a08ccbffa7
* Port awskms autoseal * Rename files * WIP autoseal * Fix protobuf conflict * Expose some structs to properly allow encrypting stored keys * Update awskms with the latest changes * Add KeyGuard implementation to abstract encryption/decryption of keys * Fully decouple seal.Access implementations from sealwrap structs * Add extra line to proto files, comment update * Update seal_access_entry.go * govendor sync * Add endpoint info to configureAWSKMSSeal * Update comment * Refactor structs * Update make proto * Remove remove KeyGuard, move encrypt/decrypt to autoSeal * Add rest of seals, update VerifyRecoveryKeys, add deps * Fix some merge conflicts via govendor updates * Rename SealWrapEntry to EncryptedBlobInfo * Remove barrier type upgrade check in oss * Add key to EncryptedBlobInfo proto * Update barrierTypeUpgradeCheck signature
39 lines
1 KiB
Protocol Buffer
39 lines
1 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
option go_package = "github.com/hashicorp/vault/physical";
|
|
|
|
package physical;
|
|
|
|
message EncryptedBlobInfo {
|
|
bytes ciphertext = 1;
|
|
bytes iv = 2;
|
|
bytes hmac = 3;
|
|
bool wrapped = 4;
|
|
SealKeyInfo key_info = 5;
|
|
|
|
// Key is the Key value for the entry that corresponds to
|
|
// physical.Entry.Key's value
|
|
string key = 6;
|
|
}
|
|
|
|
// SealKeyInfo contains information regarding the seal used to encrypt the entry.
|
|
message SealKeyInfo {
|
|
// Mechanism is the method used by the seal to encrypt and sign the
|
|
// data as defined by the seal.
|
|
uint64 Mechanism = 1;
|
|
uint64 HMACMechanism = 2;
|
|
|
|
// This is an opaque ID used by the seal to identify the specific
|
|
// key to use as defined by the seal. This could be a version, key
|
|
// label, or something else.
|
|
string KeyID = 3;
|
|
string HMACKeyID = 4;
|
|
|
|
// These value are used when generating our own data encryption keys
|
|
// and encrypting them using the autoseal
|
|
bytes WrappedKey = 5;
|
|
|
|
// Mechanism specific flags
|
|
uint64 Flags = 6;
|
|
}
|