Encrypt symmetric key with AWS KMS
()
| 39 | |
| 40 | // Encrypt symmetric key with AWS KMS |
| 41 | func (symmetricKey *SymmetricKey) Encrypt() error { |
| 42 | kmsConfig := aws.NewConfig() |
| 43 | |
| 44 | if symmetricKey.Region != "" { |
| 45 | kmsConfig = kmsConfig.WithRegion(symmetricKey.Region) |
| 46 | } |
| 47 | |
| 48 | kmsSession, err := session.NewSession() |
| 49 | if err != nil { |
| 50 | return err |
| 51 | } |
| 52 | |
| 53 | svc := kms.New(kmsSession, kmsConfig) |
| 54 | |
| 55 | symmetricKey.mutex.RLock() |
| 56 | input := &kms.EncryptInput{ |
| 57 | KeyId: aws.String(symmetricKey.KeyID), |
| 58 | Plaintext: symmetricKey.SymmetricKey, |
| 59 | } |
| 60 | symmetricKey.mutex.RUnlock() |
| 61 | |
| 62 | result, err := svc.Encrypt(input) |
| 63 | |
| 64 | if err == nil { |
| 65 | symmetricKey.mutex.Lock() |
| 66 | symmetricKey.EncryptedSymmetricKey = result.CiphertextBlob |
| 67 | symmetricKey.mutex.Unlock() |
| 68 | } |
| 69 | |
| 70 | return err |
| 71 | } |
| 72 | |
| 73 | // Decrypt symmetric key with AWS KMS |
| 74 | func (symmetricKey *SymmetricKey) Decrypt() error { |
nothing calls this directly
no test coverage detected