gocloud.dev: gocloud.dev/secrets/awskms Index | Examples | Files

package awskms

import "gocloud.dev/secrets/awskms"

Package awskms provides a secrets implementation backed by AWS KMS. Use OpenKeeper to construct a *secrets.Keeper.

URLs

For secrets.OpenKeeper, awskms registers for the scheme "awskms". The default URL opener will use an AWS session with the default credentials and configuration; see https://docs.aws.amazon.com/sdk-for-go/api/aws/session/ for more details. To customize the URL opener, or for more details on the URL format, see URLOpener. See https://gocloud.dev/concepts/urls/ for background information.

As

awskms exposes the following type for As:

- Error: awserr.Error

Code:

// This example is used in https://gocloud.dev/howto/secrets/#aws

// import _ "gocloud.dev/secrets/awskms"

// Variables set up elsewhere:
ctx := context.Background()

// Use one of the following:

// 1. By ID.
keeperByID, err := secrets.OpenKeeper(ctx,
    "awskms://1234abcd-12ab-34cd-56ef-1234567890ab?region=us-east-1")
if err != nil {
    log.Fatal(err)
}
defer keeperByID.Close()

// 2. By alias.
keeperByAlias, err := secrets.OpenKeeper(ctx,
    "awskms://alias/ExampleAlias?region=us-east-1")
if err != nil {
    log.Fatal(err)
}
defer keeperByAlias.Close()

// 3. By ARN.
const arn = "arn:aws:kms:us-east-1:111122223333:key/" +
    "1234abcd-12ab-34bc-56ef-1234567890ab"
keeperByARN, err := secrets.OpenKeeper(ctx,
    "awskms://"+arn+"?region=us-east-1")
if err != nil {
    log.Fatal(err)
}
defer keeperByARN.Close()

Index

Examples

Package Files

kms.go

Constants

const Scheme = "awskms"

Scheme is the URL scheme awskms registers its URLOpener under on secrets.DefaultMux.

Variables

var Set = wire.NewSet(
    wire.Struct(new(URLOpener), "ConfigProvider"),
    Dial,
)

Set holds Wire providers for this package.

func Dial Uses

func Dial(p client.ConfigProvider) (*kms.KMS, error)

Dial gets an AWS KMS service client.

func OpenKeeper Uses

func OpenKeeper(client *kms.KMS, keyID string, opts *KeeperOptions) *secrets.Keeper

OpenKeeper returns a *secrets.Keeper that uses AWS KMS. The key ID can be in the form of an Amazon Resource Name (ARN), alias name, or alias ARN. See https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn for more details. See the package documentation for an example.

Code:

// This example is used in https://gocloud.dev/howto/secrets/#aws-ctor

// Establish an AWS session.
// See https://docs.aws.amazon.com/sdk-for-go/api/aws/session/ for more info.
sess, err := session.NewSession(nil)
if err != nil {
    log.Fatal(err)
}

// Get a client to use with the KMS API.
client, err := awskms.Dial(sess)
if err != nil {
    log.Fatal(err)
}

// Construct a *secrets.Keeper.
keeper := awskms.OpenKeeper(client, "alias/test-secrets", nil)
defer keeper.Close()

type KeeperOptions Uses

type KeeperOptions struct{}

KeeperOptions controls Keeper behaviors. It is provided for future extensibility.

type URLOpener Uses

type URLOpener struct {
    // ConfigProvider must be set to a non-nil value.
    ConfigProvider client.ConfigProvider

    // Options specifies the options to pass to OpenKeeper.
    Options KeeperOptions
}

URLOpener opens AWS KMS URLs like "awskms://keyID".

The URL Host + Path are used as the key ID, which can be in the form of an Amazon Resource Name (ARN), alias name, or alias ARN. See https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn for more details.

See gocloud.dev/aws/ConfigFromURLParams for supported query parameters for overriding the aws.Session from the URL.

func (*URLOpener) OpenKeeperURL Uses

func (o *URLOpener) OpenKeeperURL(ctx context.Context, u *url.URL) (*secrets.Keeper, error)

OpenKeeperURL opens an AWS KMS Keeper based on u.

Package awskms imports 15 packages (graph) and is imported by 3 packages. Updated 2019-07-16. Refresh now. Tools for package owners.