GenerateDataKeyForBucket generates a data key using the appropriate KMS provider for a bucket
(ctx context.Context, bucket, keyID string, keySpec KeySpec, encryptionContext map[string]string)
| 398 | |
| 399 | // GenerateDataKeyForBucket generates a data key using the appropriate KMS provider for a bucket |
| 400 | func (km *KMSManager) GenerateDataKeyForBucket(ctx context.Context, bucket, keyID string, keySpec KeySpec, encryptionContext map[string]string) (*GenerateDataKeyResponse, error) { |
| 401 | provider, err := km.GetKMSProvider(bucket) |
| 402 | if err != nil { |
| 403 | return nil, fmt.Errorf("failed to get KMS provider for bucket %s: %w", bucket, err) |
| 404 | } |
| 405 | |
| 406 | req := &GenerateDataKeyRequest{ |
| 407 | KeyID: keyID, |
| 408 | KeySpec: keySpec, |
| 409 | EncryptionContext: encryptionContext, |
| 410 | } |
| 411 | |
| 412 | return provider.GenerateDataKey(ctx, req) |
| 413 | } |
| 414 | |
| 415 | // DecryptForBucket decrypts a data key using the appropriate KMS provider for a bucket |
| 416 | func (km *KMSManager) DecryptForBucket(ctx context.Context, bucket string, ciphertextBlob []byte, encryptionContext map[string]string) (*DecryptResponse, error) { |