1package wrapping 2 3import ( 4 "context" 5 6 "github.com/hashicorp/go-hclog" 7) 8 9// These values define known types of Wrappers 10const ( 11 AEAD = "aead" 12 AliCloudKMS = "alicloudkms" 13 AWSKMS = "awskms" 14 AzureKeyVault = "azurekeyvault" 15 GCPCKMS = "gcpckms" 16 HuaweiCloudKMS = "huaweicloudkms" 17 MultiWrapper = "multiwrapper" 18 OCIKMS = "ocikms" 19 PKCS11 = "pkcs11" 20 Shamir = "shamir" 21 TencentCloudKMS = "tencentcloudkms" 22 Transit = "transit" 23 YandexCloudKMS = "yandexcloudkms" 24 Test = "test-auto" 25 26 // HSMAutoDeprecated is a deprecated type relevant to Vault prior to 0.9.0. 27 // It is still referenced in certain code paths for upgrade purporses 28 HSMAutoDeprecated = "hsm-auto" 29) 30 31// Wrapper is the embedded implementation of autoSeal that contains logic 32// specific to encrypting and decrypting data, or in this case keys. 33type Wrapper interface { 34 // Type is the type of Wrapper 35 Type() string 36 37 // KeyID is the ID of the key currently used for encryption 38 KeyID() string 39 // HMACKeyID is the ID of the key currently used for HMACing (if any) 40 HMACKeyID() string 41 42 // Init allows performing any necessary setup calls before using this Wrapper 43 Init(context.Context) error 44 // Finalize should be called when all usage of this Wrapper is done 45 Finalize(context.Context) error 46 47 // Encrypt encrypts the given byte slice and puts information about the final result in the returned value. The second byte slice is to pass any additional authenticated data; this may or may not be used depending on the particular implementation. 48 Encrypt(context.Context, []byte, []byte) (*EncryptedBlobInfo, error) 49 // Decrypt takes in the value and decrypts it into the byte slice. The byte slice is to pass any additional authenticated data; this may or may not be used depending on the particular implementation. 50 Decrypt(context.Context, *EncryptedBlobInfo, []byte) ([]byte, error) 51} 52 53// WrapperOptions contains options used when creating a Wrapper 54type WrapperOptions struct { 55 Logger hclog.Logger 56} 57