azurekeyvault

package module

v2.10.0 Latest Latest Go to latest Published: Jun 13, 2023 License: MPL-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hxfs/go-kms-wrapping

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func ParseKeyVersion(kid string) string
func WithClientId(with string) wrapping.Option
func WithClientSecret(with string) wrapping.Option
func WithDisallowEnvVars(with bool) wrapping.Option
func WithEnvironment(with string) wrapping.Option
func WithKeyName(with string) wrapping.Option
func WithKeyNotRequired(with bool) wrapping.Option
func WithLogger(with hclog.Logger) wrapping.Option
func WithResource(with string) wrapping.Option
func WithTenantId(with string) wrapping.Option
func WithVaultName(with string) wrapping.Option
type OptionFunc
type Wrapper
- func NewWrapper() *Wrapper

Constants ¶

View Source

const (
	EnvAzureKeyVaultWrapperVaultName = "AZUREKEYVAULT_WRAPPER_VAULT_NAME"
	EnvVaultAzureKeyVaultVaultName   = "VAULT_AZUREKEYVAULT_VAULT_NAME"

	EnvAzureKeyVaultWrapperKeyName = "AZUREKEYVAULT_WRAPPER_KEY_NAME"
	EnvVaultAzureKeyVaultKeyName   = "VAULT_AZUREKEYVAULT_KEY_NAME"
)

Variables ¶

This section is empty.

Functions ¶

func ParseKeyVersion ¶

func ParseKeyVersion(kid string) string

Kid gets returned as a full URL, get the last bit which is just the version

func WithClientId ¶

func WithClientId(with string) wrapping.Option

WithClientId provides a way to chose the client ID

func WithClientSecret ¶

func WithClientSecret(with string) wrapping.Option

WithClientSecret provides a way to chose the client secret

func WithDisallowEnvVars ¶

func WithDisallowEnvVars(with bool) wrapping.Option

WithDisallowEnvVars provides a way to disable using env vars

func WithEnvironment ¶

func WithEnvironment(with string) wrapping.Option

WithEnvironment provides a way to chose the environment

func WithKeyName ¶

func WithKeyName(with string) wrapping.Option

WithKeyName provides a way to chose the key name

func WithKeyNotRequired ¶

func WithKeyNotRequired(with bool) wrapping.Option

WithKeyNotRequired provides a way to not require a key at config time

func WithLogger ¶

func WithLogger(with hclog.Logger) wrapping.Option

WithLogger provides a way to pass in a logger

func WithResource ¶

func WithResource(with string) wrapping.Option

WithResource provides a way to chose the resource

func WithTenantId ¶

func WithTenantId(with string) wrapping.Option

WithTenantId provides a way to chose the tenant ID

func WithVaultName ¶

func WithVaultName(with string) wrapping.Option

WithVaultName provides a way to chose the vault name

Types ¶

type OptionFunc ¶

type OptionFunc func(*options) error

OptionFunc holds a function with local options

type Wrapper ¶

type Wrapper struct {
	// contains filtered or unexported fields
}

Wrapper is an Wrapper that uses Azure Key Vault for crypto operations. Azure Key Vault currently does not support keys that can encrypt long data (RSA keys). Due to this fact, we generate and AES key and wrap the key using Key Vault and store it with the data

func NewWrapper ¶

func NewWrapper() *Wrapper

NewWrapper creates a new wrapper with the given options

func (*Wrapper) BaseURL ¶

func (v *Wrapper) BaseURL() string

BaseURL returns the base URL for key management operation requests based on the Azure Vault name and environment.

func (*Wrapper) Client ¶

func (v *Wrapper) Client() *keyvault.BaseClient

Client returns the AzureKeyVault client used by the wrapper.

func (*Wrapper) Decrypt ¶

func (v *Wrapper) Decrypt(ctx context.Context, in *wrapping.BlobInfo, opt ...wrapping.Option) ([]byte, error)

Decrypt is used to decrypt the ciphertext

func (*Wrapper) Encrypt ¶

func (v *Wrapper) Encrypt(ctx context.Context, plaintext []byte, opt ...wrapping.Option) (*wrapping.BlobInfo, error)

Encrypt is used to encrypt using Azure Key Vault. This returns the ciphertext, and/or any errors from this call.

func (*Wrapper) KeyId ¶

func (v *Wrapper) KeyId(_ context.Context) (string, error)

KeyId returns the last known key id

func (*Wrapper) Logger ¶

func (v *Wrapper) Logger() hclog.Logger

Logger returns the logger used by the wrapper.

func (*Wrapper) SetConfig ¶

func (v *Wrapper) SetConfig(_ context.Context, opt ...wrapping.Option) (*wrapping.WrapperConfig, error)

SetConfig sets the fields on the Wrapper object based on values from the config parameter.

Order of precedence: * Environment variable * Passed in config map * Managed Service Identity for instance

func (*Wrapper) Type ¶

func (v *Wrapper) Type(_ context.Context) (wrapping.WrapperType, error)

Type returns the type for this particular Wrapper implementation

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL