1package wrapping 2 3import ( 4 "context" 5 6 "github.com/hashicorp/go-hclog" 7) 8 9// These values define known types of Wrappers 10const ( 11 Shamir = "shamir" 12 PKCS11 = "pkcs11" 13 AliCloudKMS = "alicloudkms" 14 AWSKMS = "awskms" 15 GCPCKMS = "gcpckms" 16 AzureKeyVault = "azurekeyvault" 17 OCIKMS = "ocikms" 18 Transit = "transit" 19 Test = "test-auto" 20 21 // HSMAutoDeprecated is a deprecated type relevant to Vault prior to 0.9.0. 22 // It is still referenced in certain code paths for upgrade purporses 23 HSMAutoDeprecated = "hsm-auto" 24) 25 26// Wrapper is the embedded implementation of autoSeal that contains logic 27// specific to encrypting and decrypting data, or in this case keys. 28type Wrapper interface { 29 // Type is the type of Wrapper 30 Type() string 31 32 // KeyID is the ID of the key currently used for encryption 33 KeyID() string 34 // HMACKeyID is the ID of the key currently used for HMACing (if any) 35 HMACKeyID() string 36 37 // Init allows performing any necessary setup calls before using this Wrapper 38 Init(context.Context) error 39 // Finalize should be called when all usage of this Wrapper is done 40 Finalize(context.Context) error 41 42 // Encrypt encrypts the given byte slice and puts information about the final result in the returned value. The second byte slice is to pass any additional authenticated data; this may or may not be used depending on the particular implementation. 43 Encrypt(context.Context, []byte, []byte) (*EncryptedBlobInfo, error) 44 // Decrypt takes in the value and decrypts it into the byte slice. The byte slice is to pass any additional authenticated data; this may or may not be used depending on the particular implementation. 45 Decrypt(context.Context, *EncryptedBlobInfo, []byte) ([]byte, error) 46} 47 48// WrapperOptions contains options used when creating a Wrapper 49type WrapperOptions struct { 50 Logger hclog.Logger 51} 52