Documentation ¶
Overview ¶
Package kms is a Key Management Service written in go
Current version: production
Index ¶
- Constants
- Variables
- func NewError(errorCode int) error
- type ArxMasterKeyProvider
- type BoltStorageProvider
- func (sp BoltStorageProvider) Close()
- func (sp BoltStorageProvider) GetKey(ctx context.Context, keyID string) ([]byte, error)
- func (sp BoltStorageProvider) ListCustomerKeyIDs(ctx context.Context) ([]string, error)
- func (sp BoltStorageProvider) SaveKey(ctx context.Context, keyID string, data []byte, overwrite bool) error
- type CassandraStorageProvider
- func (sp CassandraStorageProvider) Close()
- func (sp CassandraStorageProvider) GetKey(ctx context.Context, keyID string) ([]byte, error)
- func (sp CassandraStorageProvider) ListCustomerKeyIDs(ctx context.Context) ([]string, error)
- func (sp CassandraStorageProvider) SaveKey(ctx context.Context, keyID string, data []byte, overwrite bool) error
- type CouchbaseStorageProvider
- func (sp CouchbaseStorageProvider) Close()
- func (sp CouchbaseStorageProvider) GetKey(ctx context.Context, keyID string) ([]byte, error)
- func (sp CouchbaseStorageProvider) ListCustomerKeyIDs(ctx context.Context) ([]string, error)
- func (sp CouchbaseStorageProvider) SaveKey(ctx context.Context, keyID string, data []byte, overwrite bool) error
- type CryptoProvider
- type DefaultCryptoProvider
- func (cp DefaultCryptoProvider) CreateKey(ctx context.Context, description string) (*arxpb.KeyMetadata, error)
- func (cp DefaultCryptoProvider) Decrypt(ctx context.Context, data []byte) ([]byte, string, error)
- func (cp DefaultCryptoProvider) DisableKey(ctx context.Context, KeyID string) (*arxpb.KeyMetadata, error)
- func (cp DefaultCryptoProvider) EnableKey(ctx context.Context, KeyID string) (*arxpb.KeyMetadata, error)
- func (cp DefaultCryptoProvider) Encrypt(ctx context.Context, data []byte, KeyID string) ([]byte, error)
- func (cp DefaultCryptoProvider) GetKey(ctx context.Context, KeyID string) (*arxpb.Key, error)
- func (cp DefaultCryptoProvider) ListKeys(ctx context.Context) ([]*arxpb.KeyMetadata, error)
- func (cp DefaultCryptoProvider) ReEncrypt(ctx context.Context, data []byte, KeyID string) ([]byte, string, error)
- func (cp DefaultCryptoProvider) RotateKey(ctx context.Context, KeyID string) error
- func (cp DefaultCryptoProvider) SaveKey(ctx context.Context, key *arxpb.Key, add bool) error
- type DiskStorageProvider
- func (sp DiskStorageProvider) Close()
- func (sp DiskStorageProvider) GetKey(ctx context.Context, keyID string) ([]byte, error)
- func (sp DiskStorageProvider) ListCustomerKeyIDs(ctx context.Context) ([]string, error)
- func (sp DiskStorageProvider) SaveKey(ctx context.Context, keyID string, data []byte, overwrite bool) error
- type Error
- type KeyIDList
- type MasterKeyProvider
- type RawData
- type StorageProvider
Constants ¶
const ( EcodeKeyNotFound = 100 ECodeCryptoError = 101 EcodeInvalidArgument = 200 EcodeUnknown = 500 )
ErrorCodes
Variables ¶
var ( CustomerAESKeyType = "aes" MasterKeyType = "masterkey" )
Type of key
var ErrorCodes = map[int]codes.Code{ EcodeKeyNotFound: codes.NotFound, ECodeCryptoError: codes.Internal, EcodeInvalidArgument: codes.InvalidArgument, EcodeUnknown: codes.Unknown, }
ErrorCodes is a list of grpc Codes that maps to an Error Code
var ErrorMessages = map[int]string{
EcodeKeyNotFound: "Key not found",
ECodeCryptoError: "Crypto error",
EcodeInvalidArgument: "Invalid argument",
EcodeUnknown: "Unknown error",
}
ErrorMessages is a list of errors messages mapped to an error code
Functions ¶
Types ¶
type ArxMasterKeyProvider ¶
type ArxMasterKeyProvider struct {
// contains filtered or unexported fields
}
ArxMasterKeyProvider is an implementation of acquiring a MASTER key using a derived key
func NewArxMasterKeyProvider ¶
func NewArxMasterKeyProvider(passphrase string) (*ArxMasterKeyProvider, error)
NewArxMasterKeyProvider ...
func (*ArxMasterKeyProvider) GetKey ¶
func (mkp *ArxMasterKeyProvider) GetKey(ctx context.Context) ([]byte, error)
GetKey will return the master key
func (*ArxMasterKeyProvider) Passphrase ¶
func (mkp *ArxMasterKeyProvider) Passphrase(passphrase string)
Passphrase sets the provider pass phrase
type BoltStorageProvider ¶
type BoltStorageProvider struct {
// contains filtered or unexported fields
}
BoltStorageProvider ...
func NewBoltStorageProvider ¶
func NewBoltStorageProvider(boltdb string) (*BoltStorageProvider, error)
NewBoltStorageProvider ...
