1package wrapping
2
3import (
4	"context"
5
6	"github.com/hashicorp/go-hclog"
7)
8
9// These values define known types of Wrappers
10const (
11	Shamir        = "shamir"
12	PKCS11        = "pkcs11"
13	AliCloudKMS   = "alicloudkms"
14	AWSKMS        = "awskms"
15	GCPCKMS       = "gcpckms"
16	AzureKeyVault = "azurekeyvault"
17	OCIKMS        = "ocikms"
18	Transit       = "transit"
19	Test          = "test-auto"
20
21	// HSMAutoDeprecated is a deprecated type relevant to Vault prior to 0.9.0.
22	// It is still referenced in certain code paths for upgrade purporses
23	HSMAutoDeprecated = "hsm-auto"
24)
25
26// Wrapper is the embedded implementation of autoSeal that contains logic
27// specific to encrypting and decrypting data, or in this case keys.
28type Wrapper interface {
29	// Type is the type of Wrapper
30	Type() string
31
32	// KeyID is the ID of the key currently used for encryption
33	KeyID() string
34	// HMACKeyID is the ID of the key currently used for HMACing (if any)
35	HMACKeyID() string
36
37	// Init allows performing any necessary setup calls before using this Wrapper
38	Init(context.Context) error
39	// Finalize should be called when all usage of this Wrapper is done
40	Finalize(context.Context) error
41
42	// Encrypt encrypts the given byte slice and puts information about the final result in the returned value. The second byte slice is to pass any additional authenticated data; this may or may not be used depending on the particular implementation.
43	Encrypt(context.Context, []byte, []byte) (*EncryptedBlobInfo, error)
44	// Decrypt takes in the value and decrypts it into the byte slice.  The byte slice is to pass any additional authenticated data; this may or may not be used depending on the particular implementation.
45	Decrypt(context.Context, *EncryptedBlobInfo, []byte) ([]byte, error)
46}
47
48// WrapperOptions contains options used when creating a Wrapper
49type WrapperOptions struct {
50	Logger hclog.Logger
51}
52