package kmsv2
import "k8s.io/apiserver/pkg/storage/value/encrypt/envelope/kmsv2"
Package kmsv2 transforms values for storage at rest using a Envelope v2 provider
Package kmsv2 transforms values for storage at rest using a Envelope v2 provider
Package kmsv2 transforms values for storage at rest using a Envelope provider
Index ¶
- Constants
- func NewEnvelopeTransformer(envelopeService kmsservice.Service, keyIDGetter KeyIDGetterFunc, baseTransformerFunc func(cipher.Block) value.Transformer) value.Transformer
- func NewGRPCService(ctx context.Context, endpoint, providerName string, callTimeout time.Duration) (kmsservice.Service, error)
- func ValidateKeyID(keyID string) error
- type KeyIDGetterFunc
Constants ¶
const ( // KMSAPIVersion is the version of the KMS API. KMSAPIVersion = "v2alpha1" )
Functions ¶
func NewEnvelopeTransformer ¶
func NewEnvelopeTransformer(envelopeService kmsservice.Service, keyIDGetter KeyIDGetterFunc, baseTransformerFunc func(cipher.Block) value.Transformer) value.Transformer
NewEnvelopeTransformer returns a transformer which implements a KEK-DEK based envelope encryption scheme. It uses envelopeService to encrypt and decrypt DEKs. Respective DEKs (in encrypted form) are prepended to the data items they encrypt.
func NewGRPCService ¶
func NewGRPCService(ctx context.Context, endpoint, providerName string, callTimeout time.Duration) (kmsservice.Service, error)
NewGRPCService returns an envelope.Service which use gRPC to communicate the remote KMS provider.
func ValidateKeyID ¶
ValidateKeyID tests the following: 1. The keyID is not empty. 2. The size of keyID is less than 1 kB.
Types ¶
type KeyIDGetterFunc ¶
Source Files ¶
cache.go envelope.go grpc_service.go
Directories ¶
| Path | Synopsis |
|---|---|
| pkg/storage/value/encrypt/envelope/kmsv2/v2alpha1 | Package v2alpha1 contains definition of kms-plugin's serialized types. |
- Version
- v0.27.0-alpha.2
- Published
- Feb 15, 2023
- Platform
- js/wasm
- Imports
- 28 packages
- Last checked
- 43 minutes ago –
Tools for package owners.