key_manager

package
v1.0.0-beta.35 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 15, 2025 License: Apache-2.0 Imports: 13 Imported by: 1

Documentation

Overview

Package key_manager provides methods and message types of the key_manager v1alpha1 API.

Index

Constants

View Source 
const (
	DataKeyAlgorithmSymmetricEncryptionUnknownSymmetricEncryption = DataKeyAlgorithmSymmetricEncryption("unknown_symmetric_encryption")
	// Key Manager currently only supports the `AES-GCM` (256-bits) data key algorithm.
	DataKeyAlgorithmSymmetricEncryptionAes256Gcm = DataKeyAlgorithmSymmetricEncryption("aes_256_gcm")
)
View Source 
const (
	KeyAlgorithmAsymmetricEncryptionUnknownAsymmetricEncryption = KeyAlgorithmAsymmetricEncryption("unknown_asymmetric_encryption")
	// RSA-OAEP (Optimal Asymmetric Encryption Padding) with a 2048-bit key and SHA-256 hash function.
	KeyAlgorithmAsymmetricEncryptionRsaOaep2048Sha256 = KeyAlgorithmAsymmetricEncryption("rsa_oaep_2048_sha256")
	// RSA-OAEP (Optimal Asymmetric Encryption Padding) with a 3072-bit key and SHA-256 hash function (recommended).
	KeyAlgorithmAsymmetricEncryptionRsaOaep3072Sha256 = KeyAlgorithmAsymmetricEncryption("rsa_oaep_3072_sha256")
	// RSA-OAEP (Optimal Asymmetric Encryption Padding) with a 4096-bit key and SHA-256 hash function.
	KeyAlgorithmAsymmetricEncryptionRsaOaep4096Sha256 = KeyAlgorithmAsymmetricEncryption("rsa_oaep_4096_sha256")
)
View Source 
const (
	KeyAlgorithmAsymmetricSigningUnknownAsymmetricSigning = KeyAlgorithmAsymmetricSigning("unknown_asymmetric_signing")
	// ECDSA (Elliptic Curve Digital Signature Algorithm) on the P-256 Curve and SHA-256 hash function (recommended).
	KeyAlgorithmAsymmetricSigningEcP256Sha256 = KeyAlgorithmAsymmetricSigning("ec_p256_sha256")
	// ECDSA (Elliptic Curve Digital Signature Algorithm) on the P-384 Curve and SHA-384 hash function.
	KeyAlgorithmAsymmetricSigningEcP384Sha384 = KeyAlgorithmAsymmetricSigning("ec_p384_sha384")
	// RSA-PSS (Probabilistic Signature Scheme) with a 2048-bit key and SHA-256 hash function.
	KeyAlgorithmAsymmetricSigningRsaPss2048Sha256 = KeyAlgorithmAsymmetricSigning("rsa_pss_2048_sha256")
	// RSA-PSS (Probabilistic Signature Scheme) with a 3072-bit key and SHA-256 hash function.
	KeyAlgorithmAsymmetricSigningRsaPss3072Sha256 = KeyAlgorithmAsymmetricSigning("rsa_pss_3072_sha256")
	// RSA-PSS (Probabilistic Signature Scheme) with a 4096-bit key and SHA-256 hash function.
	KeyAlgorithmAsymmetricSigningRsaPss4096Sha256 = KeyAlgorithmAsymmetricSigning("rsa_pss_4096_sha256")
	// RSA-PKCS1 (Public Key Cryptography Standards) with a 2048-bit key and SHA-256 hash function.
	KeyAlgorithmAsymmetricSigningRsaPkcs1_2048Sha256 = KeyAlgorithmAsymmetricSigning("rsa_pkcs1_2048_sha256")
	// RSA-PKCS1 (Public Key Cryptography Standards) with a 3072-bit key and SHA-256 hash function.
	KeyAlgorithmAsymmetricSigningRsaPkcs1_3072Sha256 = KeyAlgorithmAsymmetricSigning("rsa_pkcs1_3072_sha256")
	// RSA-PKCS1 (Public Key Cryptography Standards) with a 4096-bit key and SHA-256 hash function.
	KeyAlgorithmAsymmetricSigningRsaPkcs1_4096Sha256 = KeyAlgorithmAsymmetricSigning("rsa_pkcs1_4096_sha256")
)
View Source 
const (
	KeyAlgorithmSymmetricEncryptionUnknownSymmetricEncryption = KeyAlgorithmSymmetricEncryption("unknown_symmetric_encryption")
	// 256-bit Advanced Encryption Standard (AES-256) keys in Galois Counter Mode (GCM).
	KeyAlgorithmSymmetricEncryptionAes256Gcm = KeyAlgorithmSymmetricEncryption("aes_256_gcm")
)
View Source 
const (
	KeyOriginUnknownOrigin = KeyOrigin("unknown_origin")
	// Key Manager generates the key material upon key creation.
	KeyOriginScalewayKms = KeyOrigin("scaleway_kms")
	// Key Manager creates a key with key material coming from an external source.
	KeyOriginExternal = KeyOrigin("external")
)
View Source 
const (
	KeyStateUnknownState = KeyState("unknown_state")
	// The key can be used for cryptographic operations.
	KeyStateEnabled = KeyState("enabled")
	// The key cannot be used for cryptographic operations.
	KeyStateDisabled = KeyState("disabled")
	// Key material must be imported before the key can be used for cryptographic operations.
	KeyStatePendingKeyMaterial   = KeyState("pending_key_material")
	KeyStateScheduledForDeletion = KeyState("scheduled_for_deletion")
)
View Source 
const (
	ListAlgorithmsRequestUsageUnknownUsage         = ListAlgorithmsRequestUsage("unknown_usage")
	ListAlgorithmsRequestUsageSymmetricEncryption  = ListAlgorithmsRequestUsage("symmetric_encryption")
	ListAlgorithmsRequestUsageAsymmetricEncryption = ListAlgorithmsRequestUsage("asymmetric_encryption")
	ListAlgorithmsRequestUsageAsymmetricSigning    = ListAlgorithmsRequestUsage("asymmetric_signing")
)
View Source 
const (
	ListKeysRequestOrderByNameAsc       = ListKeysRequestOrderBy("name_asc")
	ListKeysRequestOrderByNameDesc      = ListKeysRequestOrderBy("name_desc")
	ListKeysRequestOrderByCreatedAtAsc  = ListKeysRequestOrderBy("created_at_asc")
	ListKeysRequestOrderByCreatedAtDesc = ListKeysRequestOrderBy("created_at_desc")
	ListKeysRequestOrderByUpdatedAtAsc  = ListKeysRequestOrderBy("updated_at_asc")
	ListKeysRequestOrderByUpdatedAtDesc = ListKeysRequestOrderBy("updated_at_desc")
)
View Source 
const (
	ListKeysRequestUsageUnknownUsage         = ListKeysRequestUsage("unknown_usage")
	ListKeysRequestUsageSymmetricEncryption  = ListKeysRequestUsage("symmetric_encryption")
	ListKeysRequestUsageAsymmetricEncryption = ListKeysRequestUsage("asymmetric_encryption")
	ListKeysRequestUsageAsymmetricSigning    = ListKeysRequestUsage("asymmetric_signing")
)

