From e8d00046e1630dede664ebf9ebcd88d4fba59167 Mon Sep 17 00:00:00 2001 From: Jimmy Cuadra Date: Sat, 4 Jul 2020 10:47:06 -0700 Subject: [PATCH] Add support for age. --- age/keysource.go | 183 +++++ cmd/sops/main.go | 63 +- go.mod | 10 +- go.sum | 42 +- keyservice/keyservice.go | 9 + keyservice/keyservice.pb.go | 1257 +++++++++++++++++++++++------------ keyservice/keyservice.proto | 5 + keyservice/server.go | 40 ++ stores/stores.go | 45 +- 9 files changed, 1198 insertions(+), 456 deletions(-) create mode 100644 age/keysource.go diff --git a/age/keysource.go b/age/keysource.go new file mode 100644 index 000000000..063b7225c --- /dev/null +++ b/age/keysource.go @@ -0,0 +1,183 @@ +package age + +import ( + "bufio" + "bytes" + "fmt" + "io" + "os" + "strings" + + "filippo.io/age" +) + +// MasterKey is an age key used to encrypt and decrypt sops' data key. +type MasterKey struct { + Identity string // a Bech32-encoded private key + Recipient string // a Bech32-encoded public key + EncryptedKey string // a sops data key encrypted with age + + parsedIdentity *age.X25519Identity // a parsed age private key + parsedRecipient *age.X25519Recipient // a parsed age public key +} + +// Encrypt takes a sops data key, encrypts it with age and stores the result in the EncryptedKey field. +func (key *MasterKey) Encrypt(datakey []byte) error { + buffer := &bytes.Buffer{} + + if key.parsedRecipient == nil { + parsedRecipient, err := age.ParseX25519Recipient(key.Recipient) + + if err != nil { + return fmt.Errorf("failed to parse input as Bech32-encoded age public key: %v", err) + } + + key.parsedRecipient = parsedRecipient + } + + w, err := age.Encrypt(buffer, key.parsedRecipient) + + if err != nil { + return fmt.Errorf("failed to open file for encrypting sops data key with age: %v", err) + } + + if _, err := w.Write(datakey); err != nil { + return fmt.Errorf("failed to encrypt sops data key with age: %v", err) + } + + if err := w.Close(); err != nil { + return fmt.Errorf("failed to close file for encrypting sops data key with age: %v", err) + } + + key.EncryptedKey = buffer.String() + + return nil +} + +// EncryptIfNeeded encrypts the provided sops' data key and encrypts it if it hasn't been encrypted yet. +func (key *MasterKey) EncryptIfNeeded(datakey []byte) error { + if key.EncryptedKey == "" { + return key.Encrypt(datakey) + } + + return nil +} + +// EncryptedDataKey returns the encrypted data key this master key holds. +func (key *MasterKey) EncryptedDataKey() []byte { + return []byte(key.EncryptedKey) +} + +// SetEncryptedDataKey sets the encrypted data key for this master key. +func (key *MasterKey) SetEncryptedDataKey(enc []byte) { + key.EncryptedKey = string(enc) +} + +// Decrypt decrypts the EncryptedKey field with the age identity and returns the result. +func (key *MasterKey) Decrypt() ([]byte, error) { + path := fmt.Sprintf("%s/.sops/age/%s.key", os.Getenv("HOME"), key.Recipient) + + _, err := os.Stat(path) + + if os.IsNotExist(err) { + return nil, fmt.Errorf("no private key found at %s", path) + } + + file, err := os.Open(path) + + defer file.Close() + + scanner := bufio.NewScanner(file) + + var privateKey string + + for scanner.Scan() { + line := scanner.Text() + + if strings.HasPrefix(line, "AGE-SECRET-KEY") { + privateKey = line + break + } + } + + if err := scanner.Err(); err != nil { + return nil, fmt.Errorf("error scanning lines in age private key file: %v", err) + } + + if privateKey == "" { + return nil, fmt.Errorf("no age private key found in file at: %v", path) + } + + parsedIdentity, err := age.ParseX25519Identity(string(privateKey)) + + if err != nil { + return nil, fmt.Errorf("failed to parse private key as age X25519Identity at %s: %v", path, err) + } + + buffer := &bytes.Buffer{} + reader := bytes.NewReader([]byte(key.EncryptedKey)) + + r, err := age.Decrypt(reader, parsedIdentity) + + if err != nil { + return nil, fmt.Errorf("failed to open encrypted data key: %v", err) + } + + if _, err := io.Copy(buffer, r); err != nil { + return nil, fmt.Errorf("failed to read encrypted data key: %v", err) + } + + return buffer.Bytes(), nil +} + +// NeedsRotation returns whether the data key needs to be rotated or not. +func (key *MasterKey) NeedsRotation() bool { + return false +} + +// ToString converts the key to a string representation. +func (key *MasterKey) ToString() string { + return key.Recipient +} + +// ToMap converts the MasterKey to a map for serialization purposes. +func (key *MasterKey) ToMap() map[string]interface{} { + out := make(map[string]interface{}) + out["recipient"] = key.Recipient + out["enc"] = key.EncryptedKey + return out +} + +// MasterKeysFromRecipients takes a comma-separated list of Bech32-encoded public keys and returns a +// slice of new MasterKeys. +func MasterKeysFromRecipients(commaSeparatedRecipients string) ([]*MasterKey, error) { + recipients := strings.Split(commaSeparatedRecipients, ",") + + var keys []*MasterKey + + for _, recipient := range recipients { + key, err := MasterKeyFromRecipient(recipient) + + if err != nil { + return nil, err + } + + keys = append(keys, key) + } + + return keys, nil +} + +// MasterKeyFromRecipient takes a Bech32-encoded public key and returns a new MasterKey. +func MasterKeyFromRecipient(recipient string) (*MasterKey, error) { + parsedRecipient, err := age.ParseX25519Recipient(recipient) + + if err != nil { + return nil, err + } + + return &MasterKey{ + Recipient: recipient, + parsedRecipient: parsedRecipient, + }, nil +} diff --git a/cmd/sops/main.go b/cmd/sops/main.go index e99733d8e..11a2ddfc6 100644 --- a/cmd/sops/main.go +++ b/cmd/sops/main.go @@ -16,6 +16,7 @@ import ( "github.com/sirupsen/logrus" "go.mozilla.org/sops/v3" "go.mozilla.org/sops/v3/aes" + "go.mozilla.org/sops/v3/age" _ "go.mozilla.org/sops/v3/audit" "go.mozilla.org/sops/v3/azkv" "go.mozilla.org/sops/v3/cmd/sops/codes" @@ -61,7 +62,7 @@ func main() { }, } app.Name = "sops" - app.Usage = "sops - encrypted file editor with AWS KMS, GCP KMS, Azure Key Vault and GPG support" + app.Usage = "sops - encrypted file editor with AWS KMS, GCP KMS, Azure Key Vault, age, and GPG support" app.ArgsUsage = "sops [options] file" app.Version = version.Version app.Authors = []cli.Author{ @@ -96,6 +97,9 @@ func main() { https://docs.microsoft.com/en-us/go/azure/azure-sdk-go-authorization#use-environment-based-authentication. The user/sp needs the key/encrypt and key/decrypt permissions) + To encrypt or decrypt using age, specify the recipient in the -a flag, or + in the SOPS_AGE_RECIPIENTS environment variable. + To encrypt or decrypt using PGP, specify the PGP fingerprint in the -p flag or in the SOPS_PGP_FP environment variable. @@ -377,6 +381,10 @@ func main() { Name: "hc-vault-transit", Usage: "the full vault path to the key used to encrypt/decrypt. Make you choose and configure a key with encrption/decryption enabled (e.g. 