package
0.0.0-20200310082016-d1e177655f8d
Repository: https://github.com/grade-two/minio.git
Documentation: pkg.go.dev
# Functions
CreateMultipartMetadata adds the multipart flag entry to metadata and returns modifed metadata.
DecryptSinglePart decrypts an io.Writer which must an object uploaded with the single-part PUT API.
EnabledKes returns true if kes as KMS is enabled.
EnabledVault returns true if HashiCorp Vault is enabled.
EncryptMultiPart encrypts an io.Reader which must be the body of multi-part PUT request.
EncryptSinglePart encrypts an io.Reader which must be the the body of a single-part PUT request.
Errorf - formats according to a format specifier and returns the string as a value that satisfies error of type crypto.Error.
GenerateIV generates a new random 256 bit IV from the provided source of randomness.
GenerateKey generates a unique ObjectKey from a 256 bit external key and a source of randomness.
IsEncrypted returns true if the object metadata indicates that it was uploaded using some form of server-side-encryption.
IsETagSealed returns true if the etag seems to be encrypted.
IsMultiPart returns true if the object metadata indicates that it was uploaded using some form of server-side-encryption and the S3 multipart API.
IsRequested returns true if the HTTP headers indicates that any form server-side encryption (SSE-C, SSE-S3 or SSE-KMS) is requested.
LookupConfig lookup vault or kes config, returns KMSConfig to configure KMS object for object encryption.
LookupKesConfig lookup kes server configuration.
LookupVaultConfig extracts the KMS configuration provided by environment variables and merge them with the provided KMS configuration.
NewKes returns a new kes KMS client.
NewKMS - initialize a new KMS.
NewMasterKey returns a basic KMS implementation from a single 256 bit master key.
NewVault initializes Hashicorp Vault KMS by authenticating to Vault with the credentials in config and gets a client token for future api calls.
ParseMasterKey parses the value of the environment variable `EnvKMSMasterKey` and returns a key-ID and a master-key KMS on success.
RemoveInternalEntries removes all crypto-specific internal metadata entries from the metadata map.
RemoveSensitiveEntries removes confidential encryption information - e.g.
RemoveSensitiveHeaders removes confidential encryption information - e.g.
RemoveSSEHeaders removes all crypto-specific SSE header entries from the metadata map.
SetKMSConfig helper to migrate from older KMSConfig to new KV.
# Constants
EnvAutoEncryptionLegacy is the environment variable used to en/disable SSE-S3 auto-encryption.
EnvKMSAutoEncryption is the environment variable used to en/disable SSE-S3 auto-encryption.
EnvKMSKesCAPath is the environment variable used to specify the TLS root certificates used by MinIO to verify the certificate presented by to the kes server when establishing a TLS connection.
EnvKMSKesCertFile is the environment variable used to specify the TLS certificate used by MinIO to authenticate to the kes server HTTPS via mTLS.
EnvKMSKesEndpoint is the environment variable used to specify the kes server HTTPS endpoint.
EnvKMSKesKeyFile is the environment variable used to specify the TLS private key used by MinIO to authenticate to the kes server HTTPS via mTLS.
EnvKMSKesKeyName is the environment variable used to specify the (default) key at the kes server.
EnvKMSMasterKey is the environment variable used to specify a KMS master key used to protect SSE-S3 per-object keys.
EnvKMSMasterKeyLegacy is the environment variable used to specify a KMS master key used to protect SSE-S3 per-object keys.
EnvKMSVaultAppRoleID is the environment variable used to specify the vault AppRole ID.
EnvKMSVaultAppSecretID is the environment variable used to specify the vault AppRole secret corresponding to the AppRole ID.
EnvKMSVaultAuthType is the environment variable used to specify the authentication type for vault.
EnvKMSVaultCAPath is the environment variable used to specify the path to a directory of PEM-encoded CA cert files.
EnvKMSVaultEndpoint is the environment variable used to specify the vault HTTPS endpoint.
EnvKMSVaultKeyName is the environment variable used to specify the vault named key-ring.
EnvKMSVaultKeyVersion is the environment variable used to specify the vault key version.
EnvKMSVaultNamespace is the environment variable used to specify vault namespace.
EnvLegacyVaultAppRoleID is the environment variable used to specify the vault AppRole ID.
EnvLegacyVaultAppSecretID is the environment variable used to specify the vault AppRole secret corresponding to the AppRole ID.
EnvLegacyVaultAuthType is the environment variable used to specify the authentication type for vault.
EnvLegacyVaultCAPath is the environment variable used to specify the path to a directory of PEM-encoded CA cert files.
