[go: up one dir, main page]

keyservice

package
v3.10.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 14, 2025 License: MPL-2.0 Imports: 17 Imported by: 16

Documentation

Overview

Package keyservice implements a gRPC API that can be used by SOPS to encrypt and decrypt the data key using remote master keys.

Index

Constants

View Source 
const (
	KeyService_Encrypt_FullMethodName = "/KeyService/Encrypt"
	KeyService_Decrypt_FullMethodName = "/KeyService/Decrypt"
)

Variables

View Source 
var File_keyservice_keyservice_proto protoreflect.FileDescriptor
View Source 
var KeyService_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "KeyService",
	HandlerType: (*KeyServiceServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "Encrypt",
			Handler:    _KeyService_Encrypt_Handler,
		},
		{
			MethodName: "Decrypt",
			Handler:    _KeyService_Decrypt_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "keyservice/keyservice.proto",
}

KeyService_ServiceDesc is the grpc.ServiceDesc for KeyService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

Functions

func RegisterKeyServiceServer 

func RegisterKeyServiceServer(s grpc.ServiceRegistrar, srv KeyServiceServer)

Types

type AgeKey 

type AgeKey struct {
	Recipient string `protobuf:"bytes,1,opt,name=recipient,proto3" json:"recipient,omitempty"`
	// contains filtered or unexported fields
}

func (*AgeKey) Descriptor deprecated 

func (*AgeKey) Descriptor() ([]byte, []int)

Deprecated: Use AgeKey.ProtoReflect.Descriptor instead.

func (*AgeKey) GetRecipient 

func (x *AgeKey) GetRecipient() string

func (*AgeKey) ProtoMessage 

func (*AgeKey) ProtoMessage()

func (*AgeKey) ProtoReflect 

func (x *AgeKey) ProtoReflect() protoreflect.Message

func (*AgeKey) Reset 

func (x *AgeKey) Reset()

func (*AgeKey) String 

func (x *AgeKey) String() string

type AzureKeyVaultKey 

type AzureKeyVaultKey struct {
	VaultUrl string `protobuf:"bytes,1,opt,name=vault_url,json=vaultUrl,proto3" json:"vault_url,omitempty"`
	Name     string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
	Version  string `protobuf:"bytes,3,opt,name=version,proto3" json:"version,omitempty"`
	// contains filtered or unexported fields
}

func (*AzureKeyVaultKey) Descriptor deprecated 

func (*AzureKeyVaultKey) Descriptor() ([]byte, []int)

Deprecated: Use AzureKeyVaultKey.ProtoReflect.Descriptor instead.

func (*AzureKeyVaultKey) GetName 

func (x *AzureKeyVaultKey) GetName() string

func (*AzureKeyVaultKey) GetVaultUrl 

func (x *AzureKeyVaultKey) GetVaultUrl() string

func (*AzureKeyVaultKey) GetVersion 

func (x *AzureKeyVaultKey) GetVersion() string

func (*AzureKeyVaultKey) ProtoMessage 

func (*AzureKeyVaultKey) ProtoMessage()

func (*AzureKeyVaultKey) ProtoReflect 

func (x *AzureKeyVaultKey) ProtoReflect() protoreflect.Message

func (*AzureKeyVaultKey) Reset 

func (x *AzureKeyVaultKey) Reset()

func (*AzureKeyVaultKey) String 

func (x *AzureKeyVaultKey) String() string

type DecryptRequest 

type DecryptRequest struct {
	Key        *Key   `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
	Ciphertext []byte `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
	// contains filtered or unexported fields
}

func (*DecryptRequest) Descriptor deprecated 

func (*DecryptRequest) Descriptor() ([]byte, []int)

Deprecated: Use DecryptRequest.ProtoReflect.Descriptor instead.

func (*DecryptRequest) GetCiphertext 

func (x *DecryptRequest) GetCiphertext() []byte

func (*DecryptRequest) GetKey 

func (x *DecryptRequest) GetKey() *Key

func (*DecryptRequest) ProtoMessage 

func (*DecryptRequest) ProtoMessage()

func (*DecryptRequest) ProtoReflect 

func (x *DecryptRequest) ProtoReflect() protoreflect.Message

func (*DecryptRequest) Reset 

func (x *DecryptRequest) Reset()

func (*DecryptRequest) String 

func (x *DecryptRequest) String() string

type DecryptResponse 

type DecryptResponse struct {
	Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"`
	// contains filtered or unexported fields
}

func (*DecryptResponse) Descriptor deprecated 

func (*DecryptResponse) Descriptor() ([]byte, []int)

