mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-06-20 04:04:21 -04:00
690b50b29d
* Remove unused package * Add Go package docs to most packages Signed-off-by: Daniel Weiße <dw@edgeless.systems> Signed-off-by: Fabian Kammel <fk@edgeless.systems> Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> Co-authored-by: Fabian Kammel <fk@edgeless.systems>
33 lines
1.2 KiB
Go
33 lines
1.2 KiB
Go
/*
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
|
|
// Package kms provides an abstract interface for Key Management Services.
|
|
package kms
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
)
|
|
|
|
// CloudKMS enables using cloud base Key Management Services.
|
|
type CloudKMS interface {
|
|
// CreateKEK creates a new KEK with the given key material, if provided. If successful, the key can be referenced by keyID in the KMS in accordance to the policy.
|
|
CreateKEK(ctx context.Context, keyID string, kek []byte) error
|
|
// GetDEK returns the DEK for dekID and kekID from the KMS.
|
|
// If the DEK does not exist, a new one is created and saved to storage.
|
|
GetDEK(ctx context.Context, dekID string, dekSize int) ([]byte, error)
|
|
}
|
|
|
|
// Storage provides an abstract interface for the storage backend used for DEKs.
|
|
type Storage interface {
|
|
// Get returns a DEK from the storage by key ID. If the DEK does not exist, returns storage.ErrDEKUnset.
|
|
Get(context.Context, string) ([]byte, error)
|
|
// Put saves a DEK to the storage by key ID.
|
|
Put(context.Context, string, []byte) error
|
|
}
|
|
|
|
// ErrKEKUnknown is an error raised by unknown KEK in the KMS.
|
|
var ErrKEKUnknown = errors.New("requested KEK not found")
|