awsv4signer

package module

v0.0.0-...-d548e4a Latest Latest Go to latest Published: Sep 23, 2021 License: Apache-2.0 Imports: 8 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/psanford/awsv4signer

Links

Open Source Insights

README ¶

awsv4signer: aws-sdk-go pluggable request signer

awsv4signer is a fork of the aws-sdk-go v4 signer that allows you to provide your own HMAC hasher. The envisioned use-case for this is to allow you to store your AWS API keys in hardware (a TPM) that supports HMAC operations.

Usage

aws-sdk-go allows you to replace the request signer on a per service basis.

func listBucket(accessKeyID, secretAccessKey, bucket string) {
	s := awsv4signer.Signer{
		AccessKeyID:               accessKeyID,
		SecretAccessKeyHmacSha256: awsv4signer.StaticAccessKeyHmac(secretAccessKey),
	}

	sess := session.New(&aws.Config{
		Region: region,
	})
	svc := s3.New(sess)

	// remove the default v4 signing handler
	svc.Handlers.Sign.RemoveByName(v4.SignRequestHandler.Name)
	// add our signing handler
	svc.Handlers.Sign.PushBack(s.SignSDKRequest)

	resp, err := svc.ListObjects(&s3.ListObjectsInput{
		Bucket: aws.String(bucket),
	})
	if err != nil {
		panic(err)
	}

	for _, obj := range resp.Contents {
		fmt.Printf("%s\n", *obj.Key)
	}
}

The above example can be found in examples/s3ls.

For a working example of storing your secret access key in your TPM, see examples/tpmsigner.

Copyright

Code in internal/awssign is derived from https://github.com/aws/aws-sdk-go. Copyright for that code can be found in NOTICE.txt.

Credits

This work was inspired by the demo @salrashid123's demo in https://github.com/salrashid123/aws_hmac.

Documentation ¶

Index ¶

func StaticAccessKeyHmac(secretAccessKey string) func() hash.Hash
type Option
type Signer

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func StaticAccessKeyHmac ¶

func StaticAccessKeyHmac(secretAccessKey string) func() hash.Hash

Types ¶

type Option ¶

type Option interface {
	// contains filtered or unexported methods
}

type Signer ¶

type Signer struct {
	AccessKeyID string
	// SecretAccessKeyHmacSha256 should return a new hash.Hash every time it is called.
	// The key for this hmac must be the string: "AWS4"+SecretAccessKey
	// A common implementation will be to return hmac.New() from this function.
	SecretAccessKeyHmacSha256 func() hash.Hash
	SessionToken              string
}

func (*Signer) Presign ¶

func (s *Signer) Presign(r *http.Request, body io.ReadSeeker, service, region string, exp time.Duration, signTime time.Time) (http.Header, error)

func (*Signer) Sign ¶

func (s *Signer) Sign(r *http.Request, body io.ReadSeeker, service, region string, signTime time.Time) (http.Header, error)

func (*Signer) SignSDKRequest ¶

func (s *Signer) SignSDKRequest(req *request.Request)

func (*Signer) SignSDKRequestWithOpts ¶

func (s *Signer) SignSDKRequestWithOpts(req *request.Request, opts ...Option)

Source Files ¶

View all Source files

awsv4signer.go

Directories ¶

Path	Synopsis
examples
s3ls
tpmsigner
internal
awssign

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL