Documentation
¶
Overview ¶
Package envelope transforms values for storage at rest using a Envelope provider
Package envelope transforms values for storage at rest using a Envelope provider
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewEnvelopeTransformer ¶
func NewEnvelopeTransformer(envelopeService Service, cacheSize int, baseTransformerFunc func(cipher.Block) value.Transformer) value.Transformer
NewEnvelopeTransformer returns a transformer which implements a KEK-DEK based envelope encryption scheme. It uses envelopeService to encrypt and decrypt DEKs. Respective DEKs (in encrypted form) are prepended to the data items they encrypt. A cache (of size cacheSize) is maintained to store the most recently used decrypted DEKs in memory.
Types ¶
type Service ¶
type Service interface {
// Decrypt a given bytearray to obtain the original data as bytes.
Decrypt(data []byte) ([]byte, error)
// Encrypt bytes to a ciphertext.
Encrypt(data []byte) ([]byte, error)
}
Service allows encrypting and decrypting data using an external Key Management Service.
func NewGRPCService ¶
func NewGRPCService(ctx context.Context, endpoint string, callTimeout time.Duration) (Service, error)
NewGRPCService returns an envelope.Service which use gRPC to communicate the remote KMS provider.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package kmsv2 transforms values for storage at rest using a Envelope v2 provider
|
Package kmsv2 transforms values for storage at rest using a Envelope v2 provider |
|
v2alpha1
Package v2alpha1 contains definition of kms-plugin's serialized types.
|
Package v2alpha1 contains definition of kms-plugin's serialized types. |
|
testing
|
|
Click to show internal directories.
Click to hide internal directories.