Documentation
¶
Index ¶
- type Config
- type DB
- func (db *DB) RotateKeys(ctx context.Context) error
- func (db *DB) Shutdown(ctx context.Context) error
- func (db *DB) Sign(p []byte) ([]byte, error)
- func (db *DB) SignJWT(c jwt.Claims) (string, error)
- func (db *DB) Verify(p []byte, signature []byte) (valid, oldKey bool)
- func (db *DB) VerifyJWT(s string, c jwt.Claims) (bool, error)
- type Keyring
- type Keys
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// Name is the unique identifier of this keyring.
Name string
// RotationDays is the number of days between automatic rotations. If zero, automatic rotation is disabled.
RotationDays int
// MaxOldKeys determines how many old keys (1-254) are kept for validation. This value, multiplied by RotationDays
// determines the minimum amount of time a signature remains valid.
MaxOldKeys int
// Keys specifies a set of keys to use for encrypting and decrypting the private key.
Keys Keys
}
Config allows specifying operational parameters of a keyring.
type DB ¶
type DB struct {
// contains filtered or unexported fields
}
DB implements a Keyring using postgres as the datastore.
func (*DB) RotateKeys ¶
RotateKeys will force a key rotation.
func (*DB) Shutdown ¶
Shutdown allows gracefully shutting down the keyring (e.g. auto rotations) after finishing any in-progress rotations.
type Keyring ¶
type Keyring interface {
RotateKeys(ctx context.Context) error
Sign(p []byte) ([]byte, error)
Verify(p []byte, signature []byte) (valid, oldKey bool)
SignJWT(jwt.Claims) (string, error)
VerifyJWT(string, jwt.Claims) (bool, error)
Shutdown(context.Context) error
}
A Keyring allows signing and verifying messages.
Source Files
Click to show internal directories.
Click to hide internal directories.