Variables

This section is empty.

Functions

This section is empty.

Types

type API 

type API struct {
	// contains filtered or unexported fields
}

This API allows you to create, manage and use cryptographic keys in a centralized and secure service.

func NewAPI 

func NewAPI(client *scw.Client) *API

NewAPI returns a API object from a Scaleway client.

func (*API) CreateKey 

func (s *API) CreateKey(req *CreateKeyRequest, opts ...scw.RequestOption) (*Key, error)

CreateKey: Create a key in a given region specified by the `region` parameter. You can use keys to encrypt or decrypt arbitrary payloads, to sign and verify messages or to generate data encryption keys. **Data encryption keys are not stored in Key Manager**.

func (*API) Decrypt 

func (s *API) Decrypt(req *DecryptRequest, opts ...scw.RequestOption) (*DecryptResponse, error)

Decrypt: Decrypt an encrypted payload using an existing key, specified by the `key_id` parameter. The maximum payload size that can be decrypted is equivalent to the encrypted output of 64 KB of data (around 131 KB).

func (*API) DeleteKey 

func (s *API) DeleteKey(req *DeleteKeyRequest, opts ...scw.RequestOption) error

DeleteKey: Permanently delete a key specified by the `region` and `key_id` parameters. This action is irreversible. Any data encrypted with this key, including data encryption keys, will no longer be decipherable.

