Documentation ¶
Overview ¶
Package vault implements envelop encryption provider based on Vault KMS
Package vault implements envelop encryption provider based on Vault KMS
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type EnvelopeConfig ¶
type EnvelopeConfig struct { // The names of encryption key for Vault transit communication KeyNames []string `json:"keyNames"` // Vault listen address, for example https://localhost:8200 Address string `json:"addr"` // Token authentication information Token string `json:"token"` // TLS certificate authentication information ClientCert string `json:"clientCert"` ClientKey string `json:"clientKey"` // AppRole authentication information RoleID string `json:"roleID"` SecretID string `json:"secretID"` // CACert is the path to a PEM-encoded CA cert file to use to verify the // Vault server SSL certificate. VaultCACert string `json:"vaultCACert"` // TLSServerName, if set, is used to set the SNI host when connecting via TLS. TLSServerName string `json:"tlsServerName"` // The path for transit API, default is "transit" TransitPath string `json:"transitPath"` // The path for auth backend, default is "auth" AuthPath string `json:"authPath"` }
EnvelopeConfig contains connection information for Vault transformer
type VaultEnvelopeService ¶
type VaultEnvelopeService struct {
// contains filtered or unexported fields
}
func KMSFactory ¶
func KMSFactory(configFile io.Reader) (*VaultEnvelopeService, error)
KMSFactory function creates Vault KMS service
Click to show internal directories.
Click to hide internal directories.