Documentation ¶
Overview ¶
Package keyservice implements a gRPC API that can be used by SOPS to encrypt and decrypt the data key using remote master keys.
Package keyservice is a generated protocol buffer package.
It is generated from these files:
keyservice/keyservice.proto
It has these top-level messages:
Key PgpKey KmsKey GcpKmsKey AzureKeyVaultKey EncryptRequest EncryptResponse DecryptRequest DecryptResponse
Index ¶
- func RegisterKeyServiceServer(s *grpc.Server, srv KeyServiceServer)
- type AzureKeyVaultKey
- func (*AzureKeyVaultKey) Descriptor() ([]byte, []int)
- func (m *AzureKeyVaultKey) GetName() string
- func (m *AzureKeyVaultKey) GetVaultUrl() string
- func (m *AzureKeyVaultKey) GetVersion() string
- func (*AzureKeyVaultKey) ProtoMessage()
- func (m *AzureKeyVaultKey) Reset()
- func (m *AzureKeyVaultKey) String() string
- type DecryptRequest
- type DecryptResponse
- type EncryptRequest
- type EncryptResponse
- type GcpKmsKey
- type Key
- func (*Key) Descriptor() ([]byte, []int)
- func (m *Key) GetAzureKeyvaultKey() *AzureKeyVaultKey
- func (m *Key) GetGcpKmsKey() *GcpKmsKey
- func (m *Key) GetKeyType() isKey_KeyType
- func (m *Key) GetKmsKey() *KmsKey
- func (m *Key) GetPgpKey() *PgpKey
- func (*Key) ProtoMessage()
- func (m *Key) Reset()
- func (m *Key) String() string
- func (*Key) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, ...)
- type KeyServiceClient
- type KeyServiceServer
- type Key_AzureKeyvaultKey
- type Key_GcpKmsKey
- type Key_KmsKey
- type Key_PgpKey
- type KmsKey
- type LocalClient
- type PgpKey
- type Server
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RegisterKeyServiceServer ¶
func RegisterKeyServiceServer(s *grpc.Server, srv KeyServiceServer)
Types ¶
type AzureKeyVaultKey ¶
type AzureKeyVaultKey struct { VaultUrl string `protobuf:"bytes,1,opt,name=vault_url,json=vaultUrl" json:"vault_url,omitempty"` Name string `protobuf:"bytes,2,opt,name=name" json:"name,omitempty"` Version string `protobuf:"bytes,3,opt,name=version" json:"version,omitempty"` }
func (*AzureKeyVaultKey) Descriptor ¶
func (*AzureKeyVaultKey) Descriptor() ([]byte, []int)
func (*AzureKeyVaultKey) GetName ¶
func (m *AzureKeyVaultKey) GetName() string
func (*AzureKeyVaultKey) GetVaultUrl ¶
func (m *AzureKeyVaultKey) GetVaultUrl() string
func (*AzureKeyVaultKey) GetVersion ¶
func (m *AzureKeyVaultKey) GetVersion() string
func (*AzureKeyVaultKey) ProtoMessage ¶
func (*AzureKeyVaultKey) ProtoMessage()
func (*AzureKeyVaultKey) Reset ¶
func (m *AzureKeyVaultKey) Reset()
func (*AzureKeyVaultKey) String ¶
func (m *AzureKeyVaultKey) String() string
type DecryptRequest ¶
type DecryptRequest struct { Key *Key `protobuf:"bytes,1,opt,name=key" json:"key,omitempty"` Ciphertext []byte `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` }
func (*DecryptRequest) Descriptor ¶
func (*DecryptRequest) Descriptor() ([]byte, []int)
func (*DecryptRequest) GetCiphertext ¶
func (m *DecryptRequest) GetCiphertext() []byte
func (*DecryptRequest) GetKey ¶
func (m *DecryptRequest) GetKey() *Key
func (*DecryptRequest) ProtoMessage ¶
func (*DecryptRequest) ProtoMessage()
func (*DecryptRequest) Reset ¶
func (m *DecryptRequest) Reset()
func (*DecryptRequest) String ¶
func (m *DecryptRequest) String() string
type DecryptResponse ¶
type DecryptResponse struct {
Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"`
}
func (*DecryptResponse) Descriptor ¶
func (*DecryptResponse) Descriptor() ([]byte, []int)
func (*DecryptResponse) GetPlaintext ¶
func (m *DecryptResponse) GetPlaintext() []byte
func (*DecryptResponse) ProtoMessage ¶
func (*DecryptResponse) ProtoMessage()
func (*DecryptResponse) Reset ¶
func (m *DecryptResponse) Reset()
func (*DecryptResponse) String ¶
func (m *DecryptResponse) String() string
type EncryptRequest ¶
type EncryptRequest struct { Key *Key `protobuf:"bytes,1,opt,name=key" json:"key,omitempty"` Plaintext []byte `protobuf:"bytes,2,opt,name=plaintext,proto3" json:"plaintext,omitempty"` }
func (*EncryptRequest) Descriptor ¶
func (*EncryptRequest) Descriptor() ([]byte, []int)
func (*EncryptRequest) GetKey ¶
func (m *EncryptRequest) GetKey() *Key
func (*EncryptRequest) GetPlaintext ¶
func (m *EncryptRequest) GetPlaintext() []byte
func (*EncryptRequest) ProtoMessage ¶
func (*EncryptRequest) ProtoMessage()
func (*EncryptRequest) Reset ¶
func (m *EncryptRequest) Reset()
func (*EncryptRequest) String ¶
func (m *EncryptRequest) String() string
type EncryptResponse ¶