func (*API) DeleteKeyMaterial 

func (s *API) DeleteKeyMaterial(req *DeleteKeyMaterialRequest, opts ...scw.RequestOption) error

DeleteKeyMaterial: Delete previously imported key material. This renders the associated cryptographic key unusable for any operation. The key's origin must be `external`.

func (*API) DisableKey 

func (s *API) DisableKey(req *DisableKeyRequest, opts ...scw.RequestOption) (*Key, error)

DisableKey: Disable a given key, preventing it to be used for cryptographic operations. Disabling a key renders it unusable. You must specify the `region` and `key_id` parameters.

func (*API) EnableKey 

func (s *API) EnableKey(req *EnableKeyRequest, opts ...scw.RequestOption) (*Key, error)

EnableKey: Enable a given key to be used for cryptographic operations. Enabling a key allows you to make a disabled key usable again. You must specify the `region` and `key_id` parameters.

func (*API) Encrypt 

func (s *API) Encrypt(req *EncryptRequest, opts ...scw.RequestOption) (*EncryptResponse, error)

Encrypt: Encrypt a payload using an existing key, specified by the `key_id` parameter. The maximum payload size that can be encrypted is 64 KB of plaintext.

func (*API) GenerateDataKey 

func (s *API) GenerateDataKey(req *GenerateDataKeyRequest, opts ...scw.RequestOption) (*DataKey, error)

GenerateDataKey: Create a new data encryption key for cryptographic operations outside of Key Manager. The data encryption key is encrypted and must be decrypted using the key you have created in Key Manager.

The data encryption key is returned in plaintext and ciphertext but it should only be stored in its encrypted form (ciphertext). Key Manager does not store your data encryption key. To retrieve your key's plaintext, use the `Decrypt` method with your key's ID and ciphertext.

func (*API) GetKey 

func (s *API) GetKey(req *GetKeyRequest, opts ...scw.RequestOption) (*Key, error)

GetKey: Retrieve metadata for a specified key using the `region` and `key_id` parameters.

func (*API) GetPublicKey 

func (s *API) GetPublicKey(req *GetPublicKeyRequest, opts ...scw.RequestOption) (*PublicKey, error)

GetPublicKey: Retrieves the public portion of an asymmetric cryptographic key in PEM format.

func (*API) ImportKeyMaterial 

func (s *API) ImportKeyMaterial(req *ImportKeyMaterialRequest, opts ...scw.RequestOption) (*Key, error)

ImportKeyMaterial: Import externally generated key material into Key Manager to derive a new cryptographic key. The key's origin must be `external`.

func (*API) ListAlgorithms 

func (s *API) ListAlgorithms(req *ListAlgorithmsRequest, opts ...scw.RequestOption) (*ListAlgorithmsResponse, error)

ListAlgorithms: Lists all cryptographic algorithms supported by the Key Manager service.

func (*API) ListKeys 

func (s *API) ListKeys(req *ListKeysRequest, opts ...scw.RequestOption) (*ListKeysResponse, error)

ListKeys: Retrieve a list of keys across all Projects in an Organization or within a specific Project. You must specify the `region`, and either the `organization_id` or the `project_id`.

func (*API) ProtectKey 

func (s *API) ProtectKey(req *ProtectKeyRequest, opts ...scw.RequestOption) (*Key, error)

ProtectKey: Apply protection to a given key specified by the `key_id` parameter. Applying key protection means that your key can be used and modified, but it cannot be deleted.

func (*API) Regions 

func (s *API) Regions() []scw.Region

func (*API) RestoreKey 

func (s *API) RestoreKey(req *RestoreKeyRequest, opts ...scw.RequestOption) (*Key, error)

RestoreKey: Restore a key and all its rotations scheduled for deletion specified by the `region` and `key_id` parameters.

func (*API) RotateKey 

func (s *API) RotateKey(req *RotateKeyRequest, opts ...scw.RequestOption) (*Key, error)

RotateKey: Generate a new version of an existing key with new key material. Previous key versions remain usable to decrypt previously encrypted data, but the key's new version will be used for subsequent encryption operations and data key generation.

func (*API) Sign 

func (s *API) Sign(req *SignRequest, opts ...scw.RequestOption) (*SignResponse, error)

Sign: Use a given key to sign a message digest. The key must have its usage set to `asymmetric_signing`. The digest must be created using the same digest algorithm that is defined in the key's algorithm configuration.