Deprecated: Use DecryptResponse.ProtoReflect.Descriptor instead.

func (*DecryptResponse) GetPlaintext 

func (x *DecryptResponse) GetPlaintext() []byte

func (*DecryptResponse) ProtoMessage 

func (*DecryptResponse) ProtoMessage()

func (*DecryptResponse) ProtoReflect 

func (x *DecryptResponse) ProtoReflect() protoreflect.Message

func (*DecryptResponse) Reset 

func (x *DecryptResponse) Reset()

func (*DecryptResponse) String 

func (x *DecryptResponse) String() string

type EncryptRequest 

type EncryptRequest struct {
	Key       *Key   `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
	Plaintext []byte `protobuf:"bytes,2,opt,name=plaintext,proto3" json:"plaintext,omitempty"`
	// contains filtered or unexported fields
}

func (*EncryptRequest) Descriptor deprecated 

func (*EncryptRequest) Descriptor() ([]byte, []int)

Deprecated: Use EncryptRequest.ProtoReflect.Descriptor instead.

func (*EncryptRequest) GetKey 

func (x *EncryptRequest) GetKey() *Key

func (*EncryptRequest) GetPlaintext 

func (x *EncryptRequest) GetPlaintext() []byte

func (*EncryptRequest) ProtoMessage 

func (*EncryptRequest) ProtoMessage()

func (*EncryptRequest) ProtoReflect 

func (x *EncryptRequest) ProtoReflect() protoreflect.Message

func (*EncryptRequest) Reset 

func (x *EncryptRequest) Reset()

func (*EncryptRequest) String 

func (x *EncryptRequest) String() string

type EncryptResponse 

type EncryptResponse struct {
	Ciphertext []byte `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
	// contains filtered or unexported fields
}

func (*EncryptResponse) Descriptor deprecated 

func (*EncryptResponse) Descriptor() ([]byte, []int)

Deprecated: Use EncryptResponse.ProtoReflect.Descriptor instead.

func (*EncryptResponse) GetCiphertext 

func (x *EncryptResponse) GetCiphertext() []byte

func (*EncryptResponse) ProtoMessage 

func (*EncryptResponse) ProtoMessage()

func (*EncryptResponse) ProtoReflect 

func (x *EncryptResponse) ProtoReflect() protoreflect.Message

func (*EncryptResponse) Reset 

func (x *EncryptResponse) Reset()

func (*EncryptResponse) String 

func (x *EncryptResponse) String() string

type GcpKmsKey 

type GcpKmsKey struct {
	ResourceId string `protobuf:"bytes,1,opt,name=resource_id,json=resourceId,proto3" json:"resource_id,omitempty"`
	// contains filtered or unexported fields
}

func (*GcpKmsKey) Descriptor deprecated 

func (*GcpKmsKey) Descriptor() ([]byte, []int)

Deprecated: Use GcpKmsKey.ProtoReflect.Descriptor instead.

func (*GcpKmsKey) GetResourceId 

func (x *GcpKmsKey) GetResourceId() string

func (*GcpKmsKey) ProtoMessage 

func (*GcpKmsKey) ProtoMessage()

func (*GcpKmsKey) ProtoReflect 

func (x *GcpKmsKey) ProtoReflect() protoreflect.Message

func (*GcpKmsKey) Reset 

func (x *GcpKmsKey) Reset()

func (*GcpKmsKey) String 

func (x *GcpKmsKey) String() string

type Key 

type Key struct {

	// Types that are assignable to KeyType:
	//
	//	*Key_KmsKey
	//	*Key_PgpKey
	//	*Key_GcpKmsKey
	//	*Key_AzureKeyvaultKey
	//	*Key_VaultKey
	//	*Key_AgeKey
	KeyType isKey_KeyType `protobuf_oneof:"key_type"`
	// contains filtered or unexported fields
}

func KeyFromMasterKey 

func KeyFromMasterKey(mk keys.MasterKey) Key

KeyFromMasterKey converts a SOPS internal MasterKey to an RPC Key that can be serialized with Protocol Buffers

func (*Key) Descriptor deprecated 

func (*Key) Descriptor() ([]byte, []int)

