New returns a single-key KMS that derives new DEKs from the given key.

NewWithConfig returns a new KMS using the given configuration.

Parse parses s as single-key KMS.

Access credential for KES - API keys and private key / certificate are mutually exclusive.

Path to TLS certificate for authenticating to KES with mTLS - usually prefer API keys.

Path to TLS private key for authenticating to KES with mTLS - usually prefer API keys.

Optional password to decrypt an encrypt TLS private key.

One or multiple KES endpoints, separated by ','.

Period between polls of the KES KMS Master Key cache, to prevent it from being unused and purged.

The default key name used for IAM data and when no key ID is specified on a bucket.

Path to file/directory containing CA certificates to verify the KES server certificate.

Top level config constants for KMS.

Top level config constants for KMS.

Config contains various KMS-related configuration parameters - like KMS endpoints or authentication credentials.

DEK is a data encryption key.

Error encapsulates S3 API error response fields.

Status describes the current state of a KMS.

VerifyResult describes the verification result details a KMS endpoint.

IdentityManager is the generic interface that handles KMS identity operations.

KeyManager is the generic interface that handles KMS key operations.

KMS is the generic interface that abstracts over different KMS implementations.

Logger interface permits access to module specific logging, in this case, for KMS.

PolicyManager is the generic interface that handles KMS policy] operations.

StatusManager is the generic interface that handles KMS status operations.

Context is a set of key-value pairs that are associated with a generate data encryption key (DEK).