kms

package
v0.0.0-...-fcfbbb9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 11, 2019 License: GPL-3.0 Imports: 19 Imported by: 0

Documentation

Overview

Package kms is a Key Management Service written in go

Current version: production

Index

Constants

View Source 
const (
	EcodeKeyNotFound = 100
	ECodeCryptoError = 101

	EcodeInvalidArgument = 200

	EcodeUnknown = 500
)

ErrorCodes

Variables

View Source 
var (
	CustomerAESKeyType = "aes"
	MasterKeyType      = "masterkey"
)

Type of key

View Source 
var ErrorCodes = map[int]codes.Code{
	EcodeKeyNotFound:     codes.NotFound,
	ECodeCryptoError:     codes.Internal,
	EcodeInvalidArgument: codes.InvalidArgument,
	EcodeUnknown:         codes.Unknown,
}

ErrorCodes is a list of grpc Codes that maps to an Error Code

View Source 
var ErrorMessages = map[int]string{
	EcodeKeyNotFound:     "Key not found",
	ECodeCryptoError:     "Crypto error",
	EcodeInvalidArgument: "Invalid argument",
	EcodeUnknown:         "Unknown error",
}

ErrorMessages is a list of errors messages mapped to an error code

Functions

func NewError 

func NewError(errorCode int) error

NewError will create a new KmsError

Types

type ArxMasterKeyProvider 

type ArxMasterKeyProvider struct {
	// contains filtered or unexported fields
}

ArxMasterKeyProvider is an implementation of acquiring a MASTER key using a derived key

func NewArxMasterKeyProvider 

func NewArxMasterKeyProvider(passphrase string) (*ArxMasterKeyProvider, error)

NewArxMasterKeyProvider ...

func (*ArxMasterKeyProvider) GetKey 

func (mkp *ArxMasterKeyProvider) GetKey(ctx context.Context) ([]byte, error)

GetKey will return the master key

func (*ArxMasterKeyProvider) Passphrase 

func (mkp *ArxMasterKeyProvider) Passphrase(passphrase string)

Passphrase sets the provider pass phrase

type BoltStorageProvider 

type BoltStorageProvider struct {
	// contains filtered or unexported fields
}

BoltStorageProvider ...

func NewBoltStorageProvider 

func NewBoltStorageProvider(boltdb string) (*BoltStorageProvider, error)

NewBoltStorageProvider ...

func (BoltStorageProvider) Close 

func (sp BoltStorageProvider) Close()

Close will do nothing

func (BoltStorageProvider) GetKey 

func (sp BoltStorageProvider) GetKey(ctx context.Context, keyID string) ([]byte, error)

GetKey - Read a key from disk

func (BoltStorageProvider) ListCustomerKeyIDs 

func (sp BoltStorageProvider) ListCustomerKeyIDs(ctx context.Context) ([]string, error)

ListCustomerKeyIDs - List available keys

func (BoltStorageProvider) SaveKey 

func (sp BoltStorageProvider) SaveKey(ctx context.Context, keyID string, data []byte, overwrite bool) error

SaveKey - Persist a key

type CassandraStorageProvider 

type CassandraStorageProvider struct {
	// contains filtered or unexported fields
}

CassandraStorageProvider ...

func NewCassandraStorageProvider 

func NewCassandraStorageProvider(cassandradb string) (*CassandraStorageProvider, error)

NewCassandraStorageProvider ...

func (CassandraStorageProvider) Close 

func (sp CassandraStorageProvider) Close()

Close will do nothing

func (CassandraStorageProvider) GetKey 

func (sp CassandraStorageProvider) GetKey(ctx context.Context, keyID string) ([]byte, error)

GetKey - Read a key from disk

func (CassandraStorageProvider) ListCustomerKeyIDs 

func (sp CassandraStorageProvider) ListCustomerKeyIDs(ctx context.Context) ([]string, error)

ListCustomerKeyIDs - List available keys

func (CassandraStorageProvider) SaveKey 

func (sp CassandraStorageProvider) SaveKey(ctx context.Context, keyID string, data []byte, overwrite bool) error

SaveKey - Persist a key

type CouchbaseStorageProvider 

type CouchbaseStorageProvider struct {
	// contains filtered or unexported fields
}

CouchbaseStorageProvider ...

func NewCouchbaseStorageProvider 

func NewCouchbaseStorageProvider(cbhost, cbbucket string) (CouchbaseStorageProvider, error)

NewCouchbaseStorageProvider ...

func (CouchbaseStorageProvider) Close 

func (sp CouchbaseStorageProvider) Close()

Close will close the connection

func (CouchbaseStorageProvider) GetKey 

func (sp CouchbaseStorageProvider) GetKey(ctx context.Context, keyID string) ([]byte, error)

GetKey - Read a key from disk

func (CouchbaseStorageProvider) ListCustomerKeyIDs 

func (sp CouchbaseStorageProvider) ListCustomerKeyIDs(ctx context.Context) ([]string, error)

ListCustomerKeyIDs - List available keys

func (CouchbaseStorageProvider) SaveKey 

func (sp CouchbaseStorageProvider) SaveKey(ctx context.Context, keyID string, data []byte, overwrite bool) error

