package awskms

go – github.com/google/tink/go/integration/awskms Index | Files

package awskms

import "github.com/google/tink/go/integration/awskms"

Package awskms provides integration with the AWS Cloud KMS.

Index ¶

func NewClient(uriPrefix string) (registry.KMSClient, error)
func NewClientWithCredentials(uriPrefix string, credentialPath string) (registry.KMSClient, error)
func NewClientWithKMS(uriPrefix string, kms kmsiface.KMSAPI) (registry.KMSClient, error)
type AWSAEAD

func (a *AWSAEAD) Decrypt(ciphertext, associatedData []byte) ([]byte, error)
func (a *AWSAEAD) Encrypt(plaintext, associatedData []byte) ([]byte, error)

Functions ¶

func NewClient ¶

func NewClient(uriPrefix string) (registry.KMSClient, error)

NewClient returns a new AWS KMS client which will use default credentials to handle keys with uriPrefix prefix. uriPrefix must have the following format: 'aws-kms://arn:<partition>:kms:<region>:[:path]'. See http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html.

func NewClientWithCredentials ¶

func NewClientWithCredentials(uriPrefix string, credentialPath string) (registry.KMSClient, error)

NewClientWithCredentials returns a new AWS KMS client which will use given credentials to handle keys with uriPrefix prefix. uriPrefix must have the following format: 'aws-kms://arn:<partition>:kms:<region>:[:path]'. See http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html.

func NewClientWithKMS ¶

func NewClientWithKMS(uriPrefix string, kms kmsiface.KMSAPI) (registry.KMSClient, error)

NewClientWithKMS returns a new AWS KMS client with user created KMS client. Client is responsible for keeping the region consistency between key URI and KMS client. uriPrefix must have the following format: 'aws-kms://arn:<partition>:kms:<region>:[:path]'. See http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html.

Types ¶

type AWSAEAD ¶

type AWSAEAD struct {
	// contains filtered or unexported fields
}

AWSAEAD represents a AWS KMS service to a particular URI.

func (*AWSAEAD) Decrypt ¶

func (a *AWSAEAD) Decrypt(ciphertext, associatedData []byte) ([]byte, error)

Decrypt AEAD decrypts the data and verified the associated data.

Returns an error if the KeyId field in the response does not match the KeyURI provided when creating the client. If we don't do this, the possibility exists for the ciphertext to be replaced by one under a key we don't control/expect, but do have decrypt permissions on.

This check is disabled if AWSAEAD.keyURI is not in key ARN format.

See https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id.

func (*AWSAEAD) Encrypt ¶

func (a *AWSAEAD) Encrypt(plaintext, associatedData []byte) ([]byte, error)

Encrypt encrypts the plaintext with associatedData.

Source Files ¶

aws_kms_aead.go aws_kms_client.go

Version: v1.7.0 (latest)
Published: Aug 10, 2022
Platform: linux/amd64
Imports: 14 packages
Last checked: 3 months ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples

package awskms

Index ¶

Functions ¶

func NewClient ¶

func NewClientWithCredentials ¶

func NewClientWithKMS ¶

Types ¶

type AWSAEAD ¶

func (*AWSAEAD) Decrypt ¶

func (*AWSAEAD) Encrypt ¶

Source Files ¶

Jump to identifier

Keyboard shortcuts