Documentation
¶
Index ¶
- Constants
- Variables
- func KMSDecrypt(log log.T, svc KMSAPI, cipherTextBlob []byte, ...) (plainText []byte, err error)
- func KMSGenerateDataKey(kmsKeyId string, svc KMSAPI, encryptionContext map[string]string) (cipherTextKey []byte, plainTextKey []byte, err error)
- func NewKMSService(log log.T) (*kms.Client, error)
- type Encrypter
- func (encrypter *Encrypter) Decrypt(log log.T, cipherText []byte) (plainText []byte, err error)
- func (encrypter *Encrypter) Encrypt(log log.T, plainText []byte) (cipherText []byte, err error)
- func (encrypter *Encrypter) GetEncryptedDataKey() (ciptherTextBlob []byte)
- func (encrypter *Encrypter) GetKMSKeyId() (kmsKey string)
- type IEncrypter
- type KMSAPI
- type KMSKeyProvider
Constants ¶
View Source
const KMSKeySizeInBytes int32 = 64
KMSKeySizeInBytes is the key size that is fetched from KMS. 64 bytes key is split into two halves. First half 32 bytes key is used by agent for encryption and second half 32 bytes by clients like cli/console
Variables ¶
Functions ¶
func KMSDecrypt ¶
Types ¶
type Encrypter ¶
type Encrypter struct {
KMSService KMSAPI
// contains filtered or unexported fields
}
func (*Encrypter) GetEncryptedDataKey ¶
GetEncryptedDataKey returns the cipherText that was pulled from KMS
func (*Encrypter) GetKMSKeyId ¶
GetKMSKeyId gets the KMS key id that is used to generate the encryption key
type IEncrypter ¶
type KMSAPI ¶
type KMSAPI interface {
Decrypt(ctx context.Context, params *kms.DecryptInput, optFns ...func(*kms.Options)) (*kms.DecryptOutput, error)
GenerateDataKey(ctx context.Context, params *kms.GenerateDataKeyInput, optFns ...func(*kms.Options)) (*kms.GenerateDataKeyOutput, error)
}
KMSAPI defines the interface for KMS operations This allows for easier testing and mocking
type KMSKeyProvider ¶
type KMSKeyProvider interface {
GenerateDataKey()
}
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.