EnvLegacyVaultEndpoint is the environment variable used to specify the vault HTTPS endpoint.
EnvLegacyVaultKeyName is the environment variable used to specify the vault named key-ring.
EnvLegacyVaultKeyVersion is the environment variable used to specify the vault key version.
EnvLegacyVaultNamespace is the environment variable used to specify vault namespace.
InsecureSealAlgorithm is the legacy encryption/sealing algorithm used to derive & seal the key-encryption-key and to en/decrypt the object data.
KMS kes constants.
KMS kes constants.
KMS kes constants.
KMS kes constants.
KMS kes constants.
KMS Vault constants.
KMS Vault constants.
KMS Vault constants.
KMS Vault constants.
KMS Vault constants.
KMS Vault constants.
KMS Vault constants.
KMS Vault constants.
S3KMSKeyID is the metadata key referencing the KMS key-id used to generate/decrypt the S3-KMS-Sealed-Key.
S3KMSSealedKey is the metadata key referencing the encrypted key generated by KMS.
S3SealedKey is the metadata key referencing the sealed object-key for SSE-S3.
SealAlgorithm is the encryption/sealing algorithm used to derive & seal the key-encryption-key and to en/decrypt the object data.
SSEAlgorithmAES256 is the only supported value for the SSE-S3 or SSE-C algorithm header.
SSEAlgorithmKMS is the value of 'X-Amz-Server-Side-Encryption' for SSE-KMS.
SSECAlgorithm is the HTTP header key referencing the SSE-C algorithm.
SSECKey is the HTTP header key referencing the SSE-C client-provided key..
SSECKeyMD5 is the HTTP header key referencing the MD5 sum of the client-provided key.
SSECopyAlgorithm is the HTTP header key referencing the SSE-C algorithm for SSE-C copy requests.
SSECopyKey is the HTTP header key referencing the SSE-C client-provided key for SSE-C copy requests.
SSECopyKeyMD5 is the HTTP header key referencing the MD5 sum of the client key for SSE-C copy requests.
SSECSealedKey is the metadata key referencing the sealed object-key for SSE-C.
SSEHeader is the general AWS SSE HTTP header key.
SSEIV is the metadata key referencing the random initialization vector (IV) used for SSE-S3 and SSE-C key derivation.
SSEKmsContext is the HTTP header key referencing the SSE-KMS encryption context.
SSEKmsID is the HTTP header key referencing the SSE-KMS key ID.
SSEMultipart is the metadata key indicating that the object was uploaded using the S3 multipart API and stored using some from of server-side-encryption.
SSESealAlgorithm is the metadata key referencing the algorithm used by SSE-C and SSE-S3 to encrypt the object.
# Variables
DefaultKVS - default KV crypto config.
DefaultKVS - default KV crypto config.
ErrCustomerKeyMD5Mismatch indicates that the SSE-C key MD5 does not match the computed MD5 sum.
ErrIncompatibleEncryptionMethod indicates that both SSE-C headers and SSE-S3 headers were specified, and are incompatible The client needs to remove the SSE-S3 header or the SSE-C headers.
ErrInvalidCustomerAlgorithm indicates that the specified SSE-C algorithm is not supported.
ErrInvalidCustomerKey indicates that the SSE-C client key is not valid - e.g.
ErrInvalidEncryptionMethod indicates that the specified SSE encryption method is not supported.
ErrKMSAuthLogin is raised when there is a failure authenticating to KMS.
ErrMissingCustomerKey indicates that the HTTP headers contains no SSE-C client key.
ErrMissingCustomerKeyMD5 indicates that the HTTP headers contains no SSE-C client key MD5 checksum.
ErrSecretKeyMismatch indicates that the provided secret key (SSE-C client key / SSE-S3 KMS key) does not match the secret key used during encrypting the object.
Help template for KMS vault.
Help template for KMS vault.
S3 represents AWS SSE-S3.
S3KMS represents AWS SSE-KMS.
SSEC represents AWS SSE-C.
SSECopy represents AWS SSE-C for copy requests.
# Structs
Error is the generic type for any error happening during decrypting an object.
KesConfig contains the configuration required to initialize and connect to a kes server.
KMSConfig has the KMS config for hashicorp vault.
KMSInfo stores the details of KMS.
SealedKey represents a sealed object key.
VaultAppRole represents vault AppRole authentication credentials.
VaultAuth represents vault authentication type.
VaultConfig represents vault configuration.
VaultKey represents vault encryption key-ring.
# Interfaces
KMS represents an active and authenticted connection to a Key-Management-Service.