open-vault/physical/types.proto
Calvin Leung Huang a08ccbffa7
[Review Only] Autoseal OSS port (#757)
* Port awskms autoseal

* Rename files

* WIP autoseal

* Fix protobuf conflict

* Expose some structs to properly allow encrypting stored keys

* Update awskms with the latest changes

* Add KeyGuard implementation to abstract encryption/decryption of keys

* Fully decouple seal.Access implementations from sealwrap structs

* Add extra line to proto files, comment update

* Update seal_access_entry.go

* govendor sync

* Add endpoint info to configureAWSKMSSeal

* Update comment

* Refactor structs

* Update make proto

* Remove remove KeyGuard, move encrypt/decrypt to autoSeal

* Add rest of seals, update VerifyRecoveryKeys, add deps

* Fix some merge conflicts via govendor updates

* Rename SealWrapEntry to EncryptedBlobInfo

* Remove barrier type upgrade check in oss

* Add key to EncryptedBlobInfo proto

* Update barrierTypeUpgradeCheck signature
2018-10-19 14:43:57 -07:00

39 lines
1 KiB
Protocol Buffer

syntax = "proto3";
option go_package = "github.com/hashicorp/vault/physical";
package physical;
message EncryptedBlobInfo {
bytes ciphertext = 1;
bytes iv = 2;
bytes hmac = 3;
bool wrapped = 4;
SealKeyInfo key_info = 5;
// Key is the Key value for the entry that corresponds to
// physical.Entry.Key's value
string key = 6;
}
// SealKeyInfo contains information regarding the seal used to encrypt the entry.
message SealKeyInfo {
// Mechanism is the method used by the seal to encrypt and sign the
// data as defined by the seal.
uint64 Mechanism = 1;
uint64 HMACMechanism = 2;
// This is an opaque ID used by the seal to identify the specific
// key to use as defined by the seal. This could be a version, key
// label, or something else.
string KeyID = 3;
string HMACKeyID = 4;
// These value are used when generating our own data encryption keys
// and encrypting them using the autoseal
bytes WrappedKey = 5;
// Mechanism specific flags
uint64 Flags = 6;
}