vault: github.com/hashicorp/vault/vault/seal/awskms Index | Files

package awskms

import "github.com/hashicorp/vault/vault/seal/awskms"

Index

Package Files

awskms.go testing.go

Constants

const (
    // AWSKMSEncrypt is used to directly encrypt the data with KMS
    AWSKMSEncrypt = iota
    // AWSKMSEnvelopeAESGCMEncrypt is when a data encryption key is generated and
    // the data is encrypted with AESGCM and the key is encrypted with KMS
    AWSKMSEnvelopeAESGCMEncrypt
)
const (
    // EnvAWSKMSSealKeyID is the AWS KMS key ID to use for encryption and decryption
    EnvAWSKMSSealKeyID = "VAULT_AWSKMS_SEAL_KEY_ID"
)

type AWSKMSMechanism Uses

type AWSKMSMechanism uint32

AWSKMSMechanism is the method used to encrypt/decrypt in the autoseal

type AWSKMSSeal Uses

type AWSKMSSeal struct {
    // contains filtered or unexported fields
}

AWSKMSSeal represents credentials and Key information for the KMS Key used to encryption and decryption

func NewAWSKMSTestSeal Uses

func NewAWSKMSTestSeal() *AWSKMSSeal

func NewSeal Uses

func NewSeal(logger log.Logger) *AWSKMSSeal

NewSeal creates a new AWSKMS seal with the provided logger

func (*AWSKMSSeal) Decrypt Uses

func (k *AWSKMSSeal) Decrypt(_ context.Context, in *physical.EncryptedBlobInfo) (pt []byte, err error)

Decrypt is used to decrypt the ciphertext. This should be called after Init.

func (*AWSKMSSeal) Encrypt Uses

func (k *AWSKMSSeal) Encrypt(_ context.Context, plaintext []byte) (blob *physical.EncryptedBlobInfo, err error)

Encrypt is used to encrypt the master key using the the AWS CMK. This returns the ciphertext, and/or any errors from this call. This should be called after the KMS client has been instantiated.

func (*AWSKMSSeal) Finalize Uses

func (k *AWSKMSSeal) Finalize(_ context.Context) error

Finalize is called during shutdown. This is a no-op since AWSKMSSeal doesn't require any cleanup.

func (*AWSKMSSeal) Init Uses

func (k *AWSKMSSeal) Init(_ context.Context) error

Init is called during core.Initialize. No-op at the moment.

func (*AWSKMSSeal) KeyID Uses

func (k *AWSKMSSeal) KeyID() string

KeyID returns the last known key id.

func (*AWSKMSSeal) SealType Uses

func (k *AWSKMSSeal) SealType() string

SealType returns the seal type for this particular seal implementation.

func (*AWSKMSSeal) SetConfig Uses

func (k *AWSKMSSeal) SetConfig(config map[string]string) (map[string]string, error)

SetConfig sets the fields on the AWSKMSSeal object based on values from the config parameter.

Order of precedence AWS values: * Environment variable * Value from Vault configuration file * Instance metadata role (access key and secret key) * Default values

Package awskms imports 20 packages (graph) and is imported by 3 packages. Updated 2019-05-01. Refresh now. Tools for package owners.