Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetDefaultKeyManager ¶
func GetDefaultKeyManager() string
GetDefaultKeyManager returns the default key managerlabel.
func GetKeyManagers ¶
func GetKeyManagers() []string
GetKeyManagers returns a list of registered key managers.
Types ¶
type EnvelopeKey ¶
type EnvelopeKey struct {
// Plaintext is the plaintext encryption key.
Plaintext []byte
// Ciphertext is the ciphertext of the encryption key, encrypted with a key that is managed
// by the key manager..
Ciphertext []byte
}
EnvelopeKey represents the key used in envelope encryption.
func (*EnvelopeKey) GetPlaintext32 ¶
func (e *EnvelopeKey) GetPlaintext32() *[32]byte
GetPlaintext32 returns the Plaintext key as a byte array.
type KeyManager ¶
type KeyManager interface {
GenerateEnvelopeKey(keyID, secretID string) (EnvelopeKey, error)
Decrypt(keyMetadata []byte, secretID string) ([]byte, error)
Label() string
}
KeyManager represents a service that can generate envelope keys and provide decryption keys.
func New ¶
func New(label string) (KeyManager, error)
New returns a KeyManager of the requested type.
type Kms ¶
type Kms struct {
// contains filtered or unexported fields
}
Kms is a KeyManager for AWS KMS.
func (*Kms) GenerateEnvelopeKey ¶
func (k *Kms) GenerateEnvelopeKey(keyID string, secretID string) (EnvelopeKey, error)
GenerateEnvelopeKey generates an EnvelopeKey under a specific KeyID.
Source Files
Click to show internal directories.
Click to hide internal directories.