add KMS encryption and decryption

2 files changed, 38 insertions, 0 deletions

diff --git a/aws/kms.go b/aws/kms.go
new file mode 100644
index 00000000..c973d6b4
--- /dev/null
+++ b/aws/kms.go
@@ -0,0 +1,16 @@
+package aws
+
+import (
+	"encoding/base64"
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/kms"
+	"github.com/pkg/errors"
+)
+
+// NewKMS -
+func NewKMS(option ClientOptions) {
+
+}
diff --git a/funcs/aws.go b/funcs/aws.go
index 3a7a64d4..a3a57b39 100644
--- a/funcs/aws.go
+++ b/funcs/aws.go
@@ -30,14 +30,18 @@ func AWSFuncs(f map[string]interface{}) {
 	f["ec2dynamic"] = AWSNS().EC2Dynamic
 	f["ec2tag"] = AWSNS().EC2Tag
 	f["ec2region"] = AWSNS().EC2Region
+	f["kmsencrypt"] = AWSNS().KMSEncrypt
+	f["kmsdecrypt"] = AWSNS().KMSDecrypt
 }
 
 // Funcs -
 type Funcs struct {
 	meta     *aws.Ec2Meta
 	info     *aws.Ec2Info
+	kms      *aws.KMS
 	metaInit sync.Once
 	infoInit sync.Once
+	kmsInit  sync.Once
 	awsopts  aws.ClientOptions
 }
 
@@ -65,6 +69,18 @@ func (a *Funcs) EC2Tag(tag string, def ...string) (string, error) {
 	return a.info.Tag(tag, def...)
 }
 
+// KMSEncrypt -
+func (a *Funcs) KMSEncrypt() {
+	a.kmsInit.Do(a.initKMS)
+	return a.kms.Ciphertext()
+}
+
+// KMSDecrypt -
+func (a *Funcs) KMSDecrypt() {
+	a.kmsInit.Do(a.initKMS)
+	return a.kms.Cleartext()
+}
+
 func (a *Funcs) initMeta() {
 	if a.meta == nil {
 		a.meta = aws.NewEc2Meta(a.awsopts)
@@ -76,3 +92,9 @@ func (a *Funcs) initInfo() {
 		a.info = aws.NewEc2Info(a.awsopts)
 	}
 }
+
+func (a *Funcs) initKMS() {
+	if a.kms == nil {
+		a.kms = aws.NewKMS(a.awsopts)
+	}
+}