awskms

package

v1.7.0 Latest Latest Go to latest Published: Aug 10, 2022 License: Apache-2.0 Imports: 14 Imported by: 15

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/google/tink

Links

Open Source Insights

Documentation ¶

Overview ¶

Package awskms provides integration with the AWS Cloud KMS.

Index ¶

func NewClient(uriPrefix string) (registry.KMSClient, error)
func NewClientWithCredentials(uriPrefix string, credentialPath string) (registry.KMSClient, error)
func NewClientWithKMS(uriPrefix string, kms kmsiface.KMSAPI) (registry.KMSClient, error)
type AWSAEAD
- func (a *AWSAEAD) Decrypt(ciphertext, associatedData []byte) ([]byte, error)
- func (a *AWSAEAD) Encrypt(plaintext, associatedData []byte) ([]byte, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewClient ¶

func NewClient(uriPrefix string) (registry.KMSClient, error)

NewClient returns a new AWS KMS client which will use default credentials to handle keys with uriPrefix prefix. uriPrefix must have the following format: 'aws-kms://arn:<partition>:kms:<region>:[:path]'. See http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html.

func NewClientWithCredentials ¶

func NewClientWithCredentials(uriPrefix string, credentialPath string) (registry.KMSClient, error)

NewClientWithCredentials returns a new AWS KMS client which will use given credentials to handle keys with uriPrefix prefix. uriPrefix must have the following format: 'aws-kms://arn:<partition>:kms:<region>:[:path]'. See http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html.

func NewClientWithKMS ¶

func NewClientWithKMS(uriPrefix string, kms kmsiface.KMSAPI) (registry.KMSClient, error)

NewClientWithKMS returns a new AWS KMS client with user created KMS client. Client is responsible for keeping the region consistency between key URI and KMS client. uriPrefix must have the following format: 'aws-kms://arn:<partition>:kms:<region>:[:path]'. See http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html.

Types ¶

type AWSAEAD ¶

type AWSAEAD struct {
	// contains filtered or unexported fields
}

AWSAEAD represents a AWS KMS service to a particular URI.

func (*AWSAEAD) Decrypt ¶

func (a *AWSAEAD) Decrypt(ciphertext, associatedData []byte) ([]byte, error)

Decrypt AEAD decrypts the data and verified the associated data.

Returns an error if the KeyId field in the response does not match the KeyURI provided when creating the client. If we don't do this, the possibility exists for the ciphertext to be replaced by one under a key we don't control/expect, but do have decrypt permissions on.

This check is disabled if AWSAEAD.keyURI is not in key ARN format.

See https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id.

func (*AWSAEAD) Encrypt ¶

func (a *AWSAEAD) Encrypt(plaintext, associatedData []byte) ([]byte, error)

Encrypt encrypts the plaintext with associatedData.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL