v3: go.mozilla.org/sops/v3/kms Index | Files | Directories

package kms

import "go.mozilla.org/sops/v3/kms"

Package kms contains an implementation of the go.mozilla.org/sops/v3.MasterKey interface that encrypts and decrypts the data key using AWS KMS with the AWS Go SDK.


Package Files


func ParseKMSContext Uses

func ParseKMSContext(in interface{}) map[string]*string

ParseKMSContext takes either a KMS context map or a comma-separated list of KMS context key:value pairs and returns a map

type MasterKey Uses

type MasterKey struct {
    Arn               string
    Role              string
    EncryptedKey      string
    CreationDate      time.Time
    EncryptionContext map[string]*string
    AwsProfile        string

MasterKey is a AWS KMS key used to encrypt and decrypt sops' data key.

func MasterKeysFromArnString Uses

func MasterKeysFromArnString(arn string, context map[string]*string, awsProfile string) []*MasterKey

MasterKeysFromArnString takes a comma separated list of AWS KMS ARNs and returns a slice of new MasterKeys for those ARNs

func NewMasterKey Uses

func NewMasterKey(arn string, role string, context map[string]*string) *MasterKey

NewMasterKey creates a new MasterKey from an ARN, role and context, setting the creation date to the current date

func NewMasterKeyFromArn Uses

func NewMasterKeyFromArn(arn string, context map[string]*string, awsProfile string) *MasterKey

NewMasterKeyFromArn takes an ARN string and returns a new MasterKey for that ARN

func (*MasterKey) Decrypt Uses

func (key *MasterKey) Decrypt() ([]byte, error)

Decrypt decrypts the EncryptedKey field with AWS KMS and returns the result.

func (*MasterKey) Encrypt Uses

func (key *MasterKey) Encrypt(dataKey []byte) error

Encrypt takes a sops data key, encrypts it with KMS and stores the result in the EncryptedKey field

func (*MasterKey) EncryptIfNeeded Uses

func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error

EncryptIfNeeded encrypts the provided sops' data key and encrypts it if it hasn't been encrypted yet

func (*MasterKey) EncryptedDataKey Uses

func (key *MasterKey) EncryptedDataKey() []byte

EncryptedDataKey returns the encrypted data key this master key holds

func (*MasterKey) NeedsRotation Uses

func (key *MasterKey) NeedsRotation() bool

NeedsRotation returns whether the data key needs to be rotated or not.

func (*MasterKey) SetEncryptedDataKey Uses

func (key *MasterKey) SetEncryptedDataKey(enc []byte)

SetEncryptedDataKey sets the encrypted data key for this master key

func (MasterKey) ToMap Uses

func (key MasterKey) ToMap() map[string]interface{}

ToMap converts the MasterKey to a map for serialization purposes

func (*MasterKey) ToString Uses

func (key *MasterKey) ToString() string

ToString converts the key to a string representation



Package kms imports 15 packages (graph) and is imported by 4 packages. Updated 2020-09-25. Refresh now. Tools for package owners.