MasterKey is a GCP KMS key used to encrypt and decrypt the SOPS data key.
| 56 | // MasterKey is a GCP KMS key used to encrypt and decrypt the SOPS |
| 57 | // data key. |
| 58 | type MasterKey struct { |
| 59 | // ResourceID is the resource id used to refer to the gcp kms key. |
| 60 | // It can be retrieved using the `gcloud` command. |
| 61 | ResourceID string |
| 62 | // EncryptedKey is the string returned after encrypting with GCP KMS. |
| 63 | EncryptedKey string |
| 64 | // CreationDate is the creation timestamp of the MasterKey. Used |
| 65 | // for NeedsRotation. |
| 66 | CreationDate time.Time |
| 67 | |
| 68 | // tokenSource contains the oauth2.TokenSource used by the GCP client. |
| 69 | // It can be injected by a (local) keyservice.KeyServiceServer using |
| 70 | // TokenSource.ApplyToMasterKey. |
| 71 | // If nil, the remaining authentication methods are attempted. |
| 72 | tokenSource oauth2.TokenSource |
| 73 | // credentialJSON is the Service Account credentials JSON used for |
| 74 | // authenticating towards the GCP KMS service. |
| 75 | credentialJSON []byte |
| 76 | // grpcConn can be used to inject a custom GCP client connection. |
| 77 | // Mostly useful for testing at present, to wire the client to a mock |
| 78 | // server. |
| 79 | grpcConn *grpc.ClientConn |
| 80 | // grpcDialOpts are the gRPC dial options used to create the gRPC connection. |
| 81 | grpcDialOpts []grpc.DialOption |
| 82 | // useRESTClient indicates whether to use the REST client for GCP KMS. |
| 83 | useRESTClient bool |
| 84 | // clientOpts are the client options used to create the GCP KMS client. |
| 85 | clientOpts []option.ClientOption |
| 86 | } |
| 87 | |
| 88 | // NewMasterKeyFromResourceID creates a new MasterKey with the provided resource |
| 89 | // ID. |
nothing calls this directly
no outgoing calls
no test coverage detected