import "go.mozilla.org/sops/v3/keyservice"
Package keyservice implements a gRPC API that can be used by SOPS to encrypt and decrypt the data key using remote master keys.
client.go keyservice.go keyservice.pb.go server.go
func RegisterKeyServiceServer(s *grpc.Server, srv KeyServiceServer)
type AzureKeyVaultKey struct { VaultUrl string `protobuf:"bytes,1,opt,name=vault_url,json=vaultUrl,proto3" json:"vault_url,omitempty"` Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` Version string `protobuf:"bytes,3,opt,name=version,proto3" json:"version,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
func (*AzureKeyVaultKey) Descriptor() ([]byte, []int)
func (m *AzureKeyVaultKey) GetName() string
func (m *AzureKeyVaultKey) GetVaultUrl() string
func (m *AzureKeyVaultKey) GetVersion() string
func (*AzureKeyVaultKey) ProtoMessage()
func (m *AzureKeyVaultKey) Reset()
func (m *AzureKeyVaultKey) String() string
func (m *AzureKeyVaultKey) XXX_DiscardUnknown()
func (m *AzureKeyVaultKey) XXX_Merge(src proto.Message)
func (m *AzureKeyVaultKey) XXX_Size() int
func (m *AzureKeyVaultKey) XXX_Unmarshal(b []byte) error
type DecryptRequest struct { Key *Key `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` Ciphertext []byte `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
func (*DecryptRequest) Descriptor() ([]byte, []int)
func (m *DecryptRequest) GetCiphertext() []byte
func (m *DecryptRequest) GetKey() *Key
func (*DecryptRequest) ProtoMessage()
func (m *DecryptRequest) Reset()
func (m *DecryptRequest) String() string
func (m *DecryptRequest) XXX_DiscardUnknown()
func (m *DecryptRequest) XXX_Merge(src proto.Message)
func (m *DecryptRequest) XXX_Size() int
func (m *DecryptRequest) XXX_Unmarshal(b []byte) error
type DecryptResponse struct { Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
func (*DecryptResponse) Descriptor() ([]byte, []int)
func (m *DecryptResponse) GetPlaintext() []byte
func (*DecryptResponse) ProtoMessage()
func (m *DecryptResponse) Reset()
func (m *DecryptResponse) String() string
func (m *DecryptResponse) XXX_DiscardUnknown()
func (m *DecryptResponse) XXX_Merge(src proto.Message)
func (m *DecryptResponse) XXX_Size() int
func (m *DecryptResponse) XXX_Unmarshal(b []byte) error
type EncryptRequest struct { Key *Key `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` Plaintext []byte `protobuf:"bytes,2,opt,name=plaintext,proto3" json:"plaintext,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
func (*EncryptRequest) Descriptor() ([]byte, []int)
func (m *EncryptRequest) GetKey() *Key
func (m *EncryptRequest) GetPlaintext() []byte
func (*EncryptRequest) ProtoMessage()
func (m *EncryptRequest) Reset()
func (m *EncryptRequest) String() string
func (m *EncryptRequest) XXX_DiscardUnknown()
func (m *EncryptRequest) XXX_Merge(src proto.Message)
func (m *EncryptRequest) XXX_Size() int
func (m *EncryptRequest) XXX_Unmarshal(b []byte) error
type EncryptResponse struct { Ciphertext []byte `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
func (*EncryptResponse) Descriptor() ([]byte, []int)
func (m *EncryptResponse) GetCiphertext() []byte
func (*EncryptResponse) ProtoMessage()
func (m *EncryptResponse) Reset()
func (m *EncryptResponse) String() string
func (m *EncryptResponse) XXX_DiscardUnknown()
func (m *EncryptResponse) XXX_Merge(src proto.Message)
func (m *EncryptResponse) XXX_Size() int
func (m *EncryptResponse) XXX_Unmarshal(b []byte) error
type GcpKmsKey struct { ResourceId string `protobuf:"bytes,1,opt,name=resource_id,json=resourceId,proto3" json:"resource_id,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
type Key struct { // Types that are valid to be assigned to KeyType: // *Key_KmsKey // *Key_PgpKey // *Key_GcpKmsKey // *Key_AzureKeyvaultKey // *Key_VaultKey KeyType isKey_KeyType `protobuf_oneof:"key_type"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
KeyFromMasterKey converts a SOPS internal MasterKey to an RPC Key that can be serialized with Protocol Buffers
func (m *Key) GetAzureKeyvaultKey() *AzureKeyVaultKey
XXX_OneofWrappers is for the internal use of the proto package.
