key_manager

package
v1.0.0-beta.29 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 8, 2024 License: Apache-2.0 Imports: 13 Imported by: 1

Documentation

Overview

Package key_manager provides methods and message types of the key_manager v1alpha1 API.

Index

Constants

View Source 
const (
	DataKeyAlgorithmSymmetricEncryptionUnknownSymmetricEncryption = DataKeyAlgorithmSymmetricEncryption("unknown_symmetric_encryption")
	// AES-GCM (256-bits) is the only key algorithm currently supported by Key Manager.
	DataKeyAlgorithmSymmetricEncryptionAes256Gcm = DataKeyAlgorithmSymmetricEncryption("aes_256_gcm")
)
View Source 
const (
	KeyAlgorithmSymmetricEncryptionUnknownSymmetricEncryption = KeyAlgorithmSymmetricEncryption("unknown_symmetric_encryption")
	// AES-GCM (256-bits) is the only key algorithm currently supported by Key Manager.
	KeyAlgorithmSymmetricEncryptionAes256Gcm = KeyAlgorithmSymmetricEncryption("aes_256_gcm")
)
View Source 
const (
	KeyStateUnknownState = KeyState("unknown_state")
	// The key can be used for cryptographic operations.
	KeyStateEnabled = KeyState("enabled")
	// The key cannot be used for cryptographic operations.
	KeyStateDisabled = KeyState("disabled")
	// Key material must be imported before you can use it for cryptographic operations.
	KeyStatePendingKeyMaterial = KeyState("pending_key_material")
)
View Source 
const (
	ListKeysRequestOrderByNameAsc       = ListKeysRequestOrderBy("name_asc")
	ListKeysRequestOrderByNameDesc      = ListKeysRequestOrderBy("name_desc")
	ListKeysRequestOrderByCreatedAtAsc  = ListKeysRequestOrderBy("created_at_asc")
	ListKeysRequestOrderByCreatedAtDesc = ListKeysRequestOrderBy("created_at_desc")
	ListKeysRequestOrderByUpdatedAtAsc  = ListKeysRequestOrderBy("updated_at_asc")
	ListKeysRequestOrderByUpdatedAtDesc = ListKeysRequestOrderBy("updated_at_desc")
)

Variables

This section is empty.

Functions

This section is empty.

Types

type API 

type API struct {
	// contains filtered or unexported fields
}

This API allows you to create, manage and use cryptographic keys in a centralized and secure service.

func NewAPI 

func NewAPI(client *scw.Client) *API

NewAPI returns a API object from a Scaleway client.

func (*API) CreateKey 

func (s *API) CreateKey(req *CreateKeyRequest, opts ...scw.RequestOption) (*Key, error)

CreateKey: Create a key in a given region specified by the `region` parameter. Keys only support symmetric encryption. You can use keys to encrypt or decrypt arbitrary payloads, or to generate data encryption keys that can be used without being stored in Key Manager.

func (*API) Decrypt 

func (s *API) Decrypt(req *DecryptRequest, opts ...scw.RequestOption) (*DecryptResponse, error)

Decrypt: Decrypt data using an existing key, specified by the `key_id` parameter. The maximum payload size that can be decrypted is the result of the encryption of 64KB of data (around 131KB).

func (*API) DeleteKey 

func (s *API) DeleteKey(req *DeleteKeyRequest, opts ...scw.RequestOption) error

DeleteKey: Delete an existing key specified by the `region` and `key_id` parameters. Deleting a key is permanent and cannot be undone. All data encrypted using this key, including data encryption keys, will become unusable.

func (*API) DisableKey 

func (s *API) DisableKey(req *DisableKeyRequest, opts ...scw.RequestOption) (*Key, error)

DisableKey: Disable a given key to be used for cryptographic operations. Disabling a key renders it unusable. You must specify the `region` and `key_id` parameters.

func (*API) EnableKey 

func (s *API) EnableKey(req *EnableKeyRequest, opts ...scw.RequestOption) (*Key, error)

EnableKey: Enable a given key to be used for cryptographic operations. Enabling a key allows you to make a disabled key usable again. You must specify the `region` and `key_id` parameters.

func (*API) Encrypt 

func (s *API) Encrypt(req *EncryptRequest, opts ...scw.RequestOption) (*EncryptResponse, error)

Encrypt: Encrypt data using an existing key, specified by the `key_id` parameter. Only keys with a usage set to **symmetric_encryption** are supported by this method. The maximum payload size that can be encrypted is 64KB of plaintext.

func (*API) GenerateDataKey 

func (s *API) GenerateDataKey(req *GenerateDataKeyRequest, opts ...scw.RequestOption) (*DataKey, error)

GenerateDataKey: Generate a new data encryption key to use for cryptographic operations outside of Key Manager. Note that Key Manager does not store your data encryption key. The data encryption key is encrypted and must be decrypted using the key you have created in Key Manager. The data encryption key's plaintext is returned in the response object, for immediate usage.

