From 443e937dc9458bc8fb7a86956f1f1dc7f1defaa1 Mon Sep 17 00:00:00 2001
From: Janusz Bialy <janusz.bialy@qlik.com>
Date: Tue, 23 Oct 2018 21:22:20 -0400
Subject: add KMS encryption and decryption

---
 aws/kms.go   | 16 ++++++++++++++++
 funcs/aws.go | 22 ++++++++++++++++++++++
 2 files changed, 38 insertions(+)
 create mode 100644 aws/kms.go

diff --git a/aws/kms.go b/aws/kms.go
new file mode 100644
index 00000000..c973d6b4
--- /dev/null
+++ b/aws/kms.go
@@ -0,0 +1,16 @@
+package aws
+
+import (
+	"encoding/base64"
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/kms"
+	"github.com/pkg/errors"
+)
+
+// NewKMS -
+func NewKMS(option ClientOptions) {
+
+}
diff --git a/funcs/aws.go b/funcs/aws.go
index 3a7a64d4..a3a57b39 100644
--- a/funcs/aws.go
+++ b/funcs/aws.go
@@ -30,14 +30,18 @@ func AWSFuncs(f map[string]interface{}) {
 	f["ec2dynamic"] = AWSNS().EC2Dynamic
 	f["ec2tag"] = AWSNS().EC2Tag
 	f["ec2region"] = AWSNS().EC2Region
+	f["kmsencrypt"] = AWSNS().KMSEncrypt
+	f["kmsdecrypt"] = AWSNS().KMSDecrypt
 }
 
 // Funcs -
 type Funcs struct {
 	meta     *aws.Ec2Meta
 	info     *aws.Ec2Info
+	kms      *aws.KMS
 	metaInit sync.Once
 	infoInit sync.Once
+	kmsInit  sync.Once
 	awsopts  aws.ClientOptions
 }
 
@@ -65,6 +69,18 @@ func (a *Funcs) EC2Tag(tag string, def ...string) (string, error) {
 	return a.info.Tag(tag, def...)
 }
 
+// KMSEncrypt -
+func (a *Funcs) KMSEncrypt() {
+	a.kmsInit.Do(a.initKMS)
+	return a.kms.Ciphertext()
+}
+
+// KMSDecrypt -
+func (a *Funcs) KMSDecrypt() {
+	a.kmsInit.Do(a.initKMS)
+	return a.kms.Cleartext()
+}
+
 func (a *Funcs) initMeta() {
 	if a.meta == nil {
 		a.meta = aws.NewEc2Meta(a.awsopts)
@@ -76,3 +92,9 @@ func (a *Funcs) initInfo() {
 		a.info = aws.NewEc2Info(a.awsopts)
 	}
 }
+
+func (a *Funcs) initKMS() {
+	if a.kms == nil {
+		a.kms = aws.NewKMS(a.awsopts)
+	}
+}
-- 
cgit v1.2.3