type KeyServiceClient interface { Encrypt(ctx context.Context, in *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error) Decrypt(ctx context.Context, in *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error) }
KeyServiceClient is the client API for KeyService service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
func NewKeyServiceClient(cc *grpc.ClientConn) KeyServiceClient
type KeyServiceServer interface { Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error) Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error) }
KeyServiceServer is the server API for KeyService service.
type Key_AzureKeyvaultKey struct { AzureKeyvaultKey *AzureKeyVaultKey `protobuf:"bytes,4,opt,name=azure_keyvault_key,json=azureKeyvaultKey,proto3,oneof"` }
type Key_GcpKmsKey struct { GcpKmsKey *GcpKmsKey `protobuf:"bytes,3,opt,name=gcp_kms_key,json=gcpKmsKey,proto3,oneof"` }
type Key_KmsKey struct { KmsKey *KmsKey `protobuf:"bytes,1,opt,name=kms_key,json=kmsKey,proto3,oneof"` }
type Key_PgpKey struct { PgpKey *PgpKey `protobuf:"bytes,2,opt,name=pgp_key,json=pgpKey,proto3,oneof"` }
type Key_VaultKey struct { VaultKey *VaultKey `protobuf:"bytes,5,opt,name=vault_key,json=vaultKey,proto3,oneof"` }
type KmsKey struct { Arn string `protobuf:"bytes,1,opt,name=arn,proto3" json:"arn,omitempty"` Role string `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"` Context map[string]string `protobuf:"bytes,3,rep,name=context,proto3" json:"context,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` AwsProfile string `protobuf:"bytes,4,opt,name=aws_profile,json=awsProfile,proto3" json:"aws_profile,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
LocalClient is a key service client that performs all operations locally
func NewLocalClient() LocalClient
NewLocalClient creates a new local client
func (c LocalClient) Decrypt(ctx context.Context, req *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error)
Decrypt processes a decrypt request locally See keyservice/server.go for more details
func (c LocalClient) Encrypt(ctx context.Context, req *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error)
Encrypt processes an encrypt request locally See keyservice/server.go for more details
type PgpKey struct { Fingerprint string `protobuf:"bytes,1,opt,name=fingerprint,proto3" json:"fingerprint,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
type Server struct { // Prompt indicates whether the server should prompt before decrypting or encrypting data Prompt bool }
Server is a key service server that uses SOPS MasterKeys to fulfill requests
func (ks Server) Decrypt(ctx context.Context, req *DecryptRequest) (*DecryptResponse, error)
Decrypt takes a decrypt request and decrypts the provided ciphertext with the provided key, returning the decrypted result
func (ks Server) Encrypt(ctx context.Context, req *EncryptRequest) (*EncryptResponse, error)
Encrypt takes an encrypt request and encrypts the provided plaintext with the provided key, returning the encrypted result
type UnimplementedKeyServiceServer struct { }
UnimplementedKeyServiceServer can be embedded to have forward compatible implementations.
func (*UnimplementedKeyServiceServer) Decrypt(ctx context.Context, req *DecryptRequest) (*DecryptResponse, error)
func (*UnimplementedKeyServiceServer) Encrypt(ctx context.Context, req *EncryptRequest) (*EncryptResponse, error)
type VaultKey struct { VaultAddress string `protobuf:"bytes,1,opt,name=vault_address,json=vaultAddress,proto3" json:"vault_address,omitempty"` EnginePath string `protobuf:"bytes,2,opt,name=engine_path,json=enginePath,proto3" json:"engine_path,omitempty"` KeyName string `protobuf:"bytes,3,opt,name=key_name,json=keyName,proto3" json:"key_name,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
Package keyservice imports 14 packages (graph) and is imported by 4 packages. Updated 2020-10-10. Refresh now. Tools for package owners.