Documentation ¶
Overview ¶
Example (HttpsServer) ¶
// https server using azure keyvault vaultBaseURL := "https://<xxxx>.vault.azure.net/" keyName := "<key>" // config using client access key credential, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { panic(err) } keyClient, err := azkeys.NewClient(vaultBaseURL, credential, nil) if err != nil { panic(err) } certClient, err := azcertificates.NewClient(vaultBaseURL, credential, nil) if err != nil { panic(err) } kv, err := azkeyvault.NewSigner(keyClient, keyName, "") if err != nil { panic(err) } l, err := net.Listen("tcp", ":9000") if err != nil { log.Fatal(err) } r, err := certClient.GetCertificate(context.Background(), keyName, "", nil) if err != nil { log.Fatal(err) } cert, err := x509.ParseCertificate(r.CER) if err != nil { log.Fatal(err) } tlsconf := &tls.Config{ Certificates: []tls.Certificate{{ Certificate: [][]byte{cert.Raw}, PrivateKey: kv, }}, } netln := tls.NewListener(l, tlsconf) http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { fmt.Fprintf(w, "hello\n") }) panic(http.Serve(netln, nil))
Output:
Example (SshClient) ¶
// config using client access key vaultBaseURL := "https://<xxxx>.vault.azure.net/" keyName := "<key>" credential, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { panic(err) } keyClient, err := azkeys.NewClient(vaultBaseURL, credential, nil) if err != nil { panic(err) } kv, err := azkeyvault.NewSigner(keyClient, keyName, "") if err != nil { panic(err) } signer, err := ssh.NewSignerFromSigner(kv) if err != nil { panic(err) } fmt.Printf(`echo "%s" >> /root/.ssh/authorized_keys`, strings.Trim(string(ssh.MarshalAuthorizedKey(signer.PublicKey())), "\n")) fmt.Println() client, err := ssh.Dial("tcp", "127.0.0.1:22", &ssh.ClientConfig{ User: "root", Auth: []ssh.AuthMethod{ ssh.PublicKeys(signer), }, HostKeyCallback: ssh.InsecureIgnoreHostKey(), }) if err != nil { log.Fatal("Failed to dial: ", err) } defer client.Close() // Each ClientConn can support multiple interactive sessions, // represented by a Session. session, err := client.NewSession() if err != nil { log.Fatal("Failed to create session: ", err) } defer session.Close() // Once a Session is created, you can execute a single command on // the remote side using the Run method. var b bytes.Buffer session.Stdout = &b if err := session.Run("/usr/bin/whoami"); err != nil { log.Fatal("Failed to run: " + err.Error()) } fmt.Println(b.String())
Output:
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // ErrUnsupportedHash is returned by Signer.Sign() when the provided hash // algorithm isn't supported. ErrUnsupportedHash = fmt.Errorf("unsupported hash algorithm") )
Functions ¶
func NewDecrypter ¶
Types ¶
type DecrypterOpts ¶
type DecrypterOpts struct { Algorithm azkeys.JSONWebKeyEncryptionAlgorithm Context context.Context }
type SignerOpts ¶
type SignerOpts struct { Algorithm azkeys.JSONWebKeySignatureAlgorithm Context context.Context }
func (*SignerOpts) HashFunc ¶
func (o *SignerOpts) HashFunc() crypto.Hash
Click to show internal directories.
Click to hide internal directories.