gocloud.dev: gocloud.dev/secrets/gcpkms Index | Examples | Files

package gcpkms

import "gocloud.dev/secrets/gcpkms"

Package gcpkms provides a secrets implementation backed by Google Cloud KMS. Use OpenKeeper to construct a *secrets.Keeper.

URLs

For secrets.OpenKeeper, gcpkms registers for the scheme "gcpkms". The default URL opener will create a connection using use default credentials from the environment, as described in https://cloud.google.com/docs/authentication/production. To customize the URL opener, or for more details on the URL format, see URLOpener. See https://gocloud.dev/concepts/urls/ for background information.

As

gcpkms exposes the following type for As:

- Error: *google.golang.org/grpc/status.Status

Code:

// PRAGMA: This example is used on gocloud.dev; PRAGMA comments adjust how it is shown and can be ignored.
// PRAGMA: On gocloud.dev, add a blank import: _ "gocloud.dev/secrets/gcpkms"
// PRAGMA: On gocloud.dev, hide lines until the next blank line.
ctx := context.Background()

keeper, err := secrets.OpenKeeper(ctx,
    "gcpkms://projects/MYPROJECT/"+
        "locations/MYLOCATION/"+
        "keyRings/MYKEYRING/"+
        "cryptoKeys/MYKEY")
if err != nil {
    log.Fatal(err)
}
defer keeper.Close()

Index

Examples

Package Files

kms.go

Constants

const Scheme = "gcpkms"

Scheme is the URL scheme gcpkms registers its URLOpener under on secrets.DefaultMux.

Variables

var Set = wire.NewSet(
    Dial,
    wire.Struct(new(URLOpener), "Client"),
)

Set holds Wire providers for this package.

func Dial Uses

func Dial(ctx context.Context, ts gcp.TokenSource) (*cloudkms.KeyManagementClient, func(), error)

Dial returns a client to use with Cloud KMS and a clean-up function to close the client after used.

func KeyResourceID Uses

func KeyResourceID(projectID, location, keyRing, key string) string

KeyResourceID constructs a key resourceID for GCP KMS. See https://cloud.google.com/kms/docs/object-hierarchy#key for more details.

func OpenKeeper Uses

func OpenKeeper(client *cloudkms.KeyManagementClient, keyResourceID string, opts *KeeperOptions) *secrets.Keeper

OpenKeeper returns a *secrets.Keeper that uses Google Cloud KMS. You can use KeyResourceID to construct keyResourceID from its parts, or provide the whole string if you have it (e.g., from the GCP console). See https://cloud.google.com/kms/docs/object-hierarchy#key for more details. See the package documentation for an example.

Code:

// PRAGMA: This example is used on gocloud.dev; PRAGMA comments adjust how it is shown and can be ignored.
// PRAGMA: On gocloud.dev, hide lines until the next blank line.
ctx := context.Background()

// Get a client to use with the KMS API.
client, done, err := gcpkms.Dial(ctx, nil)
if err != nil {
    log.Fatal(err)
}
// Close the connection when done.
defer done()

// You can also use gcpkms.KeyResourceID to construct this string.
const keyID = "projects/MYPROJECT/" +
    "locations/MYLOCATION/" +
    "keyRings/MYKEYRING/" +
    "cryptoKeys/MYKEY"

// Construct a *secrets.Keeper.
keeper := gcpkms.OpenKeeper(client, keyID, nil)
defer keeper.Close()

type KeeperOptions Uses

type KeeperOptions struct{}

KeeperOptions controls Keeper behaviors. It is provided for future extensibility.

type URLOpener Uses

type URLOpener struct {
    // Client must be non-nil and be authenticated with "cloudkms" scope or equivalent.
    Client *cloudkms.KeyManagementClient

    // Options specifies the default options to pass to OpenKeeper.
    Options KeeperOptions
}

URLOpener opens GCP KMS URLs like "gcpkms://projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEY_RING]/cryptoKeys/[KEY]".

The URL host+path are used as the key resource ID; see https://cloud.google.com/kms/docs/object-hierarchy#key for more details.

No query parameters are supported.

func (*URLOpener) OpenKeeperURL Uses

func (o *URLOpener) OpenKeeperURL(ctx context.Context, u *url.URL) (*secrets.Keeper, error)

OpenKeeperURL opens the GCP KMS URLs.

Package gcpkms imports 15 packages (graph) and is imported by 7 packages. Updated 2019-08-10. Refresh now. Tools for package owners.