'https://vault.example.org:8200/v1/transit/keys/dev'). Can be specified more than once", }, + cli.StringSliceFlag{ + Name: "age", + Usage: "the age recipient the new group should contain. Can be specified more than once", + }, cli.BoolFlag{ Name: "in-place, i", Usage: "write output back to the same file instead of stdout", @@ -396,6 +404,7 @@ func main() { gcpKmses := c.StringSlice("gcp-kms") vaultURIs := c.StringSlice("hc-vault-transit") azkvs := c.StringSlice("azure-kv") + ageRecipients := c.StringSlice("age") var group sops.KeyGroup for _, fp := range pgpFps { group = append(group, pgp.NewMasterKeyFromFingerprint(fp)) @@ -422,6 +431,14 @@ func main() { } group = append(group, k) } + for _, recipient := range ageRecipients { + k, err := age.MasterKeyFromRecipient(recipient) + if err != nil { + log.WithError(err).Error("Failed to add key") + continue + } + group = append(group, k) + } return groups.Add(groups.AddOpts{ InputPath: c.String("file"), InPlace: c.Bool("in-place"), @@ -552,6 +569,11 @@ func main() { Usage: "comma separated list of PGP fingerprints", EnvVar: "SOPS_PGP_FP", }, + cli.StringFlag{ + Name: "age, a", + Usage: "comma separated list of age recipients", + EnvVar: "SOPS_AGE_RECIPIENTS", + }, cli.BoolFlag{ Name: "in-place, i", Usage: "write output back to the same file instead of stdout", @@ -604,6 +626,14 @@ func main() { Name: "rm-hc-vault-transit", Usage: "remove the provided comma-separated list of Vault's URI key from the list of master keys on the given file ( eg. https://vault.example.org:8200/v1/transit/keys/dev)", }, + cli.StringFlag{ + Name: "add-age", + Usage: "add the provided comma-separated list of age recipients fingerprints to the list of master keys on the given file", + }, + cli.StringFlag{ + Name: "rm-age", + Usage: "remove the provided comma-separated list of age recipients from the list of master keys on the given file", + }, cli.StringFlag{ Name: "add-pgp", Usage: "add the provided comma-separated list of PGP fingerprints to the list of master keys on the given file", @@ -673,8 +703,8 @@ func main() { return toExitError(err) } if _, err := os.Stat(fileName); os.IsNotExist(err) { - if c.String("add-kms") != "" || c.String("add-pgp") != "" || c.String("add-gcp-kms") != "" || c.String("add-hc-vault-transit") != "" || c.String("add-azure-kv") != "" || - c.String("rm-kms") != "" || c.String("rm-pgp") != "" || c.String("rm-gcp-kms") != "" || c.String("rm-hc-vault-transit") != "" || c.String("rm-azure-kv") != "" { + if c.String("add-kms") != "" || c.String("add-pgp") != "" || c.String("add-gcp-kms") != "" || c.String("add-hc-vault-transit") != "" || c.String("add-azure-kv") != "" || c.String("add-age") != "" || + c.String("rm-kms") != "" || c.String("rm-pgp") != "" || c.String("rm-gcp-kms") != "" || c.String("rm-hc-vault-transit") != "" || c.String("rm-azure-kv") != "" || c.String("rm-age") != "" { return common.NewExitError("Error: cannot add or remove keys on non-existent files, use `--kms` and `--pgp` instead.", codes.CannotChangeKeysFromNonExistentFile) } if c.Bool("encrypt") || c.Bool("decrypt") || c.Bool("rotate") { @@ -802,6 +832,13 @@ func main() { for _, k := range hcVaultKeys { addMasterKeys = append(addMasterKeys, k) } + ageKeys, err := age.MasterKeysFromRecipients(c.String("add-age")) + if err != nil { + return err + } + for _, k := range ageKeys { + addMasterKeys = append(addMasterKeys, k) + } var rmMasterKeys []keys.MasterKey for _, k := range kms.MasterKeysFromArnString(c.String("rm-kms"), kmsEncryptionContext, c.String("aws-profile")) { @@ -827,6 +864,13 @@ func main() { for _, k := range hcVaultKeys { rmMasterKeys = append(rmMasterKeys, k) } + ageKeys, err = age.MasterKeysFromRecipients(c.String("rm-age")) + if err != nil { + return err + } + for _, k := range ageKeys { + rmMasterKeys = append(rmMasterKeys, k) + } output, err = rotate(rotateOpts{ OutputStore: outputStore, @@ -1023,6 +1067,7 @@ func keyGroups(c *cli.Context, file string) ([]sops.KeyGroup, error) { var cloudKmsKeys []keys.MasterKey var azkvKeys []keys.MasterKey var hcVaultMkKeys []keys.MasterKey + var ageMasterKeys []keys.MasterKey kmsEncryptionContext := kms.ParseKMSContext(c.String("encryption-context")) if c.String("encryption-context") != "" && kmsEncryptionContext == nil { return nil, common.NewExitError("Invalid KMS encryption context format", codes.ErrorInvalidKMSEncryptionContextFormat) @@ -1060,7 +1105,16 @@ func keyGroups(c *cli.Context, file string) ([]sops.KeyGroup, error) { pgpKeys = append(pgpKeys, k) } } - if c.String("kms") == "" && c.String("pgp") == "" && c.String("gcp-kms") == "" && c.String("azure-kv") == "" && c.String("hc-vault-transit") == "" { + if c.String("age") != "" { + ageKeys, err := age.MasterKeysFromRecipients(c.String("age")) + if err != nil { + return nil, err + } + for _, k := range ageKeys { + ageMasterKeys = append(ageMasterKeys, k) + } + } + if c.String("kms") == "" && c.String("pgp") == "" && c.String("gcp-kms") == "" && c.String("azure-kv") == "" && c.String("hc-vault-transit") == "" && c.String("age") == "" { conf, err := loadConfig(c, file, kmsEncryptionContext) // config file might just not be supplied, without any error if conf == nil { @@ -1078,6 +1132,7 @@ func keyGroups(c *cli.Context, file string) ([]sops.KeyGroup, error) { group = append(group, azkvKeys...) group = append(group, pgpKeys...) group = append(group, hcVaultMkKeys...) + group = append(group, ageMasterKeys...) log.Debugf("Master keys available: %+v", group) return []sops.KeyGroup{group}, nil } diff --git a/go.mod b/go.mod index 323fdc46a..6b95c902f 100644 --- a/go.mod +++ b/go.mod @@ -4,6 +4,7 @@ go 1.13 require ( cloud.google.com/go v0.43.0 + filippo.io/age v1.0.0-beta4 github.com/Azure/azure-sdk-for-go v31.2.0+incompatible github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect github.com/Azure/go-autorest/autorest v0.9.0 @@ -19,8 +20,8 @@ require ( github.com/docker/go-connections v0.4.0 // indirect github.com/docker/go-units v0.4.0 // indirect github.com/fatih/color v1.7.0 - github.com/golang/protobuf v1.3.2 - github.com/google/go-cmp v0.3.0 + github.com/golang/protobuf v1.4.1 + github.com/google/go-cmp v0.5.0 github.com/google/shlex v0.0.0-20181106134648-c34317bd91bf github.com/gotestyourself/gotestyourself v2.2.0+incompatible // indirect github.com/goware/prefixer v0.0.0-20160118172347-395022866408 @@ -40,11 +41,12 @@ require ( github.com/stretchr/testify v1.5.1 github.com/vektra/mockery v1.1.2 // indirect go.mozilla.org/gopgagent v0.0.0-20170926210634-4d7ea76ff71a - golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 + golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 google.golang.org/api v0.7.0 - google.golang.org/grpc v1.22.1 + google.golang.org/grpc v1.27.0 + google.golang.org/protobuf v1.25.0 gopkg.in/ini.v1 v1.44.0 gopkg.in/urfave/cli.v1 v1.20.0 gotest.tools v2.2.0+incompatible // indirect diff --git a/go.sum b/go.sum index aa870f0a9..393a3a15b 100644 --- a/go.sum +++ b/go.sum @@ -5,6 +5,8 @@ cloud.google.com/go v0.43.0 h1:banaiRPAM8kUVYneOSkhgcDsLzEvL25FinuiSZaH/2w= cloud.google.com/go v0.43.0/go.mod h1:BOSR3VbTLkk6FDC/TcffxP4NF/FFBGA5ku+jvKOP7pg= contrib.go.opencensus.io/exporter/ocagent v0.4.12 h1:jGFvw3l57ViIVEPKKEUXPcLYIXJmQxLUh6ey1eJhwyc= contrib.go.opencensus.io/exporter/ocagent v0.4.12/go.mod h1:450APlNTSR6FrvC3CTRqYosuDstRB9un7SOx2k/9ckA= +filippo.io/age v1.0.0-beta4 h1:czSjaSa0owsI5gw/cE9yI/mfTiuhgYjozHI96v0PVJo= +filippo.io/age v1.0.0-beta4/go.mod h1:TOa3exZvzRCLfjmbJGsqwSQ0HtWjJfTTCQnQsNCC4E0= github.com/Azure/azure-sdk-for-go v31.2.0+incompatible h1:kZFnTLmdQYNGfakatSivKHUfUnDZhqNdchHD4oIhp5k= github.com/Azure/azure-sdk-for-go v31.2.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8= @@ -60,6 +62,7 @@ github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEe github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/census-instrumentation/opencensus-proto v0.2.0 h1:LzQXZOgg4CQfE6bFvXGM30YZL1WW/M337pXml+GrcZ4= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc h1:TP+534wVlf61smEIq1nwLLAjQVEK2EADoW3CX9AuT+8= github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= @@ -77,6 +80,8 @@ github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDD github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= +github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= @@ -99,6 +104,13 @@ github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5y github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= +github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= +github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= +github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= +github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +github.com/golang/protobuf v1.4.1 h1:ZFgWrT+bLgsYPirOnRfKLYJLvssAegOj/hgyMFdJZe0= +github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= @@ -107,6 +119,10 @@ github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.0 h1:/QaMHBdZ26BB3SSst0Iwl10Epc+xhTquomWX0oZEB6w= +github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= @@ -224,6 +240,7 @@ github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.2.0 h1:kUZDBDTdBVBYBj5Tmh2NZLlF60mfjA27rM34b+cVwNU= github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= @@ -233,6 +250,8 @@ github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6So github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= +github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= +github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4= @@ -247,6 +266,7 @@ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/vektra/mockery v1.1.2 h1:uc0Yn67rJpjt8U/mAZimdCKn9AeA97BOkjpmtBSlfP4= @@ -267,6 +287,8 @@ golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4 h1:HuIa8hRrWRSrqYzx1qI49N golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 h1:3zb4D3T4G8jdExgVU/95+vQXfpEPiMdCaZgmGVxjNHM= +golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= @@ -370,6 +392,9 @@ google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRn google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190716160619-c506a9f90610 h1:Ygq9/SRJX9+dU0WCIICM8RkWvDw03lvB77hrhJnpxfU= google.golang.org/genproto v0.0.0-20190716160619-c506a9f90610/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 h1:+kGHl1aib/qcwaRi1CbqBZ1rk19r85MNUf8HaBghugY= +google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= @@ -377,14 +402,26 @@ google.golang.org/grpc v1.19.1/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZi google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.22.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.22.1 h1:/7cs52RnTJmD43s3uxzlq2U7nqVTd/37viQwMrMNlOM= -google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.27.0 h1:rRYRFMVgRv6E0D70Skyfsr28tDXIuuPZyWGMPdMcnXg= +google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= +google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= +google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= +google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= +google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= +google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c= +google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/ini.v1 v1.44.0 h1:YRJzTUp0kSYWUVFF5XAbDFfyiqwsl0Vb9R8TVP5eRi0= gopkg.in/ini.v1 v1.44.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= @@ -398,6 +435,7 @@ gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bl gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/keyservice/keyservice.go b/keyservice/keyservice.go index f60e15822..103e3e6dc 100644 --- a/keyservice/keyservice.go +++ b/keyservice/keyservice.go @@ -7,6 +7,7 @@ package keyservice import ( "fmt" + "go.mozilla.org/sops/v3/age" "go.mozilla.org/sops/v3/azkv" "go.mozilla.org/sops/v3/gcpkms" "go.mozilla.org/sops/v3/hcvault" @@ -69,6 +70,14 @@ func KeyFromMasterKey(mk keys.MasterKey) Key { }, }, } + case *age.MasterKey: + return Key{ + KeyType: &Key_AgeKey{ + AgeKey: &AgeKey{ + Recipient: mk.Recipient, + }, + }, + } default: panic(fmt.Sprintf("Tried to convert unknown MasterKey type %T to keyservice.Key", mk)) } diff --git a/keyservice/keyservice.pb.go b/keyservice/keyservice.pb.go index c8177144b..ead3ccfd1 100644 --- a/keyservice/keyservice.pb.go +++ b/keyservice/keyservice.pb.go @@ -1,67 +1,129 @@ // Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.23.0 +// protoc v3.13.0 // source: keyservice/keyservice.proto package keyservice import ( context "context" - fmt "fmt" - math "math" - proto "github.com/golang/protobuf/proto" grpc "google.golang.org/grpc" codes "google.golang.org/grpc/codes" status "google.golang.org/grpc/status" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" ) -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 type Key struct { - // Types that are valid to be assigned to KeyType: + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Types that are assignable to KeyType: // *Key_KmsKey // *Key_PgpKey // *Key_GcpKmsKey // *Key_AzureKeyvaultKey // *Key_VaultKey - KeyType isKey_KeyType `protobuf_oneof:"key_type"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + // *Key_AgeKey + KeyType isKey_KeyType `protobuf_oneof:"key_type"` } -func (m *Key) Reset() { *m = Key{} } -func (m *Key) String() string { return proto.CompactTextString(m) } -func (*Key) ProtoMessage() {} +func (x *Key) Reset() { + *x = Key{} + if protoimpl.UnsafeEnabled { + mi := &file_keyservice_keyservice_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Key) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Key) ProtoMessage() {} + +func (x *Key) ProtoReflect() protoreflect.Message { + mi := &file_keyservice_keyservice_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Key.ProtoReflect.Descriptor instead. func (*Key) Descriptor() ([]byte, []int) { - return fileDescriptor_8c1e2c407c293790, []int{0} + return file_keyservice_keyservice_proto_rawDescGZIP(), []int{0} } -func (m *Key) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Key.Unmarshal(m, b) -} -func (m *Key) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Key.Marshal(b, m, deterministic) -} -func (m *Key) XXX_Merge(src proto.Message) { - xxx_messageInfo_Key.Merge(m, src) -} -func (m *Key) XXX_Size() int { - return xxx_messageInfo_Key.Size(m) -} -func (m *Key) XXX_DiscardUnknown() { - xxx_messageInfo_Key.DiscardUnknown(m) +func (m *Key) GetKeyType() isKey_KeyType { + if m != nil { + return m.KeyType + } + return nil } -var xxx_messageInfo_Key proto.InternalMessageInfo +func (x *Key) GetKmsKey() *KmsKey { + if x, ok := x.GetKeyType().(*Key_KmsKey); ok { + return x.KmsKey + } + return nil +} + +func (x *Key) GetPgpKey() *PgpKey { + if x, ok := x.GetKeyType().(*Key_PgpKey); ok { + return x.PgpKey + } + return nil +} + +func (x *Key) GetGcpKmsKey() *GcpKmsKey { + if x, ok := x.GetKeyType().(*Key_GcpKmsKey); ok { + return x.GcpKmsKey + } + return nil +} + +func (x *Key) GetAzureKeyvaultKey() *AzureKeyVaultKey { + if x, ok := x.GetKeyType().(*Key_AzureKeyvaultKey); ok { + return x.AzureKeyvaultKey + } + return nil +} + +func (x *Key) GetVaultKey() *VaultKey { + if x, ok := x.GetKeyType().(*Key_VaultKey); ok { + return x.VaultKey + } + return nil +} + +func (x *Key) GetAgeKey() *AgeKey { + if x, ok := x.GetKeyType().(*Key_AgeKey); ok { + return x.AgeKey + } + return nil +} type isKey_KeyType interface { isKey_KeyType() @@ -87,6 +149,10 @@ type Key_VaultKey struct { VaultKey *VaultKey `protobuf:"bytes,5,opt,name=vault_key,json=vaultKey,proto3,oneof"` } +type Key_AgeKey struct { + AgeKey *AgeKey `protobuf:"bytes,6,opt,name=age_key,json=ageKey,proto3,oneof"` +} + func (*Key_KmsKey) isKey_KeyType() {} func (*Key_PgpKey) isKey_KeyType() {} @@ -97,545 +163,852 @@ func (*Key_AzureKeyvaultKey) isKey_KeyType() {} func (*Key_VaultKey) isKey_KeyType() {} -func (m *Key) GetKeyType() isKey_KeyType { - if m != nil { - return m.KeyType - } - return nil -} - -func (m *Key) GetKmsKey() *KmsKey { - if x, ok := m.GetKeyType().(*Key_KmsKey); ok { - return x.KmsKey - } - return nil -} - -func (m *Key) GetPgpKey() *PgpKey { - if x, ok := m.GetKeyType().(*Key_PgpKey); ok { - return x.PgpKey - } - return nil -} - -func (m *Key) GetGcpKmsKey() *GcpKmsKey { - if x, ok := m.GetKeyType().(*Key_GcpKmsKey); ok { - return x.GcpKmsKey - } - return nil -} - -func (m *Key) GetAzureKeyvaultKey() *AzureKeyVaultKey { - if x, ok := m.GetKeyType().(*Key_AzureKeyvaultKey); ok { - return x.AzureKeyvaultKey - } - return nil -} - -func (m *Key) GetVaultKey() *VaultKey { - if x, ok := m.GetKeyType().(*Key_VaultKey); ok { - return x.VaultKey - } - return nil -} - -// XXX_OneofWrappers is for the internal use of the proto package. -func (*Key) XXX_OneofWrappers() []interface{} { - return []interface{}{ - (*Key_KmsKey)(nil), - (*Key_PgpKey)(nil), - (*Key_GcpKmsKey)(nil), - (*Key_AzureKeyvaultKey)(nil), - (*Key_VaultKey)(nil), - } -} +func (*Key_AgeKey) isKey_KeyType() {} type PgpKey struct { - Fingerprint string `protobuf:"bytes,1,opt,name=fingerprint,proto3" json:"fingerprint,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Fingerprint string `protobuf:"bytes,1,opt,name=fingerprint,proto3" json:"fingerprint,omitempty"` } -func (m *PgpKey) Reset() { *m = PgpKey{} } -func (m *PgpKey) String() string { return proto.CompactTextString(m) } -func (*PgpKey) ProtoMessage() {} +func (x *PgpKey) Reset() { + *x = PgpKey{} + if protoimpl.UnsafeEnabled { + mi := &file_keyservice_keyservice_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *PgpKey) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PgpKey) ProtoMessage() {} + +func (x *PgpKey) ProtoReflect() protoreflect.Message { + mi := &file_keyservice_keyservice_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PgpKey.ProtoReflect.Descriptor instead. func (*PgpKey) Descriptor() ([]byte, []int) { - return fileDescriptor_8c1e2c407c293790, []int{1} + return file_keyservice_keyservice_proto_rawDescGZIP(), []int{1} } -func (m *PgpKey) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_PgpKey.Unmarshal(m, b) -} -func (m *PgpKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_PgpKey.Marshal(b, m, deterministic) -} -func (m *PgpKey) XXX_Merge(src proto.Message) { - xxx_messageInfo_PgpKey.Merge(m, src) -} -func (m *PgpKey) XXX_Size() int { - return xxx_messageInfo_PgpKey.Size(m) -} -func (m *PgpKey) XXX_DiscardUnknown() { - xxx_messageInfo_PgpKey.DiscardUnknown(m) -} - -var xxx_messageInfo_PgpKey proto.InternalMessageInfo - -func (m *PgpKey) GetFingerprint() string { - if m != nil { - return m.Fingerprint +func (x *PgpKey) GetFingerprint() string { + if x != nil { + return x.Fingerprint } return "" } type KmsKey struct { - Arn string `protobuf:"bytes,1,opt,name=arn,proto3" json:"arn,omitempty"` - Role string `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"` - Context map[string]string `protobuf:"bytes,3,rep,name=context,proto3" json:"context,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - AwsProfile string `protobuf:"bytes,4,opt,name=aws_profile,json=awsProfile,proto3" json:"aws_profile,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Arn string `protobuf:"bytes,1,opt,name=arn,proto3" json:"arn,omitempty"` + Role string `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"` + Context map[string]string `protobuf:"bytes,3,rep,name=context,proto3" json:"context,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + AwsProfile string `protobuf:"bytes,4,opt,name=aws_profile,json=awsProfile,proto3" json:"aws_profile,omitempty"` } -func (m *KmsKey) Reset() { *m = KmsKey{} } -func (m *KmsKey) String() string { return proto.CompactTextString(m) } -func (*KmsKey) ProtoMessage() {} +func (x *KmsKey) Reset() { + *x = KmsKey{} + if protoimpl.UnsafeEnabled { + mi := &file_keyservice_keyservice_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *KmsKey) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*KmsKey) ProtoMessage() {} + +func (x *KmsKey) ProtoReflect() protoreflect.Message { + mi := &file_keyservice_keyservice_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use KmsKey.ProtoReflect.Descriptor instead. func (*KmsKey) Descriptor() ([]byte, []int) { - return fileDescriptor_8c1e2c407c293790, []int{2} + return file_keyservice_keyservice_proto_rawDescGZIP(), []int{2} } -func (m *KmsKey) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_KmsKey.Unmarshal(m, b) -} -func (m *KmsKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_KmsKey.Marshal(b, m, deterministic) -} -func (m *KmsKey) XXX_Merge(src proto.Message) { - xxx_messageInfo_KmsKey.Merge(m, src) -} -func (m *KmsKey) XXX_Size() int { - return xxx_messageInfo_KmsKey.Size(m) -} -func (m *KmsKey) XXX_DiscardUnknown() { - xxx_messageInfo_KmsKey.DiscardUnknown(m) -} - -var xxx_messageInfo_KmsKey proto.InternalMessageInfo - -func (m *KmsKey) GetArn() string { - if m != nil { - return m.Arn +func (x *KmsKey) GetArn() string { + if x != nil { + return x.Arn } return "" } -func (m *KmsKey) GetRole() string { - if m != nil { - return m.Role +func (x *KmsKey) GetRole() string { + if x != nil { + return x.Role } return "" } -func (m *KmsKey) GetContext() map[string]string { - if m != nil { - return m.Context +func (x *KmsKey) GetContext() map[string]string { + if x != nil { + return x.Context } return nil } -func (m *KmsKey) GetAwsProfile() string { - if m != nil { - return m.AwsProfile +func (x *KmsKey) GetAwsProfile() string { + if x != nil { + return x.AwsProfile } return "" } type GcpKmsKey struct { - ResourceId string `protobuf:"bytes,1,opt,name=resource_id,json=resourceId,proto3" json:"resource_id,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + ResourceId string `protobuf:"bytes,1,opt,name=resource_id,json=resourceId,proto3" json:"resource_id,omitempty"` } -func (m *GcpKmsKey) Reset() { *m = GcpKmsKey{} } -func (m *GcpKmsKey) String() string { return proto.CompactTextString(m) } -func (*GcpKmsKey) ProtoMessage() {} +func (x *GcpKmsKey) Reset() { + *x = GcpKmsKey{} + if protoimpl.UnsafeEnabled { + mi := &file_keyservice_keyservice_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *GcpKmsKey) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*GcpKmsKey) ProtoMessage() {} + +func (x *GcpKmsKey) ProtoReflect() protoreflect.Message { + mi := &file_keyservice_keyservice_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use GcpKmsKey.ProtoReflect.Descriptor instead. func (*GcpKmsKey) Descriptor() ([]byte, []int) { - return fileDescriptor_8c1e2c407c293790, []int{3} + return file_keyservice_keyservice_proto_rawDescGZIP(), []int{3} } -func (m *GcpKmsKey) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_GcpKmsKey.Unmarshal(m, b) -} -func (m *GcpKmsKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_GcpKmsKey.Marshal(b, m, deterministic) -} -func (m *GcpKmsKey) XXX_Merge(src proto.Message) { - xxx_messageInfo_GcpKmsKey.Merge(m, src) -} -func (m *GcpKmsKey) XXX_Size() int { - return xxx_messageInfo_GcpKmsKey.Size(m) -} -func (m *GcpKmsKey) XXX_DiscardUnknown() { - xxx_messageInfo_GcpKmsKey.DiscardUnknown(m) -} - -var xxx_messageInfo_GcpKmsKey proto.InternalMessageInfo - -func (m *GcpKmsKey) GetResourceId() string { - if m != nil { - return m.ResourceId +func (x *GcpKmsKey) GetResourceId() string { + if x != nil { + return x.ResourceId } return "" } type VaultKey struct { - VaultAddress string `protobuf:"bytes,1,opt,name=vault_address,json=vaultAddress,proto3" json:"vault_address,omitempty"` - EnginePath string `protobuf:"bytes,2,opt,name=engine_path,json=enginePath,proto3" json:"engine_path,omitempty"` - KeyName string `protobuf:"bytes,3,opt,name=key_name,json=keyName,proto3" json:"key_name,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + VaultAddress string `protobuf:"bytes,1,opt,name=vault_address,json=vaultAddress,proto3" json:"vault_address,omitempty"` + EnginePath string `protobuf:"bytes,2,opt,name=engine_path,json=enginePath,proto3" json:"engine_path,omitempty"` + KeyName string `protobuf:"bytes,3,opt,name=key_name,json=keyName,proto3" json:"key_name,omitempty"` } -func (m *VaultKey) Reset() { *m = VaultKey{} } -func (m *VaultKey) String() string { return proto.CompactTextString(m) } -func (*VaultKey) ProtoMessage() {} +func (x *VaultKey) Reset() { + *x = VaultKey{} + if protoimpl.UnsafeEnabled { + mi := &file_keyservice_keyservice_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *VaultKey) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*VaultKey) ProtoMessage() {} + +func (x *VaultKey) ProtoReflect() protoreflect.Message { + mi := &file_keyservice_keyservice_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use VaultKey.ProtoReflect.Descriptor instead. func (*VaultKey) Descriptor() ([]byte, []int) { - return fileDescriptor_8c1e2c407c293790, []int{4} + return file_keyservice_keyservice_proto_rawDescGZIP(), []int{4} } -func (m *VaultKey) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_VaultKey.Unmarshal(m, b) -} -func (m *VaultKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_VaultKey.Marshal(b, m, deterministic) -} -func (m *VaultKey) XXX_Merge(src proto.Message) { - xxx_messageInfo_VaultKey.Merge(m, src) -} -func (m *VaultKey) XXX_Size() int { - return xxx_messageInfo_VaultKey.Size(m) -} -func (m *VaultKey) XXX_DiscardUnknown() { - xxx_messageInfo_VaultKey.DiscardUnknown(m) -} - -var xxx_messageInfo_VaultKey proto.InternalMessageInfo - -func (m *VaultKey) GetVaultAddress() string { - if m != nil { - return m.VaultAddress +func (x *VaultKey) GetVaultAddress() string { + if x != nil { + return x.VaultAddress } return "" } -func (m *VaultKey) GetEnginePath() string { - if m != nil { - return m.EnginePath +func (x *VaultKey) GetEnginePath() string { + if x != nil { + return x.EnginePath } return "" } -func (m *VaultKey) GetKeyName() string { - if m != nil { - return m.KeyName +func (x *VaultKey) GetKeyName() string { + if x != nil { + return x.KeyName } return "" } type AzureKeyVaultKey struct { - VaultUrl string `protobuf:"bytes,1,opt,name=vault_url,json=vaultUrl,proto3" json:"vault_url,omitempty"` - Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` - Version string `protobuf:"bytes,3,opt,name=version,proto3" json:"version,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + VaultUrl string `protobuf:"bytes,1,opt,name=vault_url,json=vaultUrl,proto3" json:"vault_url,omitempty"` + Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` + Version string `protobuf:"bytes,3,opt,name=version,proto3" json:"version,omitempty"` } -func (m *AzureKeyVaultKey) Reset() { *m = AzureKeyVaultKey{} } -func (m *AzureKeyVaultKey) String() string { return proto.CompactTextString(m) } -func (*AzureKeyVaultKey) ProtoMessage() {} +func (x *AzureKeyVaultKey) Reset() { + *x = AzureKeyVaultKey{} + if protoimpl.UnsafeEnabled { + mi := &file_keyservice_keyservice_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *AzureKeyVaultKey) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AzureKeyVaultKey) ProtoMessage() {} + +func (x *AzureKeyVaultKey) ProtoReflect() protoreflect.Message { + mi := &file_keyservice_keyservice_proto_msgTypes[5] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AzureKeyVaultKey.ProtoReflect.Descriptor instead. func (*AzureKeyVaultKey) Descriptor() ([]byte, []int) { - return fileDescriptor_8c1e2c407c293790, []int{5} + return file_keyservice_keyservice_proto_rawDescGZIP(), []int{5} } -func (m *AzureKeyVaultKey) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_AzureKeyVaultKey.Unmarshal(m, b) -} -func (m *AzureKeyVaultKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_AzureKeyVaultKey.Marshal(b, m, deterministic) -} -func (m *AzureKeyVaultKey) XXX_Merge(src proto.Message) { - xxx_messageInfo_AzureKeyVaultKey.Merge(m, src) -} -func (m *AzureKeyVaultKey) XXX_Size() int { - return xxx_messageInfo_AzureKeyVaultKey.Size(m) -} -func (m *AzureKeyVaultKey) XXX_DiscardUnknown() { - xxx_messageInfo_AzureKeyVaultKey.DiscardUnknown(m) -} - -var xxx_messageInfo_AzureKeyVaultKey proto.InternalMessageInfo - -func (m *AzureKeyVaultKey) GetVaultUrl() string { - if m != nil { - return m.VaultUrl +func (x *AzureKeyVaultKey) GetVaultUrl() string { + if x != nil { + return x.VaultUrl } return "" } -func (m *AzureKeyVaultKey) GetName() string { - if m != nil { - return m.Name +func (x *AzureKeyVaultKey) GetName() string { + if x != nil { + return x.Name } return "" } -func (m *AzureKeyVaultKey) GetVersion() string { - if m != nil { - return m.Version +func (x *AzureKeyVaultKey) GetVersion() string { + if x != nil { + return x.Version + } + return "" +} + +type AgeKey struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Recipient string `protobuf:"bytes,1,opt,name=recipient,proto3" json:"recipient,omitempty"` +} + +func (x *AgeKey) Reset() { + *x = AgeKey{} + if protoimpl.UnsafeEnabled { + mi := &file_keyservice_keyservice_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *AgeKey) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AgeKey) ProtoMessage() {} + +func (x *AgeKey) ProtoReflect() protoreflect.Message { + mi := &file_keyservice_keyservice_proto_msgTypes[6] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AgeKey.ProtoReflect.Descriptor instead. +func (*AgeKey) Descriptor() ([]byte, []int) { + return file_keyservice_keyservice_proto_rawDescGZIP(), []int{6} +} + +func (x *AgeKey) GetRecipient() string { + if x != nil { + return x.Recipient } return "" } type EncryptRequest struct { - Key *Key `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` - Plaintext []byte `protobuf:"bytes,2,opt,name=plaintext,proto3" json:"plaintext,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Key *Key `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` + Plaintext []byte `protobuf:"bytes,2,opt,name=plaintext,proto3" json:"plaintext,omitempty"` } -func (m *EncryptRequest) Reset() { *m = EncryptRequest{} } -func (m *EncryptRequest) String() string { return proto.CompactTextString(m) } -func (*EncryptRequest) ProtoMessage() {} +func (x *EncryptRequest) Reset() { + *x = EncryptRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_keyservice_keyservice_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *EncryptRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EncryptRequest) ProtoMessage() {} + +func (x *EncryptRequest) ProtoReflect() protoreflect.Message { + mi := &file_keyservice_keyservice_proto_msgTypes[7] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EncryptRequest.ProtoReflect.Descriptor instead. func (*EncryptRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_8c1e2c407c293790, []int{6} + return file_keyservice_keyservice_proto_rawDescGZIP(), []int{7} } -func (m *EncryptRequest) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_EncryptRequest.Unmarshal(m, b) -} -func (m *EncryptRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_EncryptRequest.Marshal(b, m, deterministic) -} -func (m *EncryptRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_EncryptRequest.Merge(m, src) -} -func (m *EncryptRequest) XXX_Size() int { - return xxx_messageInfo_EncryptRequest.Size(m) -} -func (m *EncryptRequest) XXX_DiscardUnknown() { - xxx_messageInfo_EncryptRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_EncryptRequest proto.InternalMessageInfo - -func (m *EncryptRequest) GetKey() *Key { - if m != nil { - return m.Key +func (x *EncryptRequest) GetKey() *Key { + if x != nil { + return x.Key } return nil } -func (m *EncryptRequest) GetPlaintext() []byte { - if m != nil { - return m.Plaintext +func (x *EncryptRequest) GetPlaintext() []byte { + if x != nil { + return x.Plaintext } return nil } type EncryptResponse struct { - Ciphertext []byte `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Ciphertext []byte `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` } -func (m *EncryptResponse) Reset() { *m = EncryptResponse{} } -func (m *EncryptResponse) String() string { return proto.CompactTextString(m) } -func (*EncryptResponse) ProtoMessage() {} +func (x *EncryptResponse) Reset() { + *x = EncryptResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_keyservice_keyservice_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *EncryptResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EncryptResponse) ProtoMessage() {} + +func (x *EncryptResponse) ProtoReflect() protoreflect.Message { + mi := &file_keyservice_keyservice_proto_msgTypes[8] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EncryptResponse.ProtoReflect.Descriptor instead. func (*EncryptResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_8c1e2c407c293790, []int{7} + return file_keyservice_keyservice_proto_rawDescGZIP(), []int{8} } -func (m *EncryptResponse) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_EncryptResponse.Unmarshal(m, b) -} -func (m *EncryptResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_EncryptResponse.Marshal(b, m, deterministic) -} -func (m *EncryptResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_EncryptResponse.Merge(m, src) -} -func (m *EncryptResponse) XXX_Size() int { - return xxx_messageInfo_EncryptResponse.Size(m) -} -func (m *EncryptResponse) XXX_DiscardUnknown() { - xxx_messageInfo_EncryptResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_EncryptResponse proto.InternalMessageInfo - -func (m *EncryptResponse) GetCiphertext() []byte { - if m != nil { - return m.Ciphertext +func (x *EncryptResponse) GetCiphertext() []byte { + if x != nil { + return x.Ciphertext } return nil } type DecryptRequest struct { - Key *Key `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` - Ciphertext []byte `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Key *Key `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` + Ciphertext []byte `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` } -func (m *DecryptRequest) Reset() { *m = DecryptRequest{} } -func (m *DecryptRequest) String() string { return proto.CompactTextString(m) } -func (*DecryptRequest) ProtoMessage() {} +func (x *DecryptRequest) Reset() { + *x = DecryptRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_keyservice_keyservice_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DecryptRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DecryptRequest) ProtoMessage() {} + +func (x *DecryptRequest) ProtoReflect() protoreflect.Message { + mi := &file_keyservice_keyservice_proto_msgTypes[9] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DecryptRequest.ProtoReflect.Descriptor instead. func (*DecryptRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_8c1e2c407c293790, []int{8} + return file_keyservice_keyservice_proto_rawDescGZIP(), []int{9} } -func (m *DecryptRequest) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_DecryptRequest.Unmarshal(m, b) -} -func (m *DecryptRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_DecryptRequest.Marshal(b, m, deterministic) -} -func (m *DecryptRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_DecryptRequest.Merge(m, src) -} -func (m *DecryptRequest) XXX_Size() int { - return xxx_messageInfo_DecryptRequest.Size(m) -} -func (m *DecryptRequest) XXX_DiscardUnknown() { - xxx_messageInfo_DecryptRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_DecryptRequest proto.InternalMessageInfo - -func (m *DecryptRequest) GetKey() *Key { - if m != nil { - return m.Key +func (x *DecryptRequest) GetKey() *Key { + if x != nil { + return x.Key } return nil } -func (m *DecryptRequest) GetCiphertext() []byte { - if m != nil { - return m.Ciphertext +func (x *DecryptRequest) GetCiphertext() []byte { + if x != nil { + return x.Ciphertext } return nil } type DecryptResponse struct { - Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"` } -func (m *DecryptResponse) Reset() { *m = DecryptResponse{} } -func (m *DecryptResponse) String() string { return proto.CompactTextString(m) } -func (*DecryptResponse) ProtoMessage() {} +func (x *DecryptResponse) Reset() { + *x = DecryptResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_keyservice_keyservice_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DecryptResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DecryptResponse) ProtoMessage() {} + +func (x *DecryptResponse) ProtoReflect() protoreflect.Message { + mi := &file_keyservice_keyservice_proto_msgTypes[10] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DecryptResponse.ProtoReflect.Descriptor instead. func (*DecryptResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_8c1e2c407c293790, []int{9} + return file_keyservice_keyservice_proto_rawDescGZIP(), []int{10} } -func (m *DecryptResponse) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_DecryptResponse.Unmarshal(m, b) -} -func (m *DecryptResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_DecryptResponse.Marshal(b, m, deterministic) -} -func (m *DecryptResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_DecryptResponse.Merge(m, src) -} -func (m *DecryptResponse) XXX_Size() int { - return xxx_messageInfo_DecryptResponse.Size(m) -} -func (m *DecryptResponse) XXX_DiscardUnknown() { - xxx_messageInfo_DecryptResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_DecryptResponse proto.InternalMessageInfo - -func (m *DecryptResponse) GetPlaintext() []byte { - if m != nil { - return m.Plaintext +func (x *DecryptResponse) GetPlaintext() []byte { + if x != nil { + return x.Plaintext } return nil } -func init() { - proto.RegisterType((*Key)(nil), "Key") - proto.RegisterType((*PgpKey)(nil), "PgpKey") - proto.RegisterType((*KmsKey)(nil), "KmsKey") - proto.RegisterMapType((map[string]string)(nil), "KmsKey.ContextEntry") - proto.RegisterType((*GcpKmsKey)(nil), "GcpKmsKey") - proto.RegisterType((*VaultKey)(nil), "VaultKey") - proto.RegisterType((*AzureKeyVaultKey)(nil), "AzureKeyVaultKey") - proto.RegisterType((*EncryptRequest)(nil), "EncryptRequest") - proto.RegisterType((*EncryptResponse)(nil), "EncryptResponse") - proto.RegisterType((*DecryptRequest)(nil), "DecryptRequest") - proto.RegisterType((*DecryptResponse)(nil), "DecryptResponse") +var File_keyservice_keyservice_proto protoreflect.FileDescriptor + +var file_keyservice_keyservice_proto_rawDesc = []byte{ + 0x0a, 0x1b, 0x6b, 0x65, 0x79, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2f, 0x6b, 0x65, 0x79, + 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x98, 0x02, + 0x0a, 0x03, 0x4b, 0x65, 0x79, 0x12, 0x22, 0x0a, 0x07, 0x6b, 0x6d, 0x73, 0x5f, 0x6b, 0x65, 0x79, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x07, 0x2e, 0x4b, 0x6d, 0x73, 0x4b, 0x65, 0x79, 0x48, + 0x00, 0x52, 0x06, 0x6b, 0x6d, 0x73, 0x4b, 0x65, 0x79, 0x12, 0x22, 0x0a, 0x07, 0x70, 0x67, 0x70, + 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x07, 0x2e, 0x50, 0x67, 0x70, + 0x4b, 0x65, 0x79, 0x48, 0x00, 0x52, 0x06, 0x70, 0x67, 0x70, 0x4b, 0x65, 0x79, 0x12, 0x2c, 0x0a, + 0x0b, 0x67, 0x63, 0x70, 0x5f, 0x6b, 0x6d, 0x73, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x47, 0x63, 0x70, 0x4b, 0x6d, 0x73, 0x4b, 0x65, 0x79, 0x48, 0x00, + 0x52, 0x09, 0x67, 0x63, 0x70, 0x4b, 0x6d, 0x73, 0x4b, 0x65, 0x79, 0x12, 0x41, 0x0a, 0x12, 0x61, + 0x7a, 0x75, 0x72, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x6b, 0x65, + 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x41, 0x7a, 0x75, 0x72, 0x65, 0x4b, + 0x65, 0x79, 0x56, 0x61, 0x75, 0x6c, 0x74, 0x4b, 0x65, 0x79, 0x48, 0x00, 0x52, 0x10, 0x61, 0x7a, + 0x75, 0x72, 0x65, 0x4b, 0x65, 0x79, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x4b, 0x65, 0x79, 0x12, 0x28, + 0x0a, 0x09, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x09, 0x2e, 0x56, 0x61, 0x75, 0x6c, 0x74, 0x4b, 0x65, 0x79, 0x48, 0x00, 0x52, 0x08, + 0x76, 0x61, 0x75, 0x6c, 0x74, 0x4b, 0x65, 0x79, 0x12, 0x22, 0x0a, 0x07, 0x61, 0x67, 0x65, 0x5f, + 0x6b, 0x65, 0x79, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x07, 0x2e, 0x41, 0x67, 0x65, 0x4b, + 0x65, 0x79, 0x48, 0x00, 0x52, 0x06, 0x61, 0x67, 0x65, 0x4b, 0x65, 0x79, 0x42, 0x0a, 0x0a, 0x08, + 0x6b, 0x65, 0x79, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x22, 0x2a, 0x0a, 0x06, 0x50, 0x67, 0x70, 0x4b, + 0x65, 0x79, 0x12, 0x20, 0x0a, 0x0b, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, + 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, + 0x72, 0x69, 0x6e, 0x74, 0x22, 0xbb, 0x01, 0x0a, 0x06, 0x4b, 0x6d, 0x73, 0x4b, 0x65, 0x79, 0x12, + 0x10, 0x0a, 0x03, 0x61, 0x72, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x61, 0x72, + 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x72, 0x6f, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x04, 0x72, 0x6f, 0x6c, 0x65, 0x12, 0x2e, 0x0a, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, + 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x4b, 0x6d, 0x73, 0x4b, 0x65, 0x79, 0x2e, + 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x63, 0x6f, + 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x61, 0x77, 0x73, 0x5f, 0x70, 0x72, 0x6f, + 0x66, 0x69, 0x6c, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x61, 0x77, 0x73, 0x50, + 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x1a, 0x3a, 0x0a, 0x0c, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, + 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, + 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, + 0x38, 0x01, 0x22, 0x2c, 0x0a, 0x09, 0x47, 0x63, 0x70, 0x4b, 0x6d, 0x73, 0x4b, 0x65, 0x79, 0x12, + 0x1f, 0x0a, 0x0b, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x64, + 0x22, 0x6b, 0x0a, 0x08, 0x56, 0x61, 0x75, 0x6c, 0x74, 0x4b, 0x65, 0x79, 0x12, 0x23, 0x0a, 0x0d, + 0x76, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0c, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, + 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x5f, 0x70, 0x61, 0x74, 0x68, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x65, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x50, 0x61, + 0x74, 0x68, 0x12, 0x19, 0x0a, 0x08, 0x6b, 0x65, 0x79, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x5d, 0x0a, + 0x10, 0x41, 0x7a, 0x75, 0x72, 0x65, 0x4b, 0x65, 0x79, 0x56, 0x61, 0x75, 0x6c, 0x74, 0x4b, 0x65, + 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x55, 0x72, 0x6c, 0x12, 0x12, + 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, + 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x26, 0x0a, 0x06, + 0x41, 0x67, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x1c, 0x0a, 0x09, 0x72, 0x65, 0x63, 0x69, 0x70, 0x69, + 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x72, 0x65, 0x63, 0x69, 0x70, + 0x69, 0x65, 0x6e, 0x74, 0x22, 0x46, 0x0a, 0x0e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x04, 0x2e, 0x4b, 0x65, 0x79, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x1c, + 0x0a, 0x09, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0c, 0x52, 0x09, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x22, 0x31, 0x0a, 0x0f, + 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, + 0x1e, 0x0a, 0x0a, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0c, 0x52, 0x0a, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x22, + 0x48, 0x0a, 0x0e, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x12, 0x16, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x04, + 0x2e, 0x4b, 0x65, 0x79, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x1e, 0x0a, 0x0a, 0x63, 0x69, 0x70, + 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0a, 0x63, + 0x69, 0x70, 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x22, 0x2f, 0x0a, 0x0f, 0x44, 0x65, 0x63, + 0x72, 0x79, 0x70, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1c, 0x0a, 0x09, + 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, + 0x09, 0x70, 0x6c, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x32, 0x6c, 0x0a, 0x0a, 0x4b, 0x65, + 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x2e, 0x0a, 0x07, 0x45, 0x6e, 0x63, 0x72, + 0x79, 0x70, 0x74, 0x12, 0x0f, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x10, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x2e, 0x0a, 0x07, 0x44, 0x65, 0x63, 0x72, + 0x79, 0x70, 0x74, 0x12, 0x0f, 0x2e, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x10, 0x2e, 0x44, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } -func init() { proto.RegisterFile("keyservice/keyservice.proto", fileDescriptor_8c1e2c407c293790) } +var ( + file_keyservice_keyservice_proto_rawDescOnce sync.Once + file_keyservice_keyservice_proto_rawDescData = file_keyservice_keyservice_proto_rawDesc +) -var fileDescriptor_8c1e2c407c293790 = []byte{ - // 574 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x8c, 0x54, 0x5d, 0x6f, 0xd3, 0x30, - 0x14, 0x5d, 0xd6, 0xad, 0x5d, 0x6e, 0xca, 0x5a, 0xac, 0x09, 0x8d, 0x0d, 0xc1, 0x30, 0x2f, 0x13, - 0x9a, 0x3c, 0x51, 0x5e, 0xd0, 0xde, 0x06, 0x0c, 0x86, 0x2a, 0xa1, 0x29, 0x08, 0xde, 0x50, 0xe5, - 0xa5, 0x77, 0x6d, 0x94, 0x34, 0x31, 0x76, 0xd2, 0x61, 0xfe, 0x1a, 0x7f, 0x8b, 0x1f, 0x80, 0xfc, - 0x91, 0x7e, 0xf1, 0xc2, 0xdb, 0xf5, 0xc9, 0x39, 0xe7, 0x5e, 0x9f, 0xeb, 0x16, 0x8e, 0x33, 0xd4, - 0x0a, 0xe5, 0x3c, 0x4d, 0xf0, 0x7c, 0x59, 0x32, 0x21, 0xcb, 0xaa, 0xa4, 0x7f, 0x02, 0x68, 0x0d, - 0x51, 0x13, 0x0a, 0x9d, 0x6c, 0xa6, 0x46, 0x19, 0xea, 0xc3, 0xe0, 0x24, 0x38, 0x8d, 0x06, 0x1d, - 0x36, 0x9c, 0xa9, 0x21, 0xea, 0xeb, 0xad, 0xb8, 0x9d, 0xd9, 0xca, 0x70, 0xc4, 0x44, 0x58, 0xce, - 0xb6, 0xe7, 0xdc, 0x4c, 0x84, 0xe7, 0x08, 0x5b, 0x91, 0x33, 0x88, 0x26, 0x89, 0x18, 0x35, 0x5e, - 0x2d, 0xcb, 0x03, 0xf6, 0x31, 0x11, 0x0b, 0xbb, 0x70, 0xd2, 0x1c, 0xc8, 0x25, 0x10, 0xfe, 0xab, - 0x96, 0x68, 0xb8, 0x73, 0x5e, 0xe7, 0x95, 0x15, 0xed, 0x58, 0xd1, 0x43, 0x76, 0x69, 0x3e, 0x0d, - 0x51, 0x7f, 0x33, 0x5f, 0x9c, 0xb6, 0xcf, 0x3d, 0x36, 0xf7, 0x18, 0x39, 0x85, 0x70, 0xa9, 0xdc, - 0xb5, 0xca, 0x90, 0xad, 0x28, 0xf6, 0x1a, 0xe6, 0x5b, 0x80, 0xbd, 0x0c, 0xf5, 0xa8, 0xd2, 0x02, - 0xe9, 0x4b, 0x68, 0xbb, 0xd1, 0xc9, 0x09, 0x44, 0x77, 0x69, 0x31, 0x41, 0x29, 0x64, 0x5a, 0x54, - 0xf6, 0xf2, 0x61, 0xbc, 0x0a, 0xd1, 0xdf, 0x01, 0xb4, 0xfd, 0xbc, 0x7d, 0x68, 0x71, 0x59, 0x78, - 0x92, 0x29, 0x09, 0x81, 0x1d, 0x59, 0xe6, 0x68, 0x03, 0x09, 0x63, 0x5b, 0x13, 0x06, 0x9d, 0xa4, - 0x2c, 0x2a, 0xfc, 0x59, 0x1d, 0xb6, 0x4e, 0x5a, 0xa7, 0xd1, 0xe0, 0xc0, 0x67, 0xc9, 0xde, 0x39, - 0xf8, 0xaa, 0xa8, 0xa4, 0x8e, 0x1b, 0x12, 0x79, 0x06, 0x11, 0xbf, 0x57, 0x23, 0x21, 0xcb, 0xbb, - 0x34, 0x47, 0x7b, 0xfd, 0x30, 0x06, 0x7e, 0xaf, 0x6e, 0x1c, 0x72, 0x74, 0x01, 0xdd, 0x55, 0xa5, - 0x19, 0xa3, 0x59, 0x54, 0x18, 0x9b, 0x92, 0x1c, 0xc0, 0xee, 0x9c, 0xe7, 0x75, 0x33, 0x87, 0x3b, - 0x5c, 0x6c, 0xbf, 0x09, 0xe8, 0x19, 0x84, 0x8b, 0xf0, 0x4d, 0x27, 0x89, 0xaa, 0xac, 0x65, 0x82, - 0xa3, 0x74, 0xec, 0x0d, 0xa0, 0x81, 0x3e, 0x8d, 0xe9, 0x0c, 0xf6, 0x9a, 0xec, 0xc8, 0x0b, 0x78, - 0xe0, 0x92, 0xe5, 0xe3, 0xb1, 0x44, 0xa5, 0x3c, 0xbd, 0x6b, 0xc1, 0x4b, 0x87, 0x91, 0xe7, 0xd0, - 0xbd, 0xe5, 0x49, 0x86, 0xc5, 0x78, 0x24, 0x78, 0x35, 0xf5, 0xfd, 0x23, 0x8f, 0xdd, 0xf0, 0x6a, - 0x4a, 0x1e, 0xbb, 0xdc, 0x0b, 0x3e, 0x43, 0xfb, 0x1e, 0xc2, 0xb8, 0x93, 0xa1, 0xfe, 0xcc, 0x67, - 0x48, 0xbf, 0x43, 0x7f, 0x73, 0xc9, 0xe4, 0xb8, 0x59, 0x68, 0x2d, 0x73, 0xdf, 0xd2, 0xed, 0xf0, - 0xab, 0xcc, 0x4d, 0xdc, 0xd6, 0xc7, 0xc7, 0x6d, 0x6a, 0x72, 0x08, 0x9d, 0x39, 0x4a, 0x95, 0x96, - 0x45, 0x63, 0xef, 0x8f, 0xf4, 0x03, 0xec, 0x5f, 0x15, 0x89, 0xd4, 0xa2, 0x8a, 0xf1, 0x47, 0x8d, - 0xaa, 0x22, 0x8f, 0x96, 0xc9, 0x45, 0x83, 0x1d, 0x36, 0x44, 0xed, 0xf2, 0x7b, 0x02, 0xa1, 0xc8, - 0x79, 0xea, 0x96, 0x66, 0xcc, 0xbb, 0xf1, 0x12, 0xa0, 0xaf, 0xa0, 0xb7, 0xf0, 0x51, 0xa2, 0x2c, - 0x14, 0x92, 0xa7, 0x00, 0x49, 0x2a, 0xa6, 0x28, 0xad, 0x22, 0xb0, 0x8a, 0x15, 0x84, 0x5e, 0xc3, - 0xfe, 0x7b, 0xfc, 0xaf, 0xd6, 0xeb, 0x4e, 0xdb, 0xff, 0x38, 0x9d, 0x43, 0x6f, 0xe1, 0xe4, 0x9b, - 0xaf, 0x4d, 0x1b, 0x6c, 0x4c, 0x3b, 0xc8, 0x01, 0x86, 0xa8, 0xbf, 0xb8, 0x9f, 0xb9, 0x79, 0x8c, - 0x7e, 0x76, 0xd2, 0x63, 0xeb, 0x69, 0x1c, 0xf5, 0xd9, 0xc6, 0xb5, 0xe8, 0x96, 0xe1, 0xfb, 0x76, - 0xa4, 0xc7, 0xd6, 0xaf, 0x70, 0xd4, 0x67, 0x1b, 0x93, 0xd0, 0xad, 0xdb, 0xb6, 0xfd, 0x1f, 0x79, - 0xfd, 0x37, 0x00, 0x00, 0xff, 0xff, 0x9b, 0x65, 0x80, 0xa7, 0x66, 0x04, 0x00, 0x00, +func file_keyservice_keyservice_proto_rawDescGZIP() []byte { + file_keyservice_keyservice_proto_rawDescOnce.Do(func() { + file_keyservice_keyservice_proto_rawDescData = protoimpl.X.CompressGZIP(file_keyservice_keyservice_proto_rawDescData) + }) + return file_keyservice_keyservice_proto_rawDescData +} + +var file_keyservice_keyservice_proto_msgTypes = make([]protoimpl.MessageInfo, 12) +var file_keyservice_keyservice_proto_goTypes = []interface{}{ + (*Key)(nil), // 0: Key + (*PgpKey)(nil), // 1: PgpKey + (*KmsKey)(nil), // 2: KmsKey + (*GcpKmsKey)(nil), // 3: GcpKmsKey + (*VaultKey)(nil), // 4: VaultKey + (*AzureKeyVaultKey)(nil), // 5: AzureKeyVaultKey + (*AgeKey)(nil), // 6: AgeKey + (*EncryptRequest)(nil), // 7: EncryptRequest + (*EncryptResponse)(nil), // 8: EncryptResponse + (*DecryptRequest)(nil), // 9: DecryptRequest + (*DecryptResponse)(nil), // 10: DecryptResponse + nil, // 11: KmsKey.ContextEntry +} +var file_keyservice_keyservice_proto_depIdxs = []int32{ + 2, // 0: Key.kms_key:type_name -> KmsKey + 1, // 1: Key.pgp_key:type_name -> PgpKey + 3, // 2: Key.gcp_kms_key:type_name -> GcpKmsKey + 5, // 3: Key.azure_keyvault_key:type_name -> AzureKeyVaultKey + 4, // 4: Key.vault_key:type_name -> VaultKey + 6, // 5: Key.age_key:type_name -> AgeKey + 11, // 6: KmsKey.context:type_name -> KmsKey.ContextEntry + 0, // 7: EncryptRequest.key:type_name -> Key + 0, // 8: DecryptRequest.key:type_name -> Key + 7, // 9: KeyService.Encrypt:input_type -> EncryptRequest + 9, // 10: KeyService.Decrypt:input_type -> DecryptRequest + 8, // 11: KeyService.Encrypt:output_type -> EncryptResponse + 10, // 12: KeyService.Decrypt:output_type -> DecryptResponse + 11, // [11:13] is the sub-list for method output_type + 9, // [9:11] is the sub-list for method input_type + 9, // [9:9] is the sub-list for extension type_name + 9, // [9:9] is the sub-list for extension extendee + 0, // [0:9] is the sub-list for field type_name +} + +func init() { file_keyservice_keyservice_proto_init() } +func file_keyservice_keyservice_proto_init() { + if File_keyservice_keyservice_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_keyservice_keyservice_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Key); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keyservice_keyservice_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*PgpKey); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keyservice_keyservice_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*KmsKey); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keyservice_keyservice_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*GcpKmsKey); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keyservice_keyservice_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*VaultKey); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keyservice_keyservice_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*AzureKeyVaultKey); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keyservice_keyservice_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*AgeKey); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keyservice_keyservice_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*EncryptRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keyservice_keyservice_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*EncryptResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keyservice_keyservice_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DecryptRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_keyservice_keyservice_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DecryptResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + file_keyservice_keyservice_proto_msgTypes[0].OneofWrappers = []interface{}{ + (*Key_KmsKey)(nil), + (*Key_PgpKey)(nil), + (*Key_GcpKmsKey)(nil), + (*Key_AzureKeyvaultKey)(nil), + (*Key_VaultKey)(nil), + (*Key_AgeKey)(nil), + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_keyservice_keyservice_proto_rawDesc, + NumEnums: 0, + NumMessages: 12, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_keyservice_keyservice_proto_goTypes, + DependencyIndexes: file_keyservice_keyservice_proto_depIdxs, + MessageInfos: file_keyservice_keyservice_proto_msgTypes, + }.Build() + File_keyservice_keyservice_proto = out.File + file_keyservice_keyservice_proto_rawDesc = nil + file_keyservice_keyservice_proto_goTypes = nil + file_keyservice_keyservice_proto_depIdxs = nil } // Reference imports to suppress errors if they are not otherwise used. var _ context.Context -var _ grpc.ClientConn +var _ grpc.ClientConnInterface // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion4 +const _ = grpc.SupportPackageIsVersion6 // KeyServiceClient is the client API for KeyService service. // @@ -646,10 +1019,10 @@ type KeyServiceClient interface { } type keyServiceClient struct { - cc *grpc.ClientConn + cc grpc.ClientConnInterface } -func NewKeyServiceClient(cc *grpc.ClientConn) KeyServiceClient { +func NewKeyServiceClient(cc grpc.ClientConnInterface) KeyServiceClient { return &keyServiceClient{cc} } @@ -681,10 +1054,10 @@ type KeyServiceServer interface { type UnimplementedKeyServiceServer struct { } -func (*UnimplementedKeyServiceServer) Encrypt(ctx context.Context, req *EncryptRequest) (*EncryptResponse, error) { +func (*UnimplementedKeyServiceServer) Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method Encrypt not implemented") } -func (*UnimplementedKeyServiceServer) Decrypt(ctx context.Context, req *DecryptRequest) (*DecryptResponse, error) { +func (*UnimplementedKeyServiceServer) Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method Decrypt not implemented") } diff --git a/keyservice/keyservice.proto b/keyservice/keyservice.proto index a6f5e436f..f2b7faa90 100644 --- a/keyservice/keyservice.proto +++ b/keyservice/keyservice.proto @@ -7,6 +7,7 @@ message Key { GcpKmsKey gcp_kms_key = 3; AzureKeyVaultKey azure_keyvault_key = 4; VaultKey vault_key = 5; + AgeKey age_key = 6; } } @@ -37,6 +38,10 @@ message AzureKeyVaultKey { string version = 3; } +message AgeKey { + string recipient = 1; +} + message EncryptRequest { Key key = 1; bytes plaintext = 2; diff --git a/keyservice/server.go b/keyservice/server.go index d2734bd97..aed4c9cde 100644 --- a/keyservice/server.go +++ b/keyservice/server.go @@ -3,6 +3,7 @@ package keyservice import ( "fmt" + "go.mozilla.org/sops/v3/age" "go.mozilla.org/sops/v3/azkv" "go.mozilla.org/sops/v3/gcpkms" "go.mozilla.org/sops/v3/hcvault" @@ -75,6 +76,20 @@ func (ks *Server) encryptWithVault(key *VaultKey, plaintext []byte) ([]byte, err return []byte(vaultKey.EncryptedKey), nil } +func (ks *Server) encryptWithAge(key *AgeKey, plaintext []byte) ([]byte, error) { + ageKey := age.MasterKey{ + Recipient: key.Recipient, + } + + err := ageKey.Encrypt(plaintext) + + if err != nil { + return nil, err + } + + return []byte(ageKey.EncryptedKey), nil +} + func (ks *Server) decryptWithPgp(key *PgpKey, ciphertext []byte) ([]byte, error) { pgpKey := pgp.NewMasterKeyFromFingerprint(key.Fingerprint) pgpKey.EncryptedKey = string(ciphertext) @@ -120,6 +135,15 @@ func (ks *Server) decryptWithVault(key *VaultKey, ciphertext []byte) ([]byte, er return []byte(plaintext), err } +func (ks *Server) decryptWithAge(key *AgeKey, ciphertext []byte) ([]byte, error) { + ageKey := age.MasterKey{ + Recipient: key.Recipient, + } + ageKey.EncryptedKey = string(ciphertext) + plaintext, err := ageKey.Decrypt() + return []byte(plaintext), err +} + // Encrypt takes an encrypt request and encrypts the provided plaintext with the provided key, returning the encrypted // result func (ks Server) Encrypt(ctx context.Context, @@ -167,6 +191,14 @@ func (ks Server) Encrypt(ctx context.Context, response = &EncryptResponse{ Ciphertext: ciphertext, } + case *Key_AgeKey: + ciphertext, err := ks.encryptWithAge(k.AgeKