v3: go.mozilla.org/sops/v3/keyservice Index | Files

package keyservice

import "go.mozilla.org/sops/v3/keyservice"

Package keyservice implements a gRPC API that can be used by SOPS to encrypt and decrypt the data key using remote master keys.

Index

Package Files

client.go keyservice.go keyservice.pb.go server.go

func RegisterKeyServiceServer Uses

func RegisterKeyServiceServer(s *grpc.Server, srv KeyServiceServer)

type AzureKeyVaultKey Uses

type AzureKeyVaultKey struct {
    VaultUrl             string   `protobuf:"bytes,1,opt,name=vault_url,json=vaultUrl,proto3" json:"vault_url,omitempty"`
    Name                 string   `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
    Version              string   `protobuf:"bytes,3,opt,name=version,proto3" json:"version,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

func (*AzureKeyVaultKey) Descriptor Uses

func (*AzureKeyVaultKey) Descriptor() ([]byte, []int)

func (*AzureKeyVaultKey) GetName Uses

func (m *AzureKeyVaultKey) GetName() string

func (*AzureKeyVaultKey) GetVaultUrl Uses

func (m *AzureKeyVaultKey) GetVaultUrl() string

func (*AzureKeyVaultKey) GetVersion Uses

func (m *AzureKeyVaultKey) GetVersion() string

func (*AzureKeyVaultKey) ProtoMessage Uses

func (*AzureKeyVaultKey) ProtoMessage()

func (*AzureKeyVaultKey) Reset Uses

func (m *AzureKeyVaultKey) Reset()

func (*AzureKeyVaultKey) String Uses

func (m *AzureKeyVaultKey) String() string

func (*AzureKeyVaultKey) XXX_DiscardUnknown Uses

func (m *AzureKeyVaultKey) XXX_DiscardUnknown()

func (*AzureKeyVaultKey) XXX_Marshal Uses

func (m *AzureKeyVaultKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*AzureKeyVaultKey) XXX_Merge Uses

func (m *AzureKeyVaultKey) XXX_Merge(src proto.Message)

func (*AzureKeyVaultKey) XXX_Size Uses

func (m *AzureKeyVaultKey) XXX_Size() int

func (*AzureKeyVaultKey) XXX_Unmarshal Uses

func (m *AzureKeyVaultKey) XXX_Unmarshal(b []byte) error

type DecryptRequest Uses

type DecryptRequest struct {
    Key                  *Key     `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
    Ciphertext           []byte   `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

func (*DecryptRequest) Descriptor Uses

func (*DecryptRequest) Descriptor() ([]byte, []int)

func (*DecryptRequest) GetCiphertext Uses

func (m *DecryptRequest) GetCiphertext() []byte

func (*DecryptRequest) GetKey Uses

func (m *DecryptRequest) GetKey() *Key

func (*DecryptRequest) ProtoMessage Uses

func (*DecryptRequest) ProtoMessage()

func (*DecryptRequest) Reset Uses

func (m *DecryptRequest) Reset()

func (*DecryptRequest) String Uses

func (m *DecryptRequest) String() string

func (*DecryptRequest) XXX_DiscardUnknown Uses

func (m *DecryptRequest) XXX_DiscardUnknown()

func (*DecryptRequest) XXX_Marshal Uses

func (m *DecryptRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DecryptRequest) XXX_Merge Uses

func (m *DecryptRequest) XXX_Merge(src proto.Message)

func (*DecryptRequest) XXX_Size Uses

func (m *DecryptRequest) XXX_Size() int

func (*DecryptRequest) XXX_Unmarshal Uses

func (m *DecryptRequest) XXX_Unmarshal(b []byte) error

type DecryptResponse Uses

type DecryptResponse struct {
    Plaintext            []byte   `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

func (*DecryptResponse) Descriptor Uses

func (*DecryptResponse) Descriptor() ([]byte, []int)

func (*DecryptResponse) GetPlaintext Uses

func (m *DecryptResponse) GetPlaintext() []byte

func (*DecryptResponse) ProtoMessage Uses

func (*DecryptResponse) ProtoMessage()

func (*DecryptResponse) Reset Uses

func (m *DecryptResponse) Reset()

func (*DecryptResponse) String Uses

func (m *DecryptResponse) String() string

func (*DecryptResponse) XXX_DiscardUnknown Uses

func (m *DecryptResponse) XXX_DiscardUnknown()

func (*DecryptResponse) XXX_Marshal Uses

func (m *DecryptResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DecryptResponse) XXX_Merge Uses

func (m *DecryptResponse) XXX_Merge(src proto.Message)

func (*DecryptResponse) XXX_Size Uses

func (m *DecryptResponse) XXX_Size() int

func (*DecryptResponse) XXX_Unmarshal Uses

func (m *DecryptResponse) XXX_Unmarshal(b []byte) error

type EncryptRequest Uses

type EncryptRequest struct {
    Key                  *Key     `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
    Plaintext            []byte   `protobuf:"bytes,2,opt,name=plaintext,proto3" json:"plaintext,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

func (*EncryptRequest) Descriptor Uses

func (*EncryptRequest) Descriptor() ([]byte, []int)

func (*EncryptRequest) GetKey Uses

func (m *EncryptRequest) GetKey() *Key

func (*EncryptRequest) GetPlaintext Uses

func (m *EncryptRequest) GetPlaintext() []byte

func (*EncryptRequest) ProtoMessage Uses

func (*EncryptRequest) ProtoMessage()

func (*EncryptRequest) Reset Uses

func (m *EncryptRequest) Reset()

func (*EncryptRequest) String Uses

func (m *EncryptRequest) String() string

func (*EncryptRequest) XXX_DiscardUnknown Uses

func (m *EncryptRequest) XXX_DiscardUnknown()

func (*EncryptRequest) XXX_Marshal Uses

func (m *EncryptRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*EncryptRequest) XXX_Merge Uses

func (m *EncryptRequest) XXX_Merge(src proto.Message)

func (*EncryptRequest) XXX_Size Uses

func (m *EncryptRequest) XXX_Size() int

func (*EncryptRequest) XXX_Unmarshal Uses

func (m *EncryptRequest) XXX_Unmarshal(b []byte) error

type EncryptResponse Uses

type EncryptResponse struct {
    Ciphertext           []byte   `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

func (*EncryptResponse) Descriptor Uses

func (*EncryptResponse) Descriptor() ([]byte, []int)

func (*EncryptResponse) GetCiphertext Uses

func (m *EncryptResponse) GetCiphertext() []byte

func (*EncryptResponse) ProtoMessage Uses

func (*EncryptResponse) ProtoMessage()

func (*EncryptResponse) Reset Uses

func (m *EncryptResponse) Reset()

func (*EncryptResponse) String Uses

func (m *EncryptResponse) String() string

func (*EncryptResponse) XXX_DiscardUnknown Uses

func (m *EncryptResponse) XXX_DiscardUnknown()

func (*EncryptResponse) XXX_Marshal Uses

func (m *EncryptResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*EncryptResponse) XXX_Merge Uses

func (m *EncryptResponse) XXX_Merge(src proto.Message)

func (*EncryptResponse) XXX_Size Uses

func (m *EncryptResponse) XXX_Size() int

func (*EncryptResponse) XXX_Unmarshal Uses

func (m *EncryptResponse) XXX_Unmarshal(b []byte) error

type GcpKmsKey Uses

type GcpKmsKey struct {
    ResourceId           string   `protobuf:"bytes,1,opt,name=resource_id,json=resourceId,proto3" json:"resource_id,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

func (*GcpKmsKey) Descriptor Uses

func (*GcpKmsKey) Descriptor() ([]byte, []int)

func (*GcpKmsKey) GetResourceId Uses

func (m *GcpKmsKey) GetResourceId() string

func (*GcpKmsKey) ProtoMessage Uses

func (*GcpKmsKey) ProtoMessage()

func (*GcpKmsKey) Reset Uses

func (m *GcpKmsKey) Reset()

func (*GcpKmsKey) String Uses

func (m *GcpKmsKey) String() string

func (*GcpKmsKey) XXX_DiscardUnknown Uses

func (m *GcpKmsKey) XXX_DiscardUnknown()

func (*GcpKmsKey) XXX_Marshal Uses

func (m *GcpKmsKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*GcpKmsKey) XXX_Merge Uses

func (m *GcpKmsKey) XXX_Merge(src proto.Message)

func (*GcpKmsKey) XXX_Size Uses

func (m *GcpKmsKey) XXX_Size() int

func (*GcpKmsKey) XXX_Unmarshal Uses

func (m *GcpKmsKey) XXX_Unmarshal(b []byte) error

type Key Uses

type Key struct {
    // Types that are valid to be assigned to KeyType:
    //	*Key_KmsKey
    //	*Key_PgpKey
    //	*Key_GcpKmsKey
    //	*Key_AzureKeyvaultKey
    //	*Key_VaultKey
    KeyType              isKey_KeyType `protobuf_oneof:"key_type"`
    XXX_NoUnkeyedLiteral struct{}      `json:"-"`
    XXX_unrecognized     []byte        `json:"-"`
    XXX_sizecache        int32         `json:"-"`
}

func KeyFromMasterKey Uses

func KeyFromMasterKey(mk keys.MasterKey) Key

KeyFromMasterKey converts a SOPS internal MasterKey to an RPC Key that can be serialized with Protocol Buffers

func (*Key) Descriptor Uses

func (*Key) Descriptor() ([]byte, []int)

func (*Key) GetAzureKeyvaultKey Uses

func (m *Key) GetAzureKeyvaultKey() *AzureKeyVaultKey

func (*Key) GetGcpKmsKey Uses

func (m *Key) GetGcpKmsKey() *GcpKmsKey

func (*Key) GetKeyType Uses

func (m *Key) GetKeyType() isKey_KeyType

func (*Key) GetKmsKey Uses

func (m *Key) GetKmsKey() *KmsKey

func (*Key) GetPgpKey Uses

func (m *Key) GetPgpKey() *PgpKey

func (*Key) GetVaultKey Uses

func (m *Key) GetVaultKey() *VaultKey

func (*Key) ProtoMessage Uses

func (*Key) ProtoMessage()

func (*Key) Reset Uses

func (m *Key) Reset()

func (*Key) String Uses

func (m *Key) String() string

func (*Key) XXX_DiscardUnknown Uses

func (m *Key) XXX_DiscardUnknown()

func (*Key) XXX_Marshal Uses

func (m *Key) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Key) XXX_Merge Uses

func (m *Key) XXX_Merge(src proto.Message)

func (*Key) XXX_OneofWrappers Uses

func (*Key) XXX_OneofWrappers() []interface{}

XXX_OneofWrappers is for the internal use of the proto package.

func (*Key) XXX_Size Uses

func (m *Key) XXX_Size() int

func (*Key) XXX_Unmarshal Uses

func (m *Key) XXX_Unmarshal(b []byte) error

type KeyServiceClient Uses

type KeyServiceClient interface {
    Encrypt(ctx context.Context, in *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error)
    Decrypt(ctx context.Context, in *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error)
}

KeyServiceClient is the client API for KeyService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewKeyServiceClient Uses

func NewKeyServiceClient(cc *grpc.ClientConn) KeyServiceClient

type KeyServiceServer Uses

type KeyServiceServer interface {
    Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error)
    Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error)
}

KeyServiceServer is the server API for KeyService service.

type Key_AzureKeyvaultKey Uses

type Key_AzureKeyvaultKey struct {
    AzureKeyvaultKey *AzureKeyVaultKey `protobuf:"bytes,4,opt,name=azure_keyvault_key,json=azureKeyvaultKey,proto3,oneof"`
}

type Key_GcpKmsKey Uses

type Key_GcpKmsKey struct {
    GcpKmsKey *GcpKmsKey `protobuf:"bytes,3,opt,name=gcp_kms_key,json=gcpKmsKey,proto3,oneof"`
}

type Key_KmsKey Uses

type Key_KmsKey struct {
    KmsKey *KmsKey `protobuf:"bytes,1,opt,name=kms_key,json=kmsKey,proto3,oneof"`
}

type Key_PgpKey Uses

type Key_PgpKey struct {
    PgpKey *PgpKey `protobuf:"bytes,2,opt,name=pgp_key,json=pgpKey,proto3,oneof"`
}

type Key_VaultKey Uses

type Key_VaultKey struct {
    VaultKey *VaultKey `protobuf:"bytes,5,opt,name=vault_key,json=vaultKey,proto3,oneof"`
}

type KmsKey Uses

type KmsKey struct {
    Arn                  string            `protobuf:"bytes,1,opt,name=arn,proto3" json:"arn,omitempty"`
    Role                 string            `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"`
    Context              map[string]string `protobuf:"bytes,3,rep,name=context,proto3" json:"context,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
    AwsProfile           string            `protobuf:"bytes,4,opt,name=aws_profile,json=awsProfile,proto3" json:"aws_profile,omitempty"`
    XXX_NoUnkeyedLiteral struct{}          `json:"-"`
    XXX_unrecognized     []byte            `json:"-"`
    XXX_sizecache        int32             `json:"-"`
}

func (*KmsKey) Descriptor Uses

func (*KmsKey) Descriptor() ([]byte, []int)

func (*KmsKey) GetArn Uses

func (m *KmsKey) GetArn() string

func (*KmsKey) GetAwsProfile Uses

func (m *KmsKey) GetAwsProfile() string

func (*KmsKey) GetContext Uses

func (m *KmsKey) GetContext() map[string]string

func (*KmsKey) GetRole Uses

func (m *KmsKey) GetRole() string

func (*KmsKey) ProtoMessage Uses

func (*KmsKey) ProtoMessage()

func (*KmsKey) Reset Uses

func (m *KmsKey) Reset()

func (*KmsKey) String Uses

func (m *KmsKey) String() string

func (*KmsKey) XXX_DiscardUnknown Uses

func (m *KmsKey) XXX_DiscardUnknown()

func (*KmsKey) XXX_Marshal Uses

func (m *KmsKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*KmsKey) XXX_Merge Uses

func (m *KmsKey) XXX_Merge(src proto.Message)

func (*KmsKey) XXX_Size Uses

func (m *KmsKey) XXX_Size() int

func (*KmsKey) XXX_Unmarshal Uses

func (m *KmsKey) XXX_Unmarshal(b []byte) error

type LocalClient Uses

type LocalClient struct {
    Server Server
}

LocalClient is a key service client that performs all operations locally

func NewLocalClient Uses

func NewLocalClient() LocalClient

NewLocalClient creates a new local client

func (LocalClient) Decrypt Uses

func (c LocalClient) Decrypt(ctx context.Context,
    req *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error)

Decrypt processes a decrypt request locally See keyservice/server.go for more details

func (LocalClient) Encrypt Uses

func (c LocalClient) Encrypt(ctx context.Context,
    req *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error)

Encrypt processes an encrypt request locally See keyservice/server.go for more details

type PgpKey Uses

type PgpKey struct {
    Fingerprint          string   `protobuf:"bytes,1,opt,name=fingerprint,proto3" json:"fingerprint,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

func (*PgpKey) Descriptor Uses

func (*PgpKey) Descriptor() ([]byte, []int)

func (*PgpKey) GetFingerprint Uses

func (m *PgpKey) GetFingerprint() string

func (*PgpKey) ProtoMessage Uses

func (*PgpKey) ProtoMessage()

func (*PgpKey) Reset Uses

func (m *PgpKey) Reset()

func (*PgpKey) String Uses

func (m *PgpKey) String() string

func (*PgpKey) XXX_DiscardUnknown Uses

func (m *PgpKey) XXX_DiscardUnknown()

func (*PgpKey) XXX_Marshal Uses

func (m *PgpKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*PgpKey) XXX_Merge Uses

func (m *PgpKey) XXX_Merge(src proto.Message)

func (*PgpKey) XXX_Size Uses

func (m *PgpKey) XXX_Size() int

func (*PgpKey) XXX_Unmarshal Uses

func (m *PgpKey) XXX_Unmarshal(b []byte) error

type Server Uses

type Server struct {
    // Prompt indicates whether the server should prompt before decrypting or encrypting data
    Prompt bool
}

Server is a key service server that uses SOPS MasterKeys to fulfill requests

func (Server) Decrypt Uses

func (ks Server) Decrypt(ctx context.Context,
    req *DecryptRequest) (*DecryptResponse, error)

Decrypt takes a decrypt request and decrypts the provided ciphertext with the provided key, returning the decrypted result

func (Server) Encrypt Uses

func (ks Server) Encrypt(ctx context.Context,
    req *EncryptRequest) (*EncryptResponse, error)

Encrypt takes an encrypt request and encrypts the provided plaintext with the provided key, returning the encrypted result

type UnimplementedKeyServiceServer Uses

type UnimplementedKeyServiceServer struct {
}

UnimplementedKeyServiceServer can be embedded to have forward compatible implementations.

func (*UnimplementedKeyServiceServer) Decrypt Uses

func (*UnimplementedKeyServiceServer) Decrypt(ctx context.Context, req *DecryptRequest) (*DecryptResponse, error)

func (*UnimplementedKeyServiceServer) Encrypt Uses

func (*UnimplementedKeyServiceServer) Encrypt(ctx context.Context, req *EncryptRequest) (*EncryptResponse, error)

type VaultKey Uses

type VaultKey struct {
    VaultAddress         string   `protobuf:"bytes,1,opt,name=vault_address,json=vaultAddress,proto3" json:"vault_address,omitempty"`
    EnginePath           string   `protobuf:"bytes,2,opt,name=engine_path,json=enginePath,proto3" json:"engine_path,omitempty"`
    KeyName              string   `protobuf:"bytes,3,opt,name=key_name,json=keyName,proto3" json:"key_name,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

func (*VaultKey) Descriptor Uses

func (*VaultKey) Descriptor() ([]byte, []int)

func (*VaultKey) GetEnginePath Uses

func (m *VaultKey) GetEnginePath() string

func (*VaultKey) GetKeyName Uses

func (m *VaultKey) GetKeyName() string

func (*VaultKey) GetVaultAddress Uses

func (m *VaultKey) GetVaultAddress() string

func (*VaultKey) ProtoMessage Uses

func (*VaultKey) ProtoMessage()

func (*VaultKey) Reset Uses

func (m *VaultKey) Reset()

func (*VaultKey) String Uses

func (m *VaultKey) String() string

func (*VaultKey) XXX_DiscardUnknown Uses

func (m *VaultKey) XXX_DiscardUnknown()

func (*VaultKey) XXX_Marshal Uses

func (m *VaultKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*VaultKey) XXX_Merge Uses

func (m *VaultKey) XXX_Merge(src proto.Message)

func (*VaultKey) XXX_Size Uses

func (m *VaultKey) XXX_Size() int

func (*VaultKey) XXX_Unmarshal Uses

func (m *VaultKey) XXX_Unmarshal(b []byte) error

Package keyservice imports 14 packages (graph) and is imported by 2 packages. Updated 2020-08-15. Refresh now. Tools for package owners.