vault: Index | Files

package awskms

import ""


Package Files

awskms.go testing.go


const (
    // AWSKMSEncrypt is used to directly encrypt the data with KMS
    AWSKMSEncrypt = iota
    // AWSKMSEnvelopeAESGCMEncrypt is when a data encryption key is generated and
    // the data is encrypted with AESGCM and the key is encrypted with KMS
const (
    // EnvAWSKMSSealKeyID is the AWS KMS key ID to use for encryption and decryption

type AWSKMSMechanism Uses

type AWSKMSMechanism uint32

AWSKMSMechanism is the method used to encrypt/decrypt in the autoseal

type AWSKMSSeal Uses

type AWSKMSSeal struct {
    // contains filtered or unexported fields

AWSKMSSeal represents credentials and Key information for the KMS Key used to encryption and decryption

func NewAWSKMSTestSeal Uses

func NewAWSKMSTestSeal() *AWSKMSSeal

func NewSeal Uses

func NewSeal(logger log.Logger) *AWSKMSSeal

NewSeal creates a new AWSKMS seal with the provided logger

func (*AWSKMSSeal) Decrypt Uses

func (k *AWSKMSSeal) Decrypt(_ context.Context, in *physical.EncryptedBlobInfo) (pt []byte, err error)

Decrypt is used to decrypt the ciphertext. This should be called after Init.

func (*AWSKMSSeal) Encrypt Uses

func (k *AWSKMSSeal) Encrypt(_ context.Context, plaintext []byte) (blob *physical.EncryptedBlobInfo, err error)

Encrypt is used to encrypt the master key using the the AWS CMK. This returns the ciphertext, and/or any errors from this call. This should be called after the KMS client has been instantiated.

func (*AWSKMSSeal) Finalize Uses

func (k *AWSKMSSeal) Finalize(_ context.Context) error

Finalize is called during shutdown. This is a no-op since AWSKMSSeal doesn't require any cleanup.

func (*AWSKMSSeal) Init Uses

func (k *AWSKMSSeal) Init(_ context.Context) error

Init is called during core.Initialize. No-op at the moment.

func (*AWSKMSSeal) KeyID Uses

func (k *AWSKMSSeal) KeyID() string

KeyID returns the last known key id.

func (*AWSKMSSeal) SealType Uses

func (k *AWSKMSSeal) SealType() string

SealType returns the seal type for this particular seal implementation.

func (*AWSKMSSeal) SetConfig Uses

func (k *AWSKMSSeal) SetConfig(config map[string]string) (map[string]string, error)

SetConfig sets the fields on the AWSKMSSeal object based on values from the config parameter.

Order of precedence AWS values: * Environment variable * Value from Vault configuration file * Instance metadata role (access key and secret key) * Default values

Package awskms imports 20 packages (graph) and is imported by 3 packages. Updated 2019-05-01. Refresh now. Tools for package owners.