func (*API) UnprotectKey 

func (s *API) UnprotectKey(req *UnprotectKeyRequest, opts ...scw.RequestOption) (*Key, error)

UnprotectKey: Remove key protection from a given key specified by the `key_id` parameter. Removing key protection means that your key can be deleted anytime.

func (*API) UpdateKey 

func (s *API) UpdateKey(req *UpdateKeyRequest, opts ...scw.RequestOption) (*Key, error)

UpdateKey: Modify a key's metadata including name, description and tags, specified by the `key_id` and `region` parameters.

func (*API) Verify 

func (s *API) Verify(req *VerifyRequest, opts ...scw.RequestOption) (*VerifyResponse, error)

Verify: Use a given key to verify a message signature against a message digest. The key must have its usage set to `asymmetric_signing`. The message digest must be generated using the same digest algorithm that is defined in the key's algorithm configuration.

type CreateKeyRequest 

type CreateKeyRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// ProjectID: ID of the Project containing the key.
	ProjectID string `json:"project_id"`

	// Name: (Optional) Name of the key.
	Name *string `json:"name,omitempty"`

	// Usage: see the `Key.Usage` enum for a description of possible values.
	Usage *KeyUsage `json:"usage,omitempty"`

	// Description: (Optional) Description of the key.
	Description *string `json:"description,omitempty"`

	// Tags: (Optional) List of the key's tags.
	Tags []string `json:"tags"`

	// RotationPolicy: if not specified, no rotation policy will be applied to the key.
	RotationPolicy *KeyRotationPolicy `json:"rotation_policy,omitempty"`

	// Unprotected: default value is `false`.
	Unprotected bool `json:"unprotected"`

	// Origin: refer to the `Key.Origin` enum for a description of values.
	// Default value: unknown_origin
	Origin KeyOrigin `json:"origin"`
}

CreateKeyRequest: create key request.

type DataKey 

type DataKey struct {
	// KeyID: ID of the data encryption key.
	KeyID string `json:"key_id"`

	// Algorithm: symmetric encryption algorithm of the data encryption key (`AES-256-GCM`).
	// Default value: unknown_symmetric_encryption
	Algorithm DataKeyAlgorithmSymmetricEncryption `json:"algorithm"`

	// Ciphertext: your data encryption key's ciphertext can be stored safely. It can only be decrypted through the keys you create in Key Manager, using the relevant key ID.
	Ciphertext []byte `json:"ciphertext"`

	// Plaintext: (Optional) Your data encryption key's plaintext allows you to use the key immediately upon creation. It must neither be stored or shared.
	Plaintext *[]byte `json:"plaintext"`

	// CreatedAt: data encryption key creation date.
	CreatedAt *time.Time `json:"created_at"`
}

DataKey: data key.

type DataKeyAlgorithmSymmetricEncryption 

type DataKeyAlgorithmSymmetricEncryption string

func (DataKeyAlgorithmSymmetricEncryption) MarshalJSON 

func (enum DataKeyAlgorithmSymmetricEncryption) MarshalJSON() ([]byte, error)

func (DataKeyAlgorithmSymmetricEncryption) String 

func (enum DataKeyAlgorithmSymmetricEncryption) String() string

func (*DataKeyAlgorithmSymmetricEncryption) UnmarshalJSON 

func (enum *DataKeyAlgorithmSymmetricEncryption) UnmarshalJSON(data []byte) error

func (DataKeyAlgorithmSymmetricEncryption) Values 

func (enum DataKeyAlgorithmSymmetricEncryption) Values() []DataKeyAlgorithmSymmetricEncryption

type DecryptRequest 

type DecryptRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// KeyID: the key must have an usage set to `symmetric_encryption` or `asymmetric_encryption`.
	KeyID string `json:"-"`

	// Ciphertext: data size must be between 1 and 131071 bytes.
	Ciphertext []byte `json:"ciphertext"`

	// AssociatedData: the additional data must match the value passed in the encryption request. Only supported by keys with a usage set to `symmetric_encryption`.
	AssociatedData *[]byte `json:"associated_data,omitempty"`
}

DecryptRequest: decrypt request.

type DecryptResponse 

type DecryptResponse struct {
	// KeyID: ID of the key used for decryption.
	KeyID string `json:"key_id"`

