2018-09-18 03:03:00 +00:00
|
|
|
package seal
|
|
|
|
|
2018-10-19 21:43:57 +00:00
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
|
2019-04-12 21:54:35 +00:00
|
|
|
"github.com/hashicorp/vault/sdk/physical"
|
2018-10-19 21:43:57 +00:00
|
|
|
)
|
|
|
|
|
2018-09-18 03:03:00 +00:00
|
|
|
const (
|
|
|
|
Shamir = "shamir"
|
|
|
|
PKCS11 = "pkcs11"
|
2018-10-19 21:43:57 +00:00
|
|
|
AliCloudKMS = "alicloudkms"
|
2018-09-18 03:03:00 +00:00
|
|
|
AWSKMS = "awskms"
|
|
|
|
GCPCKMS = "gcpckms"
|
|
|
|
AzureKeyVault = "azurekeyvault"
|
2019-09-04 19:40:54 +00:00
|
|
|
OCIKMS = "ocikms"
|
2019-02-28 21:13:56 +00:00
|
|
|
Transit = "transit"
|
2018-09-18 03:03:00 +00:00
|
|
|
Test = "test-auto"
|
2018-11-06 17:42:03 +00:00
|
|
|
|
|
|
|
// HSMAutoDeprecated is a deprecated seal type prior to 0.9.0.
|
|
|
|
// It is still referenced in certain code paths for upgrade purporses
|
|
|
|
HSMAutoDeprecated = "hsm-auto"
|
2018-09-18 03:03:00 +00:00
|
|
|
)
|
2018-10-19 21:43:57 +00:00
|
|
|
|
2019-10-18 18:46:00 +00:00
|
|
|
type Encryptor interface {
|
|
|
|
Encrypt(context.Context, []byte) (*physical.EncryptedBlobInfo, error)
|
|
|
|
Decrypt(context.Context, *physical.EncryptedBlobInfo) ([]byte, error)
|
|
|
|
}
|
|
|
|
|
2019-10-17 17:33:00 +00:00
|
|
|
// Access is the embedded implementation of autoSeal that contains logic
|
2018-10-19 21:43:57 +00:00
|
|
|
// specific to encrypting and decrypting data, or in this case keys.
|
|
|
|
type Access interface {
|
|
|
|
SealType() string
|
|
|
|
KeyID() string
|
|
|
|
|
|
|
|
Init(context.Context) error
|
|
|
|
Finalize(context.Context) error
|
|
|
|
|
2019-10-18 18:46:00 +00:00
|
|
|
Encryptor
|
2018-10-19 21:43:57 +00:00
|
|
|
}
|