keyfetch

package
v1.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 10, 2026 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Overview

Package keyfetch provides a client for fetching encryption keys from an HTTP endpoint.

The client retrieves public keys in JSON Web Key Set (JWKs) format from a remote server and converts them into usable cryptographic keys for envelope encryption.

This package uses github.com/lestrrat-go/jwx/v3/jwk for JWK parsing and handling.

Currently, keyfetch only supports RSA keys for envelope encryption.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client fetches public keys from a CyberArk HTTP endpoint that provides keys in JWKS format. It can be expanded in future to support other key types and formats, but for now it only supports RSA keys and ignored other types.

func NewClient 

func NewClient(ctx context.Context, discoveryClient *servicediscovery.Client, cfg cyberark.ClientConfig, httpClient *http.Client) (*Client, error)

NewClient creates a new key fetching client. Uses CyberArk service discovery to derive the JWKS endpoint and CyberArk identity client for authentication. Constructing the client involves a service discovery call to initialise the identity client, so this may return an error if the discovery client is not able to connect to the service discovery endpoint. If httpClient is nil, a default HTTP client will be created.

func (*Client) FetchKey 

func (c *Client) FetchKey(ctx context.Context) (PublicKey, error)

FetchKey retrieves the public keys from the configured endpoint. It returns a slice of PublicKey structs containing the key material and metadata.

type FakeClient 

type FakeClient struct {
	// Key is the public key that will be returned by FetchKey.
	// If nil, a random key will be generated on the first call.
	Key *PublicKey

	// Err is the error that will be returned by FetchKey.
	// If both Key and Err are set, Err takes precedence.
	Err error

	// FetchKeyCalls tracks how many times FetchKey was called
	FetchKeyCalls int
}

FakeClient is a fake implementation of the key fetcher for testing. It can be configured to return specific keys or errors for testing different scenarios.

func NewFakeClient 

func NewFakeClient() *FakeClient

NewFakeClient creates a new fake client for testing.

func NewFakeClientWithError 

func NewFakeClientWithError(err error) *FakeClient

NewFakeClientWithError creates a new fake client that returns the specified error.

func NewFakeClientWithKey 

func NewFakeClientWithKey(keyID string, key *rsa.PublicKey) *FakeClient

NewFakeClientWithKey creates a new fake client that returns the specified key.

func (*FakeClient) FetchKey 

func (f *FakeClient) FetchKey(ctx context.Context) (PublicKey, error)

FetchKey implements the key fetching interface for testing. It returns the configured key or error, or generates a random key if none is configured.

type KeyFetcher 

type KeyFetcher interface {
	// FetchKey retrieves a public key from the key source.
	FetchKey(ctx context.Context) (PublicKey, error)
}

KeyFetcher is an interface for fetching public keys.

type PublicKey 

type PublicKey struct {
	// KeyID is the unique identifier for this key
	KeyID string

	// Key is the actual RSA public key
	Key *rsa.PublicKey
}

PublicKey represents an RSA public key retrieved from the key server.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.