	// Plaintext: key's decrypted data.
	Plaintext []byte `json:"plaintext"`

	// Ciphertext: if the data was already encrypted with the latest key rotation, no output will be returned in the response object.
	Ciphertext *[]byte `json:"ciphertext"`
}

DecryptResponse: decrypt response.

type DeleteKeyMaterialRequest 

type DeleteKeyMaterialRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// KeyID: ID of the key of which to delete the key material.
	KeyID string `json:"-"`
}

DeleteKeyMaterialRequest: delete key material request.

type DeleteKeyRequest 

type DeleteKeyRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// KeyID: ID of the key to delete.
	KeyID string `json:"-"`
}

DeleteKeyRequest: delete key request.

type DisableKeyRequest 

type DisableKeyRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// KeyID: ID of the key to disable.
	KeyID string `json:"-"`
}

DisableKeyRequest: disable key request.

type EnableKeyRequest 

type EnableKeyRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// KeyID: ID of the key to enable.
	KeyID string `json:"-"`
}

EnableKeyRequest: enable key request.

type EncryptRequest 

type EncryptRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// KeyID: the key must have an usage set to `symmetric_encryption` or `asymmetric_encryption`.
	KeyID string `json:"-"`

	// Plaintext: data size must be between 1 and 65535 bytes.
	Plaintext []byte `json:"plaintext"`

	// AssociatedData: additional data which will not be encrypted, but authenticated and appended to the encrypted payload. Only supported by keys with a usage set to `symmetric_encryption`.
	AssociatedData *[]byte `json:"associated_data,omitempty"`
}

EncryptRequest: encrypt request.

type EncryptResponse 

type EncryptResponse struct {
	// KeyID: ID of the key used for encryption.
	KeyID string `json:"key_id"`

	// Ciphertext: key's encrypted data.
	Ciphertext []byte `json:"ciphertext"`
}

EncryptResponse: encrypt response.

type GenerateDataKeyRequest 

type GenerateDataKeyRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// KeyID: ID of the key.
	KeyID string `json:"-"`

	// Algorithm: see the `DataKey.Algorithm.SymmetricEncryption` enum for a description of values.
	// Default value: unknown_symmetric_encryption
	Algorithm DataKeyAlgorithmSymmetricEncryption `json:"algorithm"`

	// WithoutPlaintext: default value is `false`, meaning that the plaintext is returned.
	// Set it to `true` if you do not wish the plaintext to be returned in the response object.
	WithoutPlaintext bool `json:"without_plaintext"`
}

GenerateDataKeyRequest: generate data key request.

type GetKeyRequest 

type GetKeyRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// KeyID: ID of the key to target.
	KeyID string `json:"-"`
}

GetKeyRequest: get key request.

type GetPublicKeyRequest 

type GetPublicKeyRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// KeyID: ID of the key.
	KeyID string `json:"-"`
}

GetPublicKeyRequest: get public key request.

type ImportKeyMaterialRequest 

type ImportKeyMaterialRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// KeyID: the key's origin must be `external`.
	KeyID string `json:"-"`

	// KeyMaterial: the key material The key material is a random sequence of bytes used to derive a cryptographic key.
	KeyMaterial []byte `json:"key_material"`

	// Salt: a salt is random data added to key material to ensure unique derived keys, even if the input is similar. It helps strengthen security when the key material has low randomness (low entropy).
	Salt *[]byte `json:"salt,omitempty"`
}

ImportKeyMaterialRequest: import key material request.

type Key 

type Key struct {
	// ID: ID of the key.
	ID string `json:"id"`

	// ProjectID: ID of the Project containing the key.
	ProjectID string `json:"project_id"`

	// Name: name of the key.
	Name string `json:"name"`

	// Usage: see the `Key.Usage` enum for a description of possible values.
	Usage *KeyUsage `json:"usage"`

	// State: see the `Key.State` enum for a description of possible values.
	// Default value: unknown_state
	State KeyState `json:"state"`

	// RotationCount: the rotation count tracks the number of times the key has been rotated.
	RotationCount uint32 `json:"rotation_count"`

	// CreatedAt: key creation date.
	CreatedAt *time.Time `json:"created_at"`

	// UpdatedAt: key last modification date.
	UpdatedAt *time.Time `json:"updated_at"`

	// Protected: returns `true` if key protection is applied to the key.
	Protected bool `json:"protected"`

