keymanager

package
v1.0.1-0...-8ab7ef0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 23, 2025 License: MIT Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrEmptyKeyID indicates that the provided key ID is empty.
	ErrEmptyKeyID = errors.New("invalid request: keyID cannot be empty")

	// ErrNilKeySet indicates that the provided keyset is nil.
	ErrNilKeySet = errors.New("keyset cannot be nil")

	// ErrEmptySubscriberID indicates that the provided subscriber ID is empty.
	ErrEmptySubscriberID = errors.New("invalid request: subscriberID cannot be empty")

	// ErrEmptyUniqueKeyID indicates that the provided unique key ID is empty.
	ErrEmptyUniqueKeyID = errors.New("invalid request: uniqueKeyID cannot be empty")

	// ErrSubscriberNotFound indicates that no subscriber was found with the provided credentials.
	ErrSubscriberNotFound = errors.New("no subscriber found with given credentials")

	// ErrNilCache indicates that the cache implementation is nil.
	ErrNilCache = errors.New("cache implementation cannot be nil")

	// ErrNilRegistryLookup indicates that the registry lookup implementation is nil.
	ErrNilRegistryLookup = errors.New("registry lookup implementation cannot be nil")
)
View Source 
var NewVaultClient = vault.NewClient

NewVaultClient creates a new Vault client instance. This function is exported for testing purposes.

Functions

func GetVaultClient 

func GetVaultClient(ctx context.Context, vaultAddr string) (*vault.Client, error)

GetVaultClient creates and authenticates a Vault client using AppRole.

func ValidateCfg 

func ValidateCfg(cfg *Config) error

ValidateCfg validates the Vault configuration and sets default KV version if missing.

Types

type Config 

type Config struct {
	VaultAddr string
	KVVersion string
}

Config holds configuration parameters for connecting to Vault.

type KeyMgr 

type KeyMgr struct {
	VaultClient *vault.Client
	Registry    definition.RegistryLookup
	Cache       definition.Cache
	KvVersion   string
	SecretPath  string
}

KeyMgr provides methods for managing cryptographic keys using Vault.

func New 

func New(ctx context.Context, cache definition.Cache, registryLookup definition.RegistryLookup, cfg *Config) (*KeyMgr, func() error, error)

New creates a new KeyMgr instance with the provided configuration, cache, and registry lookup.

func (*KeyMgr) DeleteKeyset 

func (km *KeyMgr) DeleteKeyset(ctx context.Context, keyID string) error

DeleteKeyset deletes the private keys for the given key ID from Vault.

func (*KeyMgr) GenerateKeyset 

func (km *KeyMgr) GenerateKeyset() (*model.Keyset, error)

GenerateKeyset generates a new signing (Ed25519) and encryption (X25519) key pair.

func (*KeyMgr) InsertKeyset 

func (km *KeyMgr) InsertKeyset(ctx context.Context, keyID string, keys *model.Keyset) error

InsertKeyset stores the given keyset in Vault under the specified key ID.

func (*KeyMgr) Keyset 

func (km *KeyMgr) Keyset(ctx context.Context, keyID string) (*model.Keyset, error)

Keyset retrieves the keyset for the given key ID from Vault and public keys from the registry.

func (*KeyMgr) LookupNPKeys 

func (km *KeyMgr) LookupNPKeys(ctx context.Context, subscriberID, uniqueKeyID string) (string, string, error)

LookupNPKeys retrieves the signing and encryption public keys for the given subscriber ID and unique key ID.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.