Documentation
¶
Index ¶
- type EncryptedContentService
- type EncryptedPassphraseService
- type EncryptedPayloadService
- type Service
- func (s *Service) ConvertIniContentToLegacyTerraformContent(passphraseLength int, iniContent *ini.Content, pubKey *stdRsa.PublicKey, ...) (*terraform.Content, error)
- func (s *Service) ConvertIniContentToV1TerraformContent(passphraseLength int, iniContent *ini.Content, pubKey *stdRsa.PublicKey, ...) (*terraform.Content, error)
- func (s *Service) MigrateEncryptedTerraformResourceHcl(hclParser hcl.Parser, hclBytes []byte, privKey *stdRsa.PrivateKey, ...) (*ast.File, error)
- func (s *Service) RotateOrRekeyEncryptedTerraformResourceHcl(hclParser hcl.Parser, hclBytes []byte, privKey *stdRsa.PrivateKey, ...) (*ast.File, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type EncryptedContentService ¶
type EncryptedContentService interface {
Encrypt(passphrase *passphrase.Passphrase, content *content.Content) (*content.EncryptedContent, error)
Decrypt(passphrase *passphrase.Passphrase, encryptedContent *content.EncryptedContent) (*content.Content, error)
Serialize(encryptedContent *content.EncryptedContent) ([]byte, error)
Deserialize(encoded []byte) (*content.EncryptedContent, error)
}
type EncryptedPassphraseService ¶
type EncryptedPassphraseService interface {
Serialize(encryptedPassphrase *passphrase.EncryptedPassphrase) ([]byte, error)
Encrypt(
publicKey *stdRsa.PublicKey,
passphrase *passphrase.Passphrase,
) (*passphrase.EncryptedPassphrase, error)
Deserialize(encoded []byte) (*passphrase.EncryptedPassphrase, error)
Decrypt(
privateKey *stdRsa.PrivateKey,
encryptedPassphrase *passphrase.EncryptedPassphrase,
) (*passphrase.Passphrase, error)
GeneratePassphrase(length int) (*passphrase.Passphrase, error)
}
type EncryptedPayloadService ¶
type EncryptedPayloadService interface {
Encrypt(publicKey *stdRsa.PublicKey, payload *payload.Payload) (*payload.EncryptedPayload, error)
Decrypt(privateKey *stdRsa.PrivateKey, encryptedPayload *payload.EncryptedPayload) (*payload.Payload, error)
Serialize(encryptedPayload *payload.EncryptedPayload) ([]byte, error)
Deserialize(encodedContent []byte) (*payload.EncryptedPayload, error)
}
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
func NewTerraformEncryptionMigrationService ¶
func NewTerraformEncryptionMigrationService(terraformSvc terraformService) *Service
func (*Service) ConvertIniContentToLegacyTerraformContent ¶
func (*Service) ConvertIniContentToV1TerraformContent ¶
func (*Service) MigrateEncryptedTerraformResourceHcl ¶
func (s *Service) MigrateEncryptedTerraformResourceHcl( hclParser hcl.Parser, hclBytes []byte, privKey *stdRsa.PrivateKey, pubKey *stdRsa.PublicKey, legacyEncryptedContentSvc EncryptedContentService, encryptedPassphraseSvc EncryptedPassphraseService, encryptedPayloadSvc EncryptedPayloadService, ) (*ast.File, error)
MigrateEncryptedTerraformResourceHcl parses and migrates a HCL terraform file with `vault_encrypted_secret` terraform resources encrypted that were using `legacy encrypt` cmd. It decrypts, encrypts and replaces existing terraform `vaulted`. It does not lose/modify resources that are not `vault_encrypted_secret`.
func (*Service) RotateOrRekeyEncryptedTerraformResourceHcl ¶
func (s *Service) RotateOrRekeyEncryptedTerraformResourceHcl( hclParser hcl.Parser, hclBytes []byte, privKey *stdRsa.PrivateKey, pubKey *stdRsa.PublicKey, encryptedPassphraseSvc EncryptedPassphraseService, encryptedPayloadSvc EncryptedPayloadService, ) (*ast.File, error)
RotateOrRekeyEncryptedTerraformResourceHcl parses and rotates a HCL terraform file with `vault_encrypted_secret` terraform resources encrypted that were using `encrypt` cmd. It decrypts, encrypts and replaces existing terraform `vaulted`. It does not lose/modify resources that are not `vault_encrypted_secret`.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.