	// Locked: returns `true` if the key is locked.
	Locked bool `json:"locked"`

	// Description: description of the key.
	Description *string `json:"description"`

	// Tags: list of the key's tags.
	Tags []string `json:"tags"`

	// RotatedAt: key last rotation date.
	RotatedAt *time.Time `json:"rotated_at"`

	// RotationPolicy: key rotation policy.
	RotationPolicy *KeyRotationPolicy `json:"rotation_policy"`

	// Origin: refer to the `Key.Origin` enum for a description of values.
	// Default value: unknown_origin
	Origin KeyOrigin `json:"origin"`

	// DeletionRequestedAt: returns the time at which deletion was requested.
	DeletionRequestedAt *time.Time `json:"deletion_requested_at"`

	// Region: region where the key is stored.
	Region scw.Region `json:"region"`
}

Key: key.

type KeyAlgorithmAsymmetricEncryption 

type KeyAlgorithmAsymmetricEncryption string

func (KeyAlgorithmAsymmetricEncryption) MarshalJSON 

func (enum KeyAlgorithmAsymmetricEncryption) MarshalJSON() ([]byte, error)

func (KeyAlgorithmAsymmetricEncryption) String 

func (enum KeyAlgorithmAsymmetricEncryption) String() string

func (*KeyAlgorithmAsymmetricEncryption) UnmarshalJSON 

func (enum *KeyAlgorithmAsymmetricEncryption) UnmarshalJSON(data []byte) error

func (KeyAlgorithmAsymmetricEncryption) Values 

func (enum KeyAlgorithmAsymmetricEncryption) Values() []KeyAlgorithmAsymmetricEncryption

type KeyAlgorithmAsymmetricSigning 

type KeyAlgorithmAsymmetricSigning string

func (KeyAlgorithmAsymmetricSigning) MarshalJSON 

func (enum KeyAlgorithmAsymmetricSigning) MarshalJSON() ([]byte, error)

func (KeyAlgorithmAsymmetricSigning) String 

func (enum KeyAlgorithmAsymmetricSigning) String() string

func (*KeyAlgorithmAsymmetricSigning) UnmarshalJSON 

func (enum *KeyAlgorithmAsymmetricSigning) UnmarshalJSON(data []byte) error

func (KeyAlgorithmAsymmetricSigning) Values 

func (enum KeyAlgorithmAsymmetricSigning) Values() []KeyAlgorithmAsymmetricSigning

type KeyAlgorithmSymmetricEncryption 

type KeyAlgorithmSymmetricEncryption string

func (KeyAlgorithmSymmetricEncryption) MarshalJSON 

func (enum KeyAlgorithmSymmetricEncryption) MarshalJSON() ([]byte, error)

func (KeyAlgorithmSymmetricEncryption) String 

func (enum KeyAlgorithmSymmetricEncryption) String() string

func (*KeyAlgorithmSymmetricEncryption) UnmarshalJSON 

func (enum *KeyAlgorithmSymmetricEncryption) UnmarshalJSON(data []byte) error

func (KeyAlgorithmSymmetricEncryption) Values 

func (enum KeyAlgorithmSymmetricEncryption) Values() []KeyAlgorithmSymmetricEncryption

type KeyOrigin 

type KeyOrigin string

func (KeyOrigin) MarshalJSON 

func (enum KeyOrigin) MarshalJSON() ([]byte, error)

func (KeyOrigin) String 

func (enum KeyOrigin) String() string

func (*KeyOrigin) UnmarshalJSON 

func (enum *KeyOrigin) UnmarshalJSON(data []byte) error

func (KeyOrigin) Values 

func (enum KeyOrigin) Values() []KeyOrigin

type KeyRotationPolicy 

type KeyRotationPolicy struct {
	// RotationPeriod: time interval between two key rotations. The minimum duration is 24 hours and the maximum duration is 1 year (876000 hours).
	RotationPeriod *scw.Duration `json:"rotation_period"`

	// NextRotationAt: timestamp indicating the next scheduled rotation.
	NextRotationAt *time.Time `json:"next_rotation_at"`
}

KeyRotationPolicy: key rotation policy.

type KeyState 

type KeyState string

func (KeyState) MarshalJSON 

func (enum KeyState) MarshalJSON() ([]byte, error)

func (KeyState) String 

func (enum KeyState) String() string

func (*KeyState) UnmarshalJSON 

func (enum *KeyState) UnmarshalJSON(data []byte) error

func (KeyState) Values 

func (enum KeyState) Values() []KeyState

type KeyUsage 

type KeyUsage struct {
	// SymmetricEncryption: see the `Key.Algorithm.SymmetricEncryption` enum for a description of values.
	// Default value: unknown_symmetric_encryption
	// Precisely one of SymmetricEncryption, AsymmetricEncryption, AsymmetricSigning must be set.
	SymmetricEncryption *KeyAlgorithmSymmetricEncryption `json:"symmetric_encryption,omitempty"`

	// AsymmetricEncryption: see the `Key.Algorithm.AsymmetricEncryption` enum for a description of values.
	// Default value: unknown_asymmetric_encryption
	// Precisely one of SymmetricEncryption, AsymmetricEncryption, AsymmetricSigning must be set.
	AsymmetricEncryption *KeyAlgorithmAsymmetricEncryption `json:"asymmetric_encryption,omitempty"`

	// AsymmetricSigning: see the `Key.Algorithm.AsymmetricSigning` enum for a description of values.
	// Default value: unknown_asymmetric_signing
	// Precisely one of SymmetricEncryption, AsymmetricEncryption, AsymmetricSigning must be set.
	AsymmetricSigning *KeyAlgorithmAsymmetricSigning `json:"asymmetric_signing,omitempty"`
}

KeyUsage: key usage.

type ListAlgorithmsRequest 

type ListAlgorithmsRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// Usages: filter by key usage.
	Usages []ListAlgorithmsRequestUsage `json:"usages"`
}

ListAlgorithmsRequest: list algorithms request.

type ListAlgorithmsRequestUsage 

type ListAlgorithmsRequestUsage string

func (ListAlgorithmsRequestUsage) MarshalJSON 

func (enum ListAlgorithmsRequestUsage) MarshalJSON() ([]byte, error)

func (ListAlgorithmsRequestUsage) String 

func (enum ListAlgorithmsRequestUsage) String() string

func (*ListAlgorithmsRequestUsage) UnmarshalJSON 

func (enum *ListAlgorithmsRequestUsage) UnmarshalJSON(data []byte) error

func (ListAlgorithmsRequestUsage) Values 

func (enum ListAlgorithmsRequestUsage) Values() []ListAlgorithmsRequestUsage

type ListAlgorithmsResponse 

type ListAlgorithmsResponse struct {
	// Algorithms: returns a list of algorithms matching the requested criteria.
	Algorithms []*ListAlgorithmsResponseAlgorithm `json:"algorithms"`
}

ListAlgorithmsResponse: list algorithms response.

type ListAlgorithmsResponseAlgorithm 

type ListAlgorithmsResponseAlgorithm struct {
	Usage string `json:"usage"`

	Name string `json:"name"`

	Recommended bool `json:"recommended"`
}

ListAlgorithmsResponseAlgorithm: list algorithms response algorithm.

type ListKeysRequest 

type ListKeysRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// OrganizationID: (Optional) Filter by Organization ID.
	OrganizationID *string `json:"-"`

	// ProjectID: (Optional) Filter by Project ID.
	ProjectID *string `json:"-"`

	// OrderBy: default value: name_asc
	OrderBy ListKeysRequestOrderBy `json:"-"`

	Page *int32 `json:"-"`

	PageSize *uint32 `json:"-"`

	// Tags: (Optional) List of tags to filter on.
	Tags []string `json:"-"`

	// Name: (Optional) Filter by key name.
	Name *string `json:"-"`

	// Usage: select from symmetric encryption, asymmetric encryption, or asymmetric signing.
	// Default value: unknown_usage
	Usage ListKeysRequestUsage `json:"-"`

	// ScheduledForDeletion: filter keys based on their deletion status. By default, only keys not scheduled for deletion are returned in the output.
	ScheduledForDeletion bool `json:"-"`
}

ListKeysRequest: list keys request.

type ListKeysRequestOrderBy 

type ListKeysRequestOrderBy string

func (ListKeysRequestOrderBy) MarshalJSON 

func (enum ListKeysRequestOrderBy) MarshalJSON() ([]byte, error)

func (ListKeysRequestOrderBy) String 

func (enum ListKeysRequestOrderBy) String() string

func (*ListKeysRequestOrderBy) UnmarshalJSON 

func (enum *ListKeysRequestOrderBy) UnmarshalJSON(data []byte) error

func (ListKeysRequestOrderBy) Values 

func (enum ListKeysRequestOrderBy) Values() []ListKeysRequestOrderBy

type ListKeysRequestUsage 

type ListKeysRequestUsage string

func (ListKeysRequestUsage) MarshalJSON 

func (enum ListKeysRequestUsage) MarshalJSON() ([]byte, error)

func (ListKeysRequestUsage) String 

func (enum ListKeysRequestUsage) String() string

func (*ListKeysRequestUsage) UnmarshalJSON 

func (enum *ListKeysRequestUsage) UnmarshalJSON(data []byte) error

func (ListKeysRequestUsage) Values 

func (enum ListKeysRequestUsage) Values() []ListKeysRequestUsage

type ListKeysResponse 

type ListKeysResponse struct {
	// Keys: single page of keys matching the requested criteria.
	Keys []*Key `json:"keys"`

	// TotalCount: total count of keys matching the requested criteria.
	TotalCount uint64 `json:"total_count"`
}

ListKeysResponse: list keys response.

func (*ListKeysResponse) UnsafeAppend 

func (r *ListKeysResponse) UnsafeAppend(res any) (uint64, error)

UnsafeAppend should not be used Internal usage only

func (*ListKeysResponse) UnsafeGetTotalCount 

func (r *ListKeysResponse) UnsafeGetTotalCount() uint64

UnsafeGetTotalCount should not be used Internal usage only

type ProtectKeyRequest 

type ProtectKeyRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// KeyID: ID of the key to apply key protection to.
	KeyID string `json:"-"`
}

ProtectKeyRequest: protect key request.

type PublicKey 

type PublicKey struct {
	Pem string `json:"pem"`
}

PublicKey: public key.

type RestoreKeyRequest 

type RestoreKeyRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	KeyID string `json:"-"`
}

RestoreKeyRequest: restore key request.

type RotateKeyRequest 

type RotateKeyRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// KeyID: ID of the key to rotate.
	KeyID string `json:"-"`
}

RotateKeyRequest: rotate key request.

type SignRequest 

type SignRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// KeyID: ID of the key to use for signing.
	KeyID string `json:"-"`

	// Digest: the digest must be generated using the same algorithm defined in the key’s algorithm settings.
	Digest []byte `json:"digest"`
}

SignRequest: sign request.

type SignResponse 

type SignResponse struct {
	// KeyID: ID of the key used to generate the signature.
	KeyID string `json:"key_id"`

	// Signature: the message signature.
	Signature []byte `json:"signature"`
}

SignResponse: sign response.

type UnprotectKeyRequest 

type UnprotectKeyRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// KeyID: ID of the key to remove key protection from.
	KeyID string `json:"-"`
}

UnprotectKeyRequest: unprotect key request.

type UpdateKeyRequest 

type UpdateKeyRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// KeyID: ID of the key to update.
	KeyID string `json:"-"`

	// Name: (Optional) Updated name of the key.
	Name *string `json:"name,omitempty"`

	// Description: (Optional) Updated description of the key.
	Description *string `json:"description,omitempty"`

	// Tags: (Optional) Updated list of the key's tags.
	Tags *[]string `json:"tags,omitempty"`

	// RotationPolicy: if not specified, the key's existing rotation policy applies.
	RotationPolicy *KeyRotationPolicy `json:"rotation_policy,omitempty"`
}

UpdateKeyRequest: update key request.

type VerifyRequest 

type VerifyRequest struct {
	// Region: region to target. If none is passed will use default region from the config.
	Region scw.Region `json:"-"`

	// KeyID: ID of the key to use for signature verification.
	KeyID string `json:"-"`

	// Digest: must be generated using the same algorithm specified in the key’s configuration.
	Digest []byte `json:"digest"`

	// Signature: the message signature to verify.
	Signature []byte `json:"signature"`
}

VerifyRequest: verify request.

type VerifyResponse 

type VerifyResponse struct {
	// KeyID: ID of the key used for verification.
	KeyID string `json:"key_id"`

	// Valid: returns `true` if the signature is valid for the digest and key, and `false` otherwise.
	Valid bool `json:"valid"`
}

VerifyResponse: verify response.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.