Deprecated: Use Key.ProtoReflect.Descriptor instead.

func (*Key) GetAgeKey 

func (x *Key) GetAgeKey() *AgeKey

func (*Key) GetAzureKeyvaultKey 

func (x *Key) GetAzureKeyvaultKey() *AzureKeyVaultKey

func (*Key) GetGcpKmsKey 

func (x *Key) GetGcpKmsKey() *GcpKmsKey

func (*Key) GetKeyType 

func (m *Key) GetKeyType() isKey_KeyType

func (*Key) GetKmsKey 

func (x *Key) GetKmsKey() *KmsKey

func (*Key) GetPgpKey 

func (x *Key) GetPgpKey() *PgpKey

func (*Key) GetVaultKey 

func (x *Key) GetVaultKey() *VaultKey

func (*Key) ProtoMessage 

func (*Key) ProtoMessage()

func (*Key) ProtoReflect 

func (x *Key) ProtoReflect() protoreflect.Message

func (*Key) Reset 

func (x *Key) Reset()

func (*Key) String 

func (x *Key) String() string

type KeyServiceClient 

type KeyServiceClient interface {
	Encrypt(ctx context.Context, in *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error)
	Decrypt(ctx context.Context, in *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error)
}

KeyServiceClient is the client API for KeyService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewKeyServiceClient 

func NewKeyServiceClient(cc grpc.ClientConnInterface) KeyServiceClient

type KeyServiceServer 

type KeyServiceServer interface {
	Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error)
	Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error)
}

KeyServiceServer is the server API for KeyService service. All implementations should embed UnimplementedKeyServiceServer for forward compatibility.

type Key_AgeKey 

type Key_AgeKey struct {
	AgeKey *AgeKey `protobuf:"bytes,6,opt,name=age_key,json=ageKey,proto3,oneof"`
}

type Key_AzureKeyvaultKey 

type Key_AzureKeyvaultKey struct {
	AzureKeyvaultKey *AzureKeyVaultKey `protobuf:"bytes,4,opt,name=azure_keyvault_key,json=azureKeyvaultKey,proto3,oneof"`
}

type Key_GcpKmsKey 

type Key_GcpKmsKey struct {
	GcpKmsKey *GcpKmsKey `protobuf:"bytes,3,opt,name=gcp_kms_key,json=gcpKmsKey,proto3,oneof"`
}

type Key_KmsKey 

type Key_KmsKey struct {
	KmsKey *KmsKey `protobuf:"bytes,1,opt,name=kms_key,json=kmsKey,proto3,oneof"`
}

type Key_PgpKey 

type Key_PgpKey struct {
	PgpKey *PgpKey `protobuf:"bytes,2,opt,name=pgp_key,json=pgpKey,proto3,oneof"`
}

type Key_VaultKey 

type Key_VaultKey struct {
	VaultKey *VaultKey `protobuf:"bytes,5,opt,name=vault_key,json=vaultKey,proto3,oneof"`
}

type KmsKey 

type KmsKey struct {
	Arn        string            `protobuf:"bytes,1,opt,name=arn,proto3" json:"arn,omitempty"`
	Role       string            `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"`
	Context    map[string]string `` /* 155-byte string literal not displayed */
	AwsProfile string            `protobuf:"bytes,4,opt,name=aws_profile,json=awsProfile,proto3" json:"aws_profile,omitempty"`
	// contains filtered or unexported fields
}

func (*KmsKey) Descriptor deprecated 

func (*KmsKey) Descriptor() ([]byte, []int)

Deprecated: Use KmsKey.ProtoReflect.Descriptor instead.

func (*KmsKey) GetArn 

func (x *KmsKey) GetArn() string

func (*KmsKey) GetAwsProfile 

func (x *KmsKey) GetAwsProfile() string

func (*KmsKey) GetContext 

func (x *KmsKey) GetContext() map[string]string

func (*KmsKey) GetRole 

func (x *KmsKey) GetRole() string

func (*KmsKey) ProtoMessage 

func (*KmsKey) ProtoMessage()

func (*KmsKey) ProtoReflect 

func (x *KmsKey) ProtoReflect() protoreflect.Message

func (*KmsKey) Reset 

func (x *KmsKey) Reset()

func (*KmsKey) String 

func (x *KmsKey) String() string

type LocalClient 

type LocalClient struct {
	Server KeyServiceServer
}

LocalClient is a key service client that performs all operations locally

func NewCustomLocalClient 

func NewCustomLocalClient(server KeyServiceServer) LocalClient

NewCustomLocalClient creates a new local client with a non-default backing KeyServiceServer implementation

func NewLocalClient 

func NewLocalClient() LocalClient

NewLocalClient creates a new local client

func (LocalClient) Decrypt 

func (c LocalClient) Decrypt(ctx context.Context,
	req *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error)