Always store the data encryption key's ciphertext, rather than its plaintext, which must not be stored. To retrieve your key's plaintext, call the Decrypt endpoint with your key's ID and ciphertext.

func (*API) GetKey 

func (s *API) GetKey(req *GetKeyRequest, opts ...scw.RequestOption) (*Key, error)

GetKey: Retrieve the metadata of a key specified by the `region` and `key_id` parameters.

func (*API) ListKeys 

func (s *API) ListKeys(req *ListKeysRequest, opts ...scw.RequestOption) (*ListKeysResponse, error)

ListKeys: Retrieve the list of keys created within all Projects of an Organization or in a given Project. You must specify the `region`, and either the `organization_id` or the `project_id`.

func (*API) ProtectKey 

func (s *API) ProtectKey(req *ProtectKeyRequest, opts ...scw.RequestOption) (*Key, error)

ProtectKey: Apply key protection to a given key specified by the `key_id` parameter. Applying key protection means that your key can be used and modified, but it cannot be deleted.

func (*API) Regions 

func (s *API) Regions() []scw.Region

func (*API) RotateKey 

func (s *API) RotateKey(req *RotateKeyRequest, opts ...scw.RequestOption) (*Key, error)

RotateKey: Generate a new version of an existing key with randomly generated key material. Rotated keys can still be used to decrypt previously encrypted data. The key's new material will be used for subsequent encryption operations and data key generation.

func (*API) UnprotectKey 

func (s *API) UnprotectKey(req *UnprotectKeyRequest, opts ...scw.RequestOption) (*Key, error)

UnprotectKey: Remove key protection from a given key specified by the `key_id` parameter. Removing key protection means that your key can be deleted anytime.

func (*API) UpdateKey 

func (s *API) UpdateKey(req *UpdateKeyRequest, opts ...scw.RequestOption) (*Key, error)

UpdateKey: Update a key's metadata (name, description and tags), specified by the `key_id` and `region` parameters.

type CreateKeyRequest 

type CreateKeyRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// ProjectID: ID of the Project containing the key.
	ProjectID string `json:"project_id"`

	// Name: (Optional) Name of the key.
	Name *string `json:"name,omitempty"`

	// Usage: see the `Key.Algorithm.SymmetricEncryption` enum for a description of values.
	Usage *KeyUsage `json:"usage,omitempty"`

	// Description: (Optional) Description of the key.
	Description *string `json:"description,omitempty"`

	// Tags: (Optional) List of the key's tags.
	Tags []string `json:"tags"`

	// RotationPolicy: if not specified, no rotation policy will be applied to the key.
	RotationPolicy *KeyRotationPolicy `json:"rotation_policy,omitempty"`

	// Unprotected: default value is `false`.
	Unprotected bool `json:"unprotected"`
}

CreateKeyRequest: create key request.

type DataKey 

type DataKey struct {
	// KeyID: ID of the data encryption key.
	KeyID string `json:"key_id"`

	// Algorithm: symmetric encryption algorithm of the data encryption key.
	// Default value: unknown_symmetric_encryption
	Algorithm DataKeyAlgorithmSymmetricEncryption `json:"algorithm"`

	// Ciphertext: your data encryption key's ciphertext can be stored safely. It can only be decrypted through the keys you create in Key Manager, using the relevant key ID.
	Ciphertext []byte `json:"ciphertext"`

	// Plaintext: (Optional) Your data encryption key's plaintext allows you to use the key immediately upon creation. It must neither be stored or shared.
	Plaintext *[]byte `json:"plaintext"`

	// CreatedAt: data encryption key creation date.
	CreatedAt *time.Time `json:"created_at"`
}

DataKey: data key.

type DataKeyAlgorithmSymmetricEncryption 

type DataKeyAlgorithmSymmetricEncryption string

func (DataKeyAlgorithmSymmetricEncryption) MarshalJSON 

func (enum DataKeyAlgorithmSymmetricEncryption) MarshalJSON() ([]byte, error)

func (DataKeyAlgorithmSymmetricEncryption) String 

func (enum DataKeyAlgorithmSymmetricEncryption) String() string

func (*DataKeyAlgorithmSymmetricEncryption) UnmarshalJSON 

func (enum *DataKeyAlgorithmSymmetricEncryption) UnmarshalJSON(data []byte) error

func (DataKeyAlgorithmSymmetricEncryption) Values 

func (enum DataKeyAlgorithmSymmetricEncryption) Values() []DataKeyAlgorithmSymmetricEncryption

type DecryptRequest 

type DecryptRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// KeyID: ID of the key to decrypt.
	KeyID string `json:"-"`

	// Ciphertext: data size must be between 1 and 131071 bytes.
	Ciphertext []byte `json:"ciphertext"`

	// AssociatedData: the additional data must match the value passed in the encryption request.
	AssociatedData *[]byte `json:"associated_data,omitempty"`
}

DecryptRequest: decrypt request.

type DecryptResponse 

type DecryptResponse struct {
	// KeyID: ID of the key used for decryption.
	KeyID string `json:"key_id"`

	// Plaintext: key's decrypted data.
	Plaintext []byte `json:"plaintext"`

	// Ciphertext: if the data was already encrypted with the latest key rotation, no output will be returned in the response object.
	Ciphertext *[]byte `json:"ciphertext"`
}

DecryptResponse: decrypt response.

type DeleteKeyRequest 

type DeleteKeyRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// KeyID: ID of the key to delete.
	KeyID string `json:"-"`
}

DeleteKeyRequest: delete key request.

type DisableKeyRequest 

type DisableKeyRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// KeyID: ID of the key to disable.
	KeyID string `json:"-"`
}

DisableKeyRequest: disable key request.

type EnableKeyRequest 

type EnableKeyRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// KeyID: ID of the key to enable.
	KeyID string `json:"-"`
}

EnableKeyRequest: enable key request.

type EncryptRequest 

type EncryptRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// KeyID: ID of the key to encrypt.
	KeyID string `json:"-"`

	// Plaintext: data size must be between 1 and 65535 bytes.
	Plaintext []byte `json:"plaintext"`

	// AssociatedData: additional data which will not be encrypted, but authenticated and appended to the encrypted payload.
	AssociatedData *[]byte `json:"associated_data,omitempty"`
}

EncryptRequest: encrypt request.

type EncryptResponse 

type EncryptResponse struct {
	// KeyID: ID of the key used for encryption.
	KeyID string `json:"key_id"`

	// Ciphertext: key's encrypted data.
	Ciphertext []byte `json:"ciphertext"`
}

EncryptResponse: encrypt response.

type GenerateDataKeyRequest 

type GenerateDataKeyRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// KeyID: ID of the key.
	KeyID string `json:"-"`

	// Algorithm: encryption algorithm of the data encryption key.
	// Default value: unknown_symmetric_encryption
	Algorithm DataKeyAlgorithmSymmetricEncryption `json:"algorithm"`

	// WithoutPlaintext: default value is `false`, meaning that the plaintext is returned.
	// Set it to `true` if you do not wish the plaintext to be returned in the response object.
	WithoutPlaintext bool `json:"without_plaintext"`
}

GenerateDataKeyRequest: generate data key request.

type GetKeyRequest 

type GetKeyRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// KeyID: ID of the key to target.
	KeyID string `json:"-"`
}

GetKeyRequest: get key request.

type Key 

type Key struct {
	// ID: ID of the key.
	ID string `json:"id"`

	// ProjectID: ID of the Project containing the key.
	ProjectID string `json:"project_id"`

	// Name: name of the key.
	Name string `json:"name"`

	// Usage: keys with a usage set to `symmetric_encryption` are used to encrypt and decrypt data. The only key algorithm currently supported by Key Manager is AES-256-GCM.
	Usage *KeyUsage `json:"usage"`

	// State: current state of the key. Values include:
	// * `unknown_state`: key is in an unknown state.
	// * `enabled`: key can be used for cryptographic operations.
	// * `disabled`: key cannot be used for cryptographic operations.
	// Default value: unknown_state
	State KeyState `json:"state"`

	// RotationCount: the rotation count tracks the amount of times that the key was rotated.
	RotationCount uint32 `json:"rotation_count"`

	// CreatedAt: key creation date.
	CreatedAt *time.Time `json:"created_at"`

	// UpdatedAt: key last modification date.
	UpdatedAt *time.Time `json:"updated_at"`

	// Protected: returns `true` if key protection is applied to the key.
	Protected bool `json:"protected"`

	// Locked: returns `true` if the key is locked.
	Locked bool `json:"locked"`

	// Description: description of the key.
	Description *string `json:"description"`

	// Tags: list of the key's tags.
	Tags []string `json:"tags"`

	// RotatedAt: key last rotation date.
	RotatedAt *time.Time `json:"rotated_at"`

	// RotationPolicy: key rotation policy.
	RotationPolicy *KeyRotationPolicy `json:"rotation_policy"`

	// Region: region of the key.
	Region scw.Region `json:"region"`
}

Key: key.

type KeyAlgorithmSymmetricEncryption 

type KeyAlgorithmSymmetricEncryption string

func (KeyAlgorithmSymmetricEncryption) MarshalJSON 

func (enum KeyAlgorithmSymmetricEncryption) MarshalJSON() ([]byte, error)

func (KeyAlgorithmSymmetricEncryption) String 

func (enum KeyAlgorithmSymmetricEncryption) String() string

func (*KeyAlgorithmSymmetricEncryption) UnmarshalJSON 

func (enum *KeyAlgorithmSymmetricEncryption) UnmarshalJSON(data []byte) error

func (KeyAlgorithmSymmetricEncryption) Values 

func (enum KeyAlgorithmSymmetricEncryption) Values() []KeyAlgorithmSymmetricEncryption

type KeyRotationPolicy 

type KeyRotationPolicy struct {
	// RotationPeriod: duration between two key rotations. The minimum duration is 24 hours and the maximum duration is 876000 hours (1 year).
	RotationPeriod *scw.Duration `json:"rotation_period"`

	// NextRotationAt: date at which the key will be rotated next.
	NextRotationAt *time.Time `json:"next_rotation_at"`
}

KeyRotationPolicy: key rotation policy.

type KeyState 

type KeyState string

func (KeyState) MarshalJSON 

func (enum KeyState) MarshalJSON() ([]byte, error)

func (KeyState) String 

func (enum KeyState) String() string

func (*KeyState) UnmarshalJSON 

func (enum *KeyState) UnmarshalJSON(data []byte) error

func (KeyState) Values 

func (enum KeyState) Values() []KeyState

type KeyUsage 

type KeyUsage struct {
	// SymmetricEncryption: algorithms used to encrypt and decrypt arbitrary payloads.
	// Default value: unknown_symmetric_encryption
	// Precisely one of SymmetricEncryption must be set.
	SymmetricEncryption *KeyAlgorithmSymmetricEncryption `json:"symmetric_encryption,omitempty"`
}

KeyUsage: key usage.

type ListKeysRequest 

type ListKeysRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// OrganizationID: (Optional) Filter by Organization ID.
	OrganizationID *string `json:"-"`

	// ProjectID: (Optional) Filter by Project ID.
	ProjectID *string `json:"-"`

	// OrderBy: default value: name_asc
	OrderBy ListKeysRequestOrderBy `json:"-"`

	Page *int32 `json:"-"`

	PageSize *uint32 `json:"-"`

	// Tags: (Optional) List of tags to filter on.
	Tags []string `json:"-"`

	// Name: (Optional) Filter by key name.
	Name *string `json:"-"`
}

ListKeysRequest: list keys request.

type ListKeysRequestOrderBy 

type ListKeysRequestOrderBy string

func (ListKeysRequestOrderBy) MarshalJSON 

func (enum ListKeysRequestOrderBy) MarshalJSON() ([]byte, error)

func (ListKeysRequestOrderBy) String 

func (enum ListKeysRequestOrderBy) String() string

func (*ListKeysRequestOrderBy) UnmarshalJSON 

func (enum *ListKeysRequestOrderBy) UnmarshalJSON(data []byte) error

func (ListKeysRequestOrderBy) Values 

func (enum ListKeysRequestOrderBy) Values() []ListKeysRequestOrderBy

type ListKeysResponse 

type ListKeysResponse struct {
	// Keys: single page of keys matching the requested criteria.
	Keys []*Key `json:"keys"`

	// TotalCount: total count of keys matching the requested criteria.
	TotalCount uint64 `json:"total_count"`
}

ListKeysResponse: list keys response.

func (*ListKeysResponse) UnsafeAppend 

func (r *ListKeysResponse) UnsafeAppend(res interface{}) (uint64, error)

UnsafeAppend should not be used Internal usage only

func (*ListKeysResponse) UnsafeGetTotalCount 

func (r *ListKeysResponse) UnsafeGetTotalCount() uint64

UnsafeGetTotalCount should not be used Internal usage only

type ProtectKeyRequest 

type ProtectKeyRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// KeyID: ID of the key to apply key protection to.
	KeyID string `json:"-"`
}

ProtectKeyRequest: protect key request.

type RotateKeyRequest 

type RotateKeyRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// KeyID: ID of the key to rotate.
	KeyID string `json:"-"`
}

RotateKeyRequest: rotate key request.

type UnprotectKeyRequest 

type UnprotectKeyRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// KeyID: ID of the key to remove key protection from.
	KeyID string `json:"-"`
}

UnprotectKeyRequest: unprotect key request.

type UpdateKeyRequest 

type UpdateKeyRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// KeyID: ID of the key to update.
	KeyID string `json:"-"`

	// Name: (Optional) Updated name of the key.
	Name *string `json:"name,omitempty"`

	// Description: (Optional) Updated description of the key.
	Description *string `json:"description,omitempty"`

	// Tags: (Optional) Updated list of the key's tags.
	Tags *[]string `json:"tags,omitempty"`

	// RotationPolicy: if not specified, the key's existing rotation policy applies.
	RotationPolicy *KeyRotationPolicy `json:"rotation_policy,omitempty"`
}

UpdateKeyRequest: update key request.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.