SaveKey - Persist a key to disk

type CryptoProvider 

type CryptoProvider interface {
	CreateKey(ctx context.Context, description string) (*arxpb.KeyMetadata, error)
	ListKeys(ctx context.Context) ([]*arxpb.KeyMetadata, error)
	GetKey(ctx context.Context, KeyID string) (*arxpb.Key, error)
	EnableKey(ctx context.Context, KeyID string) (*arxpb.KeyMetadata, error)
	DisableKey(ctx context.Context, KeyID string) (*arxpb.KeyMetadata, error)
	RotateKey(ctx context.Context, KeyID string) error
	Encrypt(ctx context.Context, data []byte, KeyID string) ([]byte, error)
	Decrypt(ctx context.Context, data []byte) ([]byte, string, error)
	ReEncrypt(ctx context.Context, data []byte, KeyID string) ([]byte, string, error)
}

CryptoProvider provides an interface for crypto provider solutions 

var KmsCrypto CryptoProvider

KmsCrypto is the crypto provider for the kms

type DefaultCryptoProvider 

type DefaultCryptoProvider struct {
	MasterKey []byte
}

DefaultCryptoProvider is an implementation of encryption using a local storage

func NewDefaultCryptoProvider 

func NewDefaultCryptoProvider() (*DefaultCryptoProvider, error)

NewDefaultCryptoProvider ...

func (DefaultCryptoProvider) CreateKey 

func (cp DefaultCryptoProvider) CreateKey(ctx context.Context, description string) (*arxpb.KeyMetadata, error)

CreateKey will create a new key

func (DefaultCryptoProvider) Decrypt 

func (cp DefaultCryptoProvider) Decrypt(ctx context.Context, data []byte) ([]byte, string, error)

Decrypt will decrypt the data using the HSM

func (DefaultCryptoProvider) DisableKey 

func (cp DefaultCryptoProvider) DisableKey(ctx context.Context, KeyID string) (*arxpb.KeyMetadata, error)

DisableKey - will mark a key as disabled

func (DefaultCryptoProvider) EnableKey 

func (cp DefaultCryptoProvider) EnableKey(ctx context.Context, KeyID string) (*arxpb.KeyMetadata, error)

EnableKey - will mark a key as enabled

func (DefaultCryptoProvider) Encrypt 

func (cp DefaultCryptoProvider) Encrypt(ctx context.Context, data []byte, KeyID string) ([]byte, error)

Encrypt will encrypt the data using the HSM

func (DefaultCryptoProvider) GetKey 

func (cp DefaultCryptoProvider) GetKey(ctx context.Context, KeyID string) (*arxpb.Key, error)

GetKey from the the store

func (DefaultCryptoProvider) ListKeys 

func (cp DefaultCryptoProvider) ListKeys(ctx context.Context) ([]*arxpb.KeyMetadata, error)

ListKeys will list the available keys

func (DefaultCryptoProvider) ReEncrypt 

func (cp DefaultCryptoProvider) ReEncrypt(ctx context.Context, data []byte, KeyID string) ([]byte, string, error)

ReEncrypt will decrypt with the current key, and rencrypt with the new key id

func (DefaultCryptoProvider) RotateKey 

func (cp DefaultCryptoProvider) RotateKey(ctx context.Context, KeyID string) error

RotateKey will create a new version of a key while preserving the old key

func (DefaultCryptoProvider) SaveKey 

func (cp DefaultCryptoProvider) SaveKey(ctx context.Context, key *arxpb.Key, add bool) error

SaveKey will persist a key to disk

type DiskStorageProvider 

type DiskStorageProvider struct {
	// contains filtered or unexported fields
}

DiskStorageProvider is an implementation of a simple disk storage

func NewDiskStorageProvider 

func NewDiskStorageProvider(path string) (DiskStorageProvider, error)

NewDiskStorageProvider ...

func (DiskStorageProvider) Close 

func (sp DiskStorageProvider) Close()

Close will do nothing

func (DiskStorageProvider) GetKey 

func (sp DiskStorageProvider) GetKey(ctx context.Context, keyID string) ([]byte, error)

GetKey - Read a key from disk

func (DiskStorageProvider) ListCustomerKeyIDs 

func (sp DiskStorageProvider) ListCustomerKeyIDs(ctx context.Context) ([]string, error)

ListCustomerKeyIDs - List available keys

func (DiskStorageProvider) SaveKey 

func (sp DiskStorageProvider) SaveKey(ctx context.Context, keyID string, data []byte, overwrite bool) error

SaveKey - Persist a key to disk

type Error 

type Error struct {
	// contains filtered or unexported fields
}

Error is an internal KMS error

func (*Error) Error 

func (kmsError *Error) Error() string

Error ...

func (Error) GrpcError 

func (kmsError Error) GrpcError() error

GrpcError will return a grpc format error

type KeyIDList 

type KeyIDList struct {
	KeyIDs []string
}

KeyIDList - A list of key IDs

type MasterKeyProvider 

type MasterKeyProvider interface {
	GetKey(ctx context.Context) ([]byte, error)
}

MasterKeyProvider provides a mechanism to load a master key 

var MasterKeyStore MasterKeyProvider

MasterKeyStore is the current master key provider

type RawData 

type RawData struct {
	Data []byte
}

RawData type for json marshalling

type StorageProvider 

type StorageProvider interface {
	SaveKey(ctx context.Context, keyID string, data []byte, overwrite bool) error
	GetKey(ctx context.Context, keyID string) ([]byte, error)
	ListCustomerKeyIDs(ctx context.Context) ([]string, error)
	Close()
}

StorageProvider is an interface to storage providers 

var Storage StorageProvider

Storage is the current storage provider

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.