package kms
import "github.com/sigstore/sigstore/pkg/signature/kms"
Package kms contains utilities related to third-party KMS providers.
Package kms implements the interface to access various ksm services
Index ¶
- func AddProvider(keyResourceID string, init ProviderInit)
- func SupportedProviders() []string
- type ProviderInit
- type ProviderNotFoundError
- type SignerVerifier
Functions ¶
func AddProvider ¶
func AddProvider(keyResourceID string, init ProviderInit)
AddProvider adds the provider implementation into the local cache
func SupportedProviders ¶
func SupportedProviders() []string
SupportedProviders returns list of initialized providers
Types ¶
type ProviderInit ¶
type ProviderInit func(context.Context, string, crypto.Hash, ...signature.RPCOption) (SignerVerifier, error)
ProviderInit is a function that initializes provider-specific SignerVerifier.
It takes a provider-specific resource ID and hash function, and returns a SignerVerifier using that resource, or any error that was encountered.
type ProviderNotFoundError ¶
type ProviderNotFoundError struct {
// contains filtered or unexported fields
}
ProviderNotFoundError indicates that no matching KMS provider was found
func (*ProviderNotFoundError) Error ¶
func (e *ProviderNotFoundError) Error() string
type SignerVerifier ¶
type SignerVerifier interface {
signature.SignerVerifier
CreateKey(ctx context.Context, algorithm string) (crypto.PublicKey, error)
CryptoSigner(ctx context.Context, errFunc func(error)) (crypto.Signer, crypto.SignerOpts, error)
SupportedAlgorithms() []string
DefaultAlgorithm() string
}
SignerVerifier creates and verifies digital signatures over a message using a KMS service
func Get ¶
func Get(ctx context.Context, keyResourceID string, hashFunc crypto.Hash, opts ...signature.RPCOption) (SignerVerifier, error)
Get returns a KMS SignerVerifier for the given resource string and hash function. If no matching built-in provider is found, it will try to use the plugin system as a provider. It returns a ProviderNotFoundError in these situations: - keyResourceID doesn't match any of our hard-coded providers' schemas, - the plugin name and key ref cannot be parsed from the input keyResourceID, - the plugin program, can't be found. It also returns an error if initializing the SignerVerifier fails.
Source Files ¶
Directories ¶
| Path | Synopsis |
|---|---|
| pkg/signature/kms/cliplugin | Package cliplugin implements the plugin functionality. |
| pkg/signature/kms/cliplugin/common | Package common defines the JSON schema for plugin arguments and return values. |
| pkg/signature/kms/cliplugin/encoding | Package encoding has helper functions for encoding and decoding some method arguments and return values. |
| pkg/signature/kms/cliplugin/handler | Package handler implements helper functions for plugins written in go. |
| pkg/signature/kms/cliplugin/internal | |
| pkg/signature/kms/fake | Package fake contains utilities to help test KMS providers. |
- Version
- v1.9.5 (latest)
- Published
- Jun 9, 2025
- Platform
- linux/amd64
- Imports
- 9 packages
- Last checked
- 10 months ago –
Tools for package owners.