Documentation
¶
Index ¶
Constants ¶
View Source
const (
// KmsLabel is the label for the AWS KMS.
KmsLabel = "kms"
)
Variables ¶
This section is empty.
Functions ¶
func GetDefaultKeyManager ¶
func GetDefaultKeyManager() string
GetDefaultKeyManager returns the default key manager label.
func GetKeyManagers ¶
func GetKeyManagers() []string
GetKeyManagers returns a list of registered key managers.
Types ¶
type ARN ¶
type ARN struct {
Partition,
Service,
Region,
AccountID,
ResourceType,
Resource string
// contains filtered or unexported fields
}
ARN represents the ARN as documented by http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
func (*ARN) IsKmsAlias ¶
IsKmsAlias returns true iff the ARN represents a KMS Alias.
type EnvelopeKey ¶
type EnvelopeKey struct {
// ResolvedID is the fully qualified key ID.
ResolvedID string
// Plaintext is the plaintext encryption key.
Plaintext []byte
// Ciphertext is the ciphertext of the encryption key, encrypted with a key that is managed
// by the key manager.
Ciphertext []byte
}
EnvelopeKey represents the key used in envelope encryption.
func (*EnvelopeKey) GetPlaintextKey ¶
func (e *EnvelopeKey) GetPlaintextKey() *[32]byte
GetPlaintextKey returns the Plaintext key as a byte array.
type KeyManager ¶
type KeyManager interface {
GenerateEnvelopeKey(keyID, secretID string) (EnvelopeKey, error)
Decrypt(keyID string, keyMetadata []byte, secretID string) ([]byte, error)
Label() string
}
KeyManager represents a service that can generate envelope keys and provide decryption keys.
func New ¶
func New(label string) (KeyManager, error)
New returns a KeyManager of the requested type.
type Kms ¶
type Kms struct{}
Kms is a KeyManager for AWS KMS.
func (*Kms) GenerateEnvelopeKey ¶
func (k *Kms) GenerateEnvelopeKey(keyID string, secretID string) (EnvelopeKey, error)
GenerateEnvelopeKey generates an EnvelopeKey under a specific KeyID.
Source Files
Click to show internal directories.
Click to hide internal directories.