Documentation
¶
Index ¶
- Constants
- func WithCredentials(with string) wrapping.Option
- func WithCryptoKey(with string) wrapping.Option
- func WithKeyNotRequired(with bool) wrapping.Option
- func WithKeyRing(with string) wrapping.Option
- func WithProject(with string) wrapping.Option
- func WithRegion(with string) wrapping.Option
- func WithUserAgent(with string) wrapping.Option
- type OptionFunc
- type Wrapper
- func (s *Wrapper) Client() *cloudkms.KeyManagementClient
- func (s *Wrapper) Decrypt(ctx context.Context, in *wrapping.BlobInfo, opt ...wrapping.Option) ([]byte, error)
- func (s *Wrapper) Encrypt(ctx context.Context, plaintext []byte, opt ...wrapping.Option) (*wrapping.BlobInfo, error)
- func (s *Wrapper) KeyId(_ context.Context) (string, error)
- func (s *Wrapper) KeyRingResourceName() string
- func (s *Wrapper) LocationName() string
- func (s *Wrapper) SetConfig(_ context.Context, opt ...wrapping.Option) (*wrapping.WrapperConfig, error)
- func (s *Wrapper) Type(_ context.Context) (wrapping.WrapperType, error)
Constants ¶
const ( // General GCP values, follows TF naming conventions EnvGcpCkmsWrapperCredsPath = "GOOGLE_CREDENTIALS" EnvGcpCkmsWrapperProject = "GOOGLE_PROJECT" EnvGcpCkmsWrapperLocation = "GOOGLE_REGION" // CKMS-specific values EnvGcpCkmsWrapperKeyRing = "GCPCKMS_WRAPPER_KEY_RING" EnvVaultGcpCkmsSealKeyRing = "VAULT_GCPCKMS_SEAL_KEY_RING" EnvGcpCkmsWrapperCryptoKey = "GCPCKMS_WRAPPER_CRYPTO_KEY" EnvVaultGcpCkmsSealCryptoKey = "VAULT_GCPCKMS_SEAL_CRYPTO_KEY" )
const ( // GcpCkmsEncrypt is used to directly encrypt the data with KMS GcpCkmsEncrypt = iota // GcpCkmsEnvelopeAesGcmEncrypt is when a data encryption key is generatated and // the data is encrypted with AES-GCM and the key is encrypted with KMS GcpCkmsEnvelopeAesGcmEncrypt )
Variables ¶
This section is empty.
Functions ¶
func WithCredentials ¶
WithCredentials provides a way to specify credentials
func WithCryptoKey ¶
WithCryptoKey provides a way to chose the crypto key
func WithKeyNotRequired ¶
WithKeyNotRequired provides a way to not require a key at config time
func WithKeyRing ¶
WithKeyRing provides a way to chose the key ring
func WithProject ¶
WithProject provides a way to chose the project
func WithRegion ¶
WithRegion provides a way to chose the region
func WithUserAgent ¶
WithUserAgent provides a way to chose the user agent
Types ¶
type OptionFunc ¶
type OptionFunc func(*options) error
OptionFunc holds a function with local options
type Wrapper ¶
type Wrapper struct {
// contains filtered or unexported fields
}
func NewWrapper ¶
func NewWrapper() *Wrapper
func (*Wrapper) Client ¶
func (s *Wrapper) Client() *cloudkms.KeyManagementClient
Client returns the GCP KMS client used by the wrapper.
func (*Wrapper) Decrypt ¶
func (s *Wrapper) Decrypt(ctx context.Context, in *wrapping.BlobInfo, opt ...wrapping.Option) ([]byte, error)
Decrypt is used to decrypt the ciphertext.
func (*Wrapper) Encrypt ¶
func (s *Wrapper) Encrypt(ctx context.Context, plaintext []byte, opt ...wrapping.Option) (*wrapping.BlobInfo, error)
Encrypt is used to encrypt the master key using the the AWS CMK. This returns the ciphertext, and/or any errors from this call. This should be called after s.client has been instantiated.
func (*Wrapper) KeyRingResourceName ¶
KeyRingResourceName returns the relative resource name of the configured key ring.
func (*Wrapper) LocationName ¶
LocationName returns the relative location name.
func (*Wrapper) SetConfig ¶
func (s *Wrapper) SetConfig(_ context.Context, opt ...wrapping.Option) (*wrapping.WrapperConfig, error)
SetConfig sets the fields on the Wrapper object based on values from the config parameter. Environment variables take precedence over values provided in the config struct.
Order of precedence for GCP credentials file: * GOOGLE_CREDENTIALS environment variable * `credentials` value from Value configuration file * GOOGLE_APPLICATION_CREDENTIALS (https://developers.google.com/identity/protocols/application-default-credentials)
Source Files