diff options
| author | Janusz Bialy <janusz.bialy@qlik.com> | 2019-02-18 21:21:51 -0500 |
|---|---|---|
| committer | Janusz Bialy <janusz.bialy@qlik.com> | 2019-03-23 15:03:21 -0400 |
| commit | ae85a25b943e803ebc3e127feb80360cfee4ea67 (patch) | |
| tree | 1b789862659695d85f7b2190737d81c5afd64cab | |
| parent | 3ab3e21318500cb1b9677c9705e2a0f61648c709 (diff) | |
finish the encryption/decryption functions
| -rw-r--r-- | aws/kms.go | 42 | ||||
| -rw-r--r-- | funcs/aws.go | 6 |
2 files changed, 34 insertions, 14 deletions
@@ -2,12 +2,8 @@ package aws import ( "encoding/base64" - "strings" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/kms" - "github.com/pkg/errors" ) // KMS - @@ -15,17 +11,41 @@ type KMS struct { Client *kms.KMS } -// NewKMS - +// NewKMS - Create new KMS client func NewKMS(option ClientOptions) *KMS { - //return + client := kms.New(SDKSession()) + return &KMS{ + Client: client, + } } -// Encrypt plaintext using the specified key +// Encrypt plaintext using the specified key. +// Returns a base64 encoded ciphertext func (k *KMS) Encrypt(keyID string, plaintext string) (string, error) { - + input := &kms.EncryptInput{ + KeyId: &keyID, + Plaintext: []byte(plaintext), + } + output, err := k.Client.Encrypt(input) + if err != nil { + return "", err + } + ciphertext := base64.StdEncoding.EncodeToString(output.CiphertextBlob) + return ciphertext, nil } -// Decrypt cyphertext -func (k *KMS) Decrypt(cyphertext string) (string, error) { - +// Decrypt a base64 encoded cyphertext +func (k *KMS) Decrypt(ciphertext string) (string, error) { + ciphertextBlob, err := base64.StdEncoding.DecodeString(ciphertext) + if err != nil { + return "", err + } + input := &kms.DecryptInput{ + CiphertextBlob: []byte(ciphertextBlob), + } + output, err := k.Client.Decrypt(input) + if err != nil { + return "", err + } + return string(output.Plaintext), nil } diff --git a/funcs/aws.go b/funcs/aws.go index 0948112f..9e6e2b89 100644 --- a/funcs/aws.go +++ b/funcs/aws.go @@ -30,8 +30,8 @@ func AWSFuncs(f map[string]interface{}) { f["ec2dynamic"] = AWSNS().EC2Dynamic f["ec2tag"] = AWSNS().EC2Tag f["ec2region"] = AWSNS().EC2Region - f["kmsencrypt"] = AWSNS().KMSEncrypt - f["kmsdecrypt"] = AWSNS().KMSDecrypt + f["kmsEncrypt"] = AWSNS().KMSEncrypt + f["kmsDecrypt"] = AWSNS().KMSDecrypt } // Funcs - @@ -72,7 +72,7 @@ func (a *Funcs) EC2Tag(tag string, def ...string) (string, error) { // KMSEncrypt - func (a *Funcs) KMSEncrypt(keyID string, plaintext string) (string, error) { a.kmsInit.Do(a.initKMS) - return a.kms.Encrypt(keyID, string) + return a.kms.Encrypt(keyID, plaintext) } // KMSDecrypt - |