Decrypt processes a decrypt request locally See keyservice/server.go for more details

func (LocalClient) Encrypt 

func (c LocalClient) Encrypt(ctx context.Context,
	req *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error)

Encrypt processes an encrypt request locally See keyservice/server.go for more details

type PgpKey 

type PgpKey struct {
	Fingerprint string `protobuf:"bytes,1,opt,name=fingerprint,proto3" json:"fingerprint,omitempty"`
	// contains filtered or unexported fields
}

func (*PgpKey) Descriptor deprecated 

func (*PgpKey) Descriptor() ([]byte, []int)

Deprecated: Use PgpKey.ProtoReflect.Descriptor instead.

func (*PgpKey) GetFingerprint 

func (x *PgpKey) GetFingerprint() string

func (*PgpKey) ProtoMessage 

func (*PgpKey) ProtoMessage()

func (*PgpKey) ProtoReflect 

func (x *PgpKey) ProtoReflect() protoreflect.Message

func (*PgpKey) Reset 

func (x *PgpKey) Reset()

func (*PgpKey) String 

func (x *PgpKey) String() string

type Server 

type Server struct {
	// Prompt indicates whether the server should prompt before decrypting or encrypting data
	Prompt bool
}

Server is a key service server that uses SOPS MasterKeys to fulfill requests

func (Server) Decrypt 

func (ks Server) Decrypt(ctx context.Context,
	req *DecryptRequest) (*DecryptResponse, error)

Decrypt takes a decrypt request and decrypts the provided ciphertext with the provided key, returning the decrypted result

func (Server) Encrypt 

func (ks Server) Encrypt(ctx context.Context,
	req *EncryptRequest) (*EncryptResponse, error)

Encrypt takes an encrypt request and encrypts the provided plaintext with the provided key, returning the encrypted result

type UnimplementedKeyServiceServer 

type UnimplementedKeyServiceServer struct{}

UnimplementedKeyServiceServer should be embedded to have forward compatible implementations.

NOTE: this should be embedded by value instead of pointer to avoid a nil pointer dereference when methods are called.

func (UnimplementedKeyServiceServer) Decrypt 

func (UnimplementedKeyServiceServer) Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error)

func (UnimplementedKeyServiceServer) Encrypt 

func (UnimplementedKeyServiceServer) Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error)

type UnsafeKeyServiceServer added in v3.9.2 

type UnsafeKeyServiceServer interface {
	// contains filtered or unexported methods
}

UnsafeKeyServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to KeyServiceServer will result in compilation errors.

type VaultKey 

type VaultKey struct {
	VaultAddress string `protobuf:"bytes,1,opt,name=vault_address,json=vaultAddress,proto3" json:"vault_address,omitempty"`
	EnginePath   string `protobuf:"bytes,2,opt,name=engine_path,json=enginePath,proto3" json:"engine_path,omitempty"`
	KeyName      string `protobuf:"bytes,3,opt,name=key_name,json=keyName,proto3" json:"key_name,omitempty"`
	// contains filtered or unexported fields
}

func (*VaultKey) Descriptor deprecated 

func (*VaultKey) Descriptor() ([]byte, []int)

Deprecated: Use VaultKey.ProtoReflect.Descriptor instead.

func (*VaultKey) GetEnginePath 

func (x *VaultKey) GetEnginePath() string

func (*VaultKey) GetKeyName 

func (x *VaultKey) GetKeyName() string

func (*VaultKey) GetVaultAddress 

func (x *VaultKey) GetVaultAddress() string

func (*VaultKey) ProtoMessage 

func (*VaultKey) ProtoMessage()

func (*VaultKey) ProtoReflect 

func (x *VaultKey) ProtoReflect() protoreflect.Message

func (*VaultKey) Reset 

func (x *VaultKey) Reset()

func (*VaultKey) String 

func (x *VaultKey) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.