Documentation
¶
Overview ¶
Package hckms contains an implementation of the github.com/getsops/sops/v3/keys.MasterKey interface that encrypts and decrypts the data key using HuaweiCloud KMS with the SDK for Go V3.
Index ¶
- Constants
- type Credentials
- type MasterKey
- func (key *MasterKey) Decrypt() ([]byte, error)
- func (key *MasterKey) DecryptContext(ctx context.Context) ([]byte, error)
- func (key *MasterKey) Encrypt(dataKey []byte) error
- func (key *MasterKey) EncryptContext(ctx context.Context, dataKey []byte) error
- func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error
- func (key *MasterKey) EncryptedDataKey() []byte
- func (key *MasterKey) NeedsRotation() bool
- func (key *MasterKey) SetEncryptedDataKey(enc []byte)
- func (key MasterKey) ToMap() map[string]interface{}
- func (key *MasterKey) ToString() string
- func (key *MasterKey) TypeToIdentifier() string
Constants ¶
const (
// KeyTypeIdentifier is the string used to identify a HuaweiCloud KMS MasterKey.
KeyTypeIdentifier = "hckms"
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Credentials ¶
type Credentials struct {
// contains filtered or unexported fields
}
Credentials is a wrapper around auth.ICredential used for authentication towards HuaweiCloud KMS.
func NewCredentials ¶
func NewCredentials(c auth.ICredential) *Credentials
NewCredentials returns a Credentials object with the provided auth.ICredential.
func (Credentials) ApplyToMasterKey ¶
func (c Credentials) ApplyToMasterKey(key *MasterKey)
ApplyToMasterKey configures the credentials on the provided key.
type MasterKey ¶
type MasterKey struct {
// KeyID is the full key identifier in format "region:key-uuid"
KeyID string
// Region is the HuaweiCloud region (e.g., "tr-west-1")
Region string
// KeyUUID is the UUID of the KMS key
KeyUUID string
// EncryptedKey stores the data key in its encrypted form.
EncryptedKey string
// CreationDate is when this MasterKey was created.
CreationDate time.Time
// contains filtered or unexported fields
}
MasterKey is a HuaweiCloud KMS key used to encrypt and decrypt SOPS' data key.
func NewMasterKey ¶
NewMasterKey creates a new MasterKey from a region:key-id string, setting the creation date to the current date.
func NewMasterKeyFromKeyIDString ¶
NewMasterKeyFromKeyIDString takes a comma separated list of HuaweiCloud KMS key IDs in format "region:key-uuid", and returns a slice of new MasterKeys.
func (*MasterKey) Decrypt ¶
Decrypt decrypts the EncryptedKey with HuaweiCloud KMS and returns the result.
Consider using DecryptContext instead.
func (*MasterKey) DecryptContext ¶
DecryptContext decrypts the EncryptedKey with HuaweiCloud KMS and returns the result.
func (*MasterKey) Encrypt ¶
Encrypt takes a SOPS data key, encrypts it with HuaweiCloud KMS and stores the result in the EncryptedKey field.
Consider using EncryptContext instead.
func (*MasterKey) EncryptContext ¶
EncryptContext takes a SOPS data key, encrypts it with HuaweiCloud KMS and stores the result in the EncryptedKey field.
func (*MasterKey) EncryptIfNeeded ¶
EncryptIfNeeded encrypts the provided SOPS data key, if it has not been encrypted yet.
func (*MasterKey) EncryptedDataKey ¶
EncryptedDataKey returns the encrypted data key this master key holds.
func (*MasterKey) NeedsRotation ¶
NeedsRotation returns whether the data key needs to be rotated or not.
func (*MasterKey) SetEncryptedDataKey ¶
SetEncryptedDataKey sets the encrypted data key for this master key.
func (*MasterKey) TypeToIdentifier ¶
TypeToIdentifier returns the string identifier for the MasterKey type.
Source Files