Documentation ¶
Index ¶
- Constants
- func CryptoKeyVersionsFor(ctx context.Context, client *kms.KeyManagementClient, parentKeys []string) ([]string, error)
- func GetPrimary(ctx context.Context, kms *kms.KeyManagementClient, key string) (string, error)
- func PublicKeysFor(ctx context.Context, client *kms.KeyManagementClient, keyVersions []string) (map[string]crypto.PublicKey, error)
- func SetPrimary(ctx context.Context, kms *kms.KeyManagementClient, key, versionName string) error
- type Action
- type CertificateActionService
- type JWKSet
- type KeyServer
- type RotationHandler
Constants ¶
const ( PrimaryKey = "primary" PrimaryLabelPrefix = "ver_" )
Variables ¶
This section is empty.
Functions ¶
func CryptoKeyVersionsFor ¶ added in v0.0.2
func CryptoKeyVersionsFor(ctx context.Context, client *kms.KeyManagementClient, parentKeys []string) ([]string, error)
CryptoKeyVersionsFor returns the list of cryptoKeyVersions for all the given parent keys.
func GetPrimary ¶ added in v0.0.2
GetPrimary gets the key version name marked as primary in the key labels.
func PublicKeysFor ¶ added in v0.0.2
func PublicKeysFor(ctx context.Context, client *kms.KeyManagementClient, keyVersions []string) (map[string]crypto.PublicKey, error)
PublicKeysFor returns a map of a Cloud KMS key version name to the public key PEM for that key version for all the parent keys. It only returns keys that are enabled.
func SetPrimary ¶
SetPrimary sets the key version name as primary in the key labels. 'Primary' field will be omitted for keys with purpose other than ENCRYPT_DECRYPT(https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys). Therefore, use `Labels` filed to set the primary key version name with format `ver_[CRYPTO_KEY_Version_ID]`. For example, "ver_1".
Types ¶
type Action ¶
type Action int8
const ( ActionCreateNew Action = iota // New version should be created. Will be marked as new in StateStore (SS). ActionCreateNewAndPromote // New version should be created. Will be marked as primary in SS. ActionPromote // Mark version as primary in SS. ActionDisable // Disable version. Will be removed from SS. ActionDestroy // Destroy version. )
type CertificateActionService ¶
type CertificateActionService struct { jvspb.CertificateActionServiceServer Handler *RotationHandler KMSClient *kms.KeyManagementClient }
CertificateActionService allows for performing manual actions on certificate versions.
func (*CertificateActionService) CertificateAction ¶
func (p *CertificateActionService) CertificateAction(ctx context.Context, request *jvspb.CertificateActionRequest) (*jvspb.CertificateActionResponse, error)
CertificateAction implements the certificate action API which performs manual actions on cert versions. this wraps certificateAction and adds a blank response.
type JWKSet ¶ added in v0.0.2
JWKSet represents a set of JWK keys. The lestrrat-go/jwx/v2/jwk library has a jwk.Set, but it sorts keys by the key material, but we want to maintain our own, deterministic sort order. The jwk.Set is also an interface that is somewhat difficult to work with.
type KeyServer ¶
type KeyServer struct {
// contains filtered or unexported fields
}
KeyServer provides all valid and active public keys in a JWKS format.
func NewKeyServer ¶ added in v0.0.4
func NewKeyServer(ctx context.Context, kmsClient *kms.KeyManagementClient, cfg *config.PublicKeyConfig, h *renderer.Renderer) *KeyServer
NewKeyServer creates a new server. See KeyServer for more information.
type RotationHandler ¶
type RotationHandler struct {
// contains filtered or unexported fields
}
RotationHandler handles all necessary rotation actions for asymmetric keys based off a provided configuration.
func NewRotationHandler ¶ added in v0.0.4
func NewRotationHandler(ctx context.Context, kmsClient *kms.KeyManagementClient, cfg *config.CertRotationConfig) *RotationHandler
NewRotationHandler creates a handler for rotating keys.
func (*RotationHandler) RotateKey ¶
func (h *RotationHandler) RotateKey(ctx context.Context, key string) error
RotateKey is called to determine and perform rotation actions on versions for a key. key is the full resource name: `projects/*/locations/*/keyRings/*/cryptoKeys/*` https://pkg.golang.ir/google.golang.org/genproto/googleapis/cloud/kms/v1#CryptoKey
func (*RotationHandler) RotateKeys ¶ added in v0.0.4
func (h *RotationHandler) RotateKeys(ctx context.Context) (merr error)
RotateKeys rotates all keys.