type EncryptResponse struct {
Ciphertext []byte `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
}
func (*EncryptResponse) Descriptor ¶
func (*EncryptResponse) Descriptor() ([]byte, []int)
func (*EncryptResponse) GetCiphertext ¶
func (m *EncryptResponse) GetCiphertext() []byte
func (*EncryptResponse) ProtoMessage ¶
func (*EncryptResponse) ProtoMessage()
func (*EncryptResponse) Reset ¶
func (m *EncryptResponse) Reset()
func (*EncryptResponse) String ¶
func (m *EncryptResponse) String() string
type GcpKmsKey ¶
type GcpKmsKey struct {
ResourceId string `protobuf:"bytes,1,opt,name=resource_id,json=resourceId" json:"resource_id,omitempty"`
}
func (*GcpKmsKey) Descriptor ¶
func (*GcpKmsKey) GetResourceId ¶
func (*GcpKmsKey) ProtoMessage ¶
func (*GcpKmsKey) ProtoMessage()
type Key ¶
type Key struct { // Types that are valid to be assigned to KeyType: // *Key_KmsKey // *Key_PgpKey // *Key_GcpKmsKey // *Key_AzureKeyvaultKey KeyType isKey_KeyType `protobuf_oneof:"key_type"` }
func KeyFromMasterKey ¶
KeyFromMasterKey converts a SOPS internal MasterKey to an RPC Key that can be serialized with Protocol Buffers
func (*Key) Descriptor ¶
func (*Key) GetAzureKeyvaultKey ¶
func (m *Key) GetAzureKeyvaultKey() *AzureKeyVaultKey
func (*Key) GetGcpKmsKey ¶
func (*Key) GetKeyType ¶
func (m *Key) GetKeyType() isKey_KeyType
func (*Key) ProtoMessage ¶
func (*Key) ProtoMessage()
type KeyServiceClient ¶
type KeyServiceClient interface { Encrypt(ctx context.Context, in *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error) Decrypt(ctx context.Context, in *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error) }
func NewKeyServiceClient ¶
func NewKeyServiceClient(cc *grpc.ClientConn) KeyServiceClient
type KeyServiceServer ¶
type KeyServiceServer interface { Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error) Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error) }
type Key_AzureKeyvaultKey ¶
type Key_AzureKeyvaultKey struct {
AzureKeyvaultKey *AzureKeyVaultKey `protobuf:"bytes,4,opt,name=azure_keyvault_key,json=azureKeyvaultKey,oneof"`
}
type Key_GcpKmsKey ¶
type Key_GcpKmsKey struct {
GcpKmsKey *GcpKmsKey `protobuf:"bytes,3,opt,name=gcp_kms_key,json=gcpKmsKey,oneof"`
}
type Key_KmsKey ¶
type Key_KmsKey struct {
KmsKey *KmsKey `protobuf:"bytes,1,opt,name=kms_key,json=kmsKey,oneof"`
}
type Key_PgpKey ¶
type Key_PgpKey struct {
PgpKey *PgpKey `protobuf:"bytes,2,opt,name=pgp_key,json=pgpKey,oneof"`
}
type KmsKey ¶
type KmsKey struct { Arn string `protobuf:"bytes,1,opt,name=arn" json:"arn,omitempty"` Role string `protobuf:"bytes,2,opt,name=role" json:"role,omitempty"` Context map[string]string `` /* 134-byte string literal not displayed */ AwsProfile string `protobuf:"bytes,4,opt,name=aws_profile" json:"aws_profile,omitempty"` }
func (*KmsKey) Descriptor ¶
func (*KmsKey) GetContext ¶
func (*KmsKey) ProtoMessage ¶
func (*KmsKey) ProtoMessage()
type LocalClient ¶
type LocalClient struct {
Server Server
}
LocalClient is a key service client that performs all operations locally
func (LocalClient) Decrypt ¶
func (c LocalClient) Decrypt(ctx context.Context, req *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error)
Decrypt processes a decrypt request locally See keyservice/server.go for more details
func (LocalClient) Encrypt ¶
func (c LocalClient) Encrypt(ctx context.Context, req *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error)
Encrypt processes an encrypt request locally See keyservice/server.go for more details
type PgpKey ¶
type PgpKey struct {
Fingerprint string `protobuf:"bytes,1,opt,name=fingerprint" json:"fingerprint,omitempty"`
}
func (*PgpKey) Descriptor ¶
func (*PgpKey) GetFingerprint ¶
func (*PgpKey) ProtoMessage ¶
func (*PgpKey) ProtoMessage()
type Server ¶
type Server struct { // Prompt indicates whether the server should prompt before decrypting or encrypting data Prompt bool }
Server is a key service server that uses SOPS MasterKeys to fulfill requests
func (Server) Decrypt ¶
func (ks Server) Decrypt(ctx context.Context, req *DecryptRequest) (*DecryptResponse, error)
Decrypt takes a decrypt request and decrypts the provided ciphertext with the provided key, returning the decrypted result
func (Server) Encrypt ¶
func (ks Server) Encrypt(ctx context.Context, req *EncryptRequest) (*EncryptResponse, error)
Encrypt takes an encrypt request and encrypts the provided plaintext with the provided key, returning the encrypted result