package envelope
import "k8s.io/apiserver/pkg/storage/value/encrypt/envelope"
Package envelope transforms values for storage at rest using a Envelope provider
Package envelope transforms values for storage at rest using a Envelope provider
Index ¶
- func NewEnvelopeTransformer(envelopeService Service, cacheSize int, baseTransformerFunc func(cipher.Block) value.Transformer) (value.Transformer, error)
- type Service
Functions ¶
func NewEnvelopeTransformer ¶
func NewEnvelopeTransformer(envelopeService Service, cacheSize int, baseTransformerFunc func(cipher.Block) value.Transformer) (value.Transformer, error)
NewEnvelopeTransformer returns a transformer which implements a KEK-DEK based envelope encryption scheme. It uses envelopeService to encrypt and decrypt DEKs. Respective DEKs (in encrypted form) are prepended to the data items they encrypt. A cache (of size cacheSize) is maintained to store the most recently used decrypted DEKs in memory.
Types ¶
type Service ¶
type Service interface {
// Decrypt a given bytearray to obtain the original data as bytes.
Decrypt(data []byte) ([]byte, error)
// Encrypt bytes to a ciphertext.
Encrypt(data []byte) ([]byte, error)
}
Service allows encrypting and decrypting data using an external Key Management Service.
func NewGRPCService ¶
NewGRPCService returns an envelope.Service which use gRPC to communicate the remote KMS provider.
Source Files ¶
envelope.go grpc_service.go metrics.go
Directories ¶
| Path | Synopsis |
|---|---|
| pkg/storage/value/encrypt/envelope/testing | |
| pkg/storage/value/encrypt/envelope/v1beta1 | Package v1beta1 contains definition of kms-plugin's gRPC service. |
- Version
- v0.24.4-rc.0
- Published
- Jul 13, 2022
- Platform
- js/wasm
- Imports
- 19 packages
- Last checked
- 18 minutes ago –
Tools for package owners.