open-vault/vault/seal/seal.go

package seal

import (
	"context"

	"github.com/hashicorp/vault/sdk/physical"
)

const (
	Shamir        = "shamir"
	PKCS11        = "pkcs11"
	AliCloudKMS   = "alicloudkms"
	AWSKMS        = "awskms"
	GCPCKMS       = "gcpckms"
	AzureKeyVault = "azurekeyvault"
	OCIKMS        = "ocikms"
	Transit       = "transit"
	Test          = "test-auto"

	// HSMAutoDeprecated is a deprecated seal type prior to 0.9.0.
	// It is still referenced in certain code paths for upgrade purporses
	HSMAutoDeprecated = "hsm-auto"
)

// Access is the embedded implemention of autoSeal that contains logic
// specific to encrypting and decrypting data, or in this case keys.
type Access interface {
	SealType() string
	KeyID() string

	Init(context.Context) error
	Finalize(context.Context) error

	Encrypt(context.Context, []byte) (*physical.EncryptedBlobInfo, error)
	Decrypt(context.Context, *physical.EncryptedBlobInfo) ([]byte, error)
}
The big one (#5346) 2018-09-18 03:03:00 +00:00			`package seal`

[Review Only] Autoseal OSS port (#757) * Port awskms autoseal * Rename files * WIP autoseal * Fix protobuf conflict * Expose some structs to properly allow encrypting stored keys * Update awskms with the latest changes * Add KeyGuard implementation to abstract encryption/decryption of keys * Fully decouple seal.Access implementations from sealwrap structs * Add extra line to proto files, comment update * Update seal_access_entry.go * govendor sync * Add endpoint info to configureAWSKMSSeal * Update comment * Refactor structs * Update make proto * Remove remove KeyGuard, move encrypt/decrypt to autoSeal * Add rest of seals, update VerifyRecoveryKeys, add deps * Fix some merge conflicts via govendor updates * Rename SealWrapEntry to EncryptedBlobInfo * Remove barrier type upgrade check in oss * Add key to EncryptedBlobInfo proto * Update barrierTypeUpgradeCheck signature 2018-10-19 21:43:57 +00:00			`import (`
			`"context"`

Create sdk/ and api/ submodules (#6583) 2019-04-12 21:54:35 +00:00			`"github.com/hashicorp/vault/sdk/physical"`
[Review Only] Autoseal OSS port (#757) * Port awskms autoseal * Rename files * WIP autoseal * Fix protobuf conflict * Expose some structs to properly allow encrypting stored keys * Update awskms with the latest changes * Add KeyGuard implementation to abstract encryption/decryption of keys * Fully decouple seal.Access implementations from sealwrap structs * Add extra line to proto files, comment update * Update seal_access_entry.go * govendor sync * Add endpoint info to configureAWSKMSSeal * Update comment * Refactor structs * Update make proto * Remove remove KeyGuard, move encrypt/decrypt to autoSeal * Add rest of seals, update VerifyRecoveryKeys, add deps * Fix some merge conflicts via govendor updates * Rename SealWrapEntry to EncryptedBlobInfo * Remove barrier type upgrade check in oss * Add key to EncryptedBlobInfo proto * Update barrierTypeUpgradeCheck signature 2018-10-19 21:43:57 +00:00			`)`

The big one (#5346) 2018-09-18 03:03:00 +00:00			`const (`
			`Shamir = "shamir"`
			`PKCS11 = "pkcs11"`
[Review Only] Autoseal OSS port (#757) * Port awskms autoseal * Rename files * WIP autoseal * Fix protobuf conflict * Expose some structs to properly allow encrypting stored keys * Update awskms with the latest changes * Add KeyGuard implementation to abstract encryption/decryption of keys * Fully decouple seal.Access implementations from sealwrap structs * Add extra line to proto files, comment update * Update seal_access_entry.go * govendor sync * Add endpoint info to configureAWSKMSSeal * Update comment * Refactor structs * Update make proto * Remove remove KeyGuard, move encrypt/decrypt to autoSeal * Add rest of seals, update VerifyRecoveryKeys, add deps * Fix some merge conflicts via govendor updates * Rename SealWrapEntry to EncryptedBlobInfo * Remove barrier type upgrade check in oss * Add key to EncryptedBlobInfo proto * Update barrierTypeUpgradeCheck signature 2018-10-19 21:43:57 +00:00			`AliCloudKMS = "alicloudkms"`
The big one (#5346) 2018-09-18 03:03:00 +00:00			`AWSKMS = "awskms"`
			`GCPCKMS = "gcpckms"`
			`AzureKeyVault = "azurekeyvault"`
OCI KMS auto-unseal plugin (#6950) 2019-09-04 19:40:54 +00:00			`OCIKMS = "ocikms"`
Transit Autounseal (#5995) * Adding Transit Autoseal * adding tests * adding more tests * updating seal info * send a value to test and set current key id * updating message * cleanup * Adding tls config, addressing some feedback * adding tls testing * renaming config fields for tls 2019-02-28 21:13:56 +00:00			`Transit = "transit"`
The big one (#5346) 2018-09-18 03:03:00 +00:00			`Test = "test-auto"`
Add HSMAutoDeprecated for ent upgrade (#5704) 2018-11-06 17:42:03 +00:00
			`// HSMAutoDeprecated is a deprecated seal type prior to 0.9.0.`
			`// It is still referenced in certain code paths for upgrade purporses`
			`HSMAutoDeprecated = "hsm-auto"`
The big one (#5346) 2018-09-18 03:03:00 +00:00			`)`
[Review Only] Autoseal OSS port (#757) * Port awskms autoseal * Rename files * WIP autoseal * Fix protobuf conflict * Expose some structs to properly allow encrypting stored keys * Update awskms with the latest changes * Add KeyGuard implementation to abstract encryption/decryption of keys * Fully decouple seal.Access implementations from sealwrap structs * Add extra line to proto files, comment update * Update seal_access_entry.go * govendor sync * Add endpoint info to configureAWSKMSSeal * Update comment * Refactor structs * Update make proto * Remove remove KeyGuard, move encrypt/decrypt to autoSeal * Add rest of seals, update VerifyRecoveryKeys, add deps * Fix some merge conflicts via govendor updates * Rename SealWrapEntry to EncryptedBlobInfo * Remove barrier type upgrade check in oss * Add key to EncryptedBlobInfo proto * Update barrierTypeUpgradeCheck signature 2018-10-19 21:43:57 +00:00
			`// Access is the embedded implemention of autoSeal that contains logic`
			`// specific to encrypting and decrypting data, or in this case keys.`
			`type Access interface {`
			`SealType() string`
			`KeyID() string`

			`Init(context.Context) error`
			`Finalize(context.Context) error`

			`Encrypt(context.Context, []byte) (*physical.EncryptedBlobInfo, error)`
			`Decrypt(context.Context, *physical.EncryptedBlobInfo) ([]byte, error)`
			`}`