func (BoltStorageProvider) ListCustomerKeyIDs ¶
func (sp BoltStorageProvider) ListCustomerKeyIDs(ctx context.Context) ([]string, error)
ListCustomerKeyIDs - List available keys
type CassandraStorageProvider ¶
type CassandraStorageProvider struct {
// contains filtered or unexported fields
}
CassandraStorageProvider ...
func NewCassandraStorageProvider ¶
func NewCassandraStorageProvider(cassandradb string) (*CassandraStorageProvider, error)
NewCassandraStorageProvider ...
func (CassandraStorageProvider) Close ¶
func (sp CassandraStorageProvider) Close()
Close will do nothing
func (CassandraStorageProvider) ListCustomerKeyIDs ¶
func (sp CassandraStorageProvider) ListCustomerKeyIDs(ctx context.Context) ([]string, error)
ListCustomerKeyIDs - List available keys
type CouchbaseStorageProvider ¶
type CouchbaseStorageProvider struct {
// contains filtered or unexported fields
}
CouchbaseStorageProvider ...
func NewCouchbaseStorageProvider ¶
func NewCouchbaseStorageProvider(cbhost, cbbucket string) (CouchbaseStorageProvider, error)
NewCouchbaseStorageProvider ...
func (CouchbaseStorageProvider) Close ¶
func (sp CouchbaseStorageProvider) Close()
Close will close the connection
func (CouchbaseStorageProvider) ListCustomerKeyIDs ¶
func (sp CouchbaseStorageProvider) ListCustomerKeyIDs(ctx context.Context) ([]string, error)
ListCustomerKeyIDs - List available keys
type CryptoProvider ¶
type CryptoProvider interface { CreateKey(ctx context.Context, description string) (*arxpb.KeyMetadata, error) ListKeys(ctx context.Context) ([]*arxpb.KeyMetadata, error) GetKey(ctx context.Context, KeyID string) (*arxpb.Key, error) EnableKey(ctx context.Context, KeyID string) (*arxpb.KeyMetadata, error) DisableKey(ctx context.Context, KeyID string) (*arxpb.KeyMetadata, error) RotateKey(ctx context.Context, KeyID string) error Encrypt(ctx context.Context, data []byte, KeyID string) ([]byte, error) Decrypt(ctx context.Context, data []byte) ([]byte, string, error) ReEncrypt(ctx context.Context, data []byte, KeyID string) ([]byte, string, error) }
CryptoProvider provides an interface for crypto provider solutions
var KmsCrypto CryptoProvider
KmsCrypto is the crypto provider for the kms
type DefaultCryptoProvider ¶
type DefaultCryptoProvider struct {
MasterKey []byte
}
DefaultCryptoProvider is an implementation of encryption using a local storage
func NewDefaultCryptoProvider ¶
func NewDefaultCryptoProvider() (*DefaultCryptoProvider, error)
NewDefaultCryptoProvider ...
func (DefaultCryptoProvider) CreateKey ¶
func (cp DefaultCryptoProvider) CreateKey(ctx context.Context, description string) (*arxpb.KeyMetadata, error)
CreateKey will create a new key
func (DefaultCryptoProvider) DisableKey ¶
func (cp DefaultCryptoProvider) DisableKey(ctx context.Context, KeyID string) (*arxpb.KeyMetadata, error)
DisableKey - will mark a key as disabled
func (DefaultCryptoProvider) EnableKey ¶
func (cp DefaultCryptoProvider) EnableKey(ctx context.Context, KeyID string) (*arxpb.KeyMetadata, error)
EnableKey - will mark a key as enabled
func (DefaultCryptoProvider) Encrypt ¶
func (cp DefaultCryptoProvider) Encrypt(ctx context.Context, data []byte, KeyID string) ([]byte, error)
Encrypt will encrypt the data using the HSM
func (DefaultCryptoProvider) ListKeys ¶
func (cp DefaultCryptoProvider) ListKeys(ctx context.Context) ([]*arxpb.KeyMetadata, error)
ListKeys will list the available keys
func (DefaultCryptoProvider) ReEncrypt ¶
func (cp DefaultCryptoProvider) ReEncrypt(ctx context.Context, data []byte, KeyID string) ([]byte, string, error)
ReEncrypt will decrypt with the current key, and rencrypt with the new key id
type DiskStorageProvider ¶
type DiskStorageProvider struct {
// contains filtered or unexported fields
}
DiskStorageProvider is an implementation of a simple disk storage
func NewDiskStorageProvider ¶
func NewDiskStorageProvider(path string) (DiskStorageProvider, error)
NewDiskStorageProvider ...
func (DiskStorageProvider) ListCustomerKeyIDs ¶
func (sp DiskStorageProvider) ListCustomerKeyIDs(ctx context.Context) ([]string, error)
ListCustomerKeyIDs - List available keys
type Error ¶
type Error struct {
// contains filtered or unexported fields
}
Error is an internal KMS error
type MasterKeyProvider ¶
MasterKeyProvider provides a mechanism to load a master key
var MasterKeyStore MasterKeyProvider
MasterKeyStore is the current master key provider
type StorageProvider ¶
type StorageProvider interface { SaveKey(ctx context.Context, keyID string, data []byte, overwrite bool) error GetKey(ctx context.Context, keyID string) ([]byte, error) ListCustomerKeyIDs(ctx context.Context) ([]string, error) Close() }
StorageProvider is an interface to storage providers
var Storage StorageProvider
Storage is the current storage provider