation
¶
Index ¶
Constants ¶
View Source
const (
// KmsLabel is the label for the AWS KMS.
KmsLabel = "kms"
)
Variables ¶
This section is empty.
Functions ¶
func GetDefaultKeyManager ¶
func GetDefaultKeyManager() string
GetDefaultKeyManager returns the default key manager label.
func GetKeyManagers ¶
func GetKeyManagers() []string
GetKeyManagers returns a list of registered key managers.
Types ¶
type EnvelopeKey ¶
type EnvelopeKey struct {
// ResolvedID is the fully qualified key ID.
ResolvedID string
// Plaintext is the plaintext encryption key.
Plaintext []byte
// Ciphertext is the ciphertext of the encryption key, encrypted with a key that is managed
// by the key manager.
Ciphertext []byte
}
EnvelopeKey represents the key used in envelope encryption.
func (*EnvelopeKey) GetPlaintextKey ¶
func (e *EnvelopeKey) GetPlaintextKey() *[32]byte
GetPlaintextKey returns the Plaintext key as a byte array.
type KeyManager ¶
type KeyManager interface {
GenerateEnvelopeKey(ctx context.Context, keyID, secretID string) (EnvelopeKey, error)
Decrypt(ctx context.Context, keyID string, keyMetadata []byte, secretID string) ([]byte, error)
Label() string
}
KeyManager represents a service that can generate envelope keys and provide decryption keys.
func New ¶
func New(label string) (KeyManager, error)
New returns a KeyManager of the requested type.
type Kms ¶
type Kms struct{}
Kms is a KeyManager for AWS KMS.
func (*Kms) Decrypt ¶
func (k *Kms) Decrypt(ctx context.Context, keyID string, keyCiphertext []byte, secretID string) ([]byte, error)
Decrypt decrypts the encrypted key.
func (*Kms) GenerateEnvelopeKey ¶
func (k *Kms) GenerateEnvelopeKey(ctx context.Context, keyID string, secretID string) (EnvelopeKey, error)
GenerateEnvelopeKey generates an EnvelopeKey under a specific KeyID.
Source Files
Click to show internal directories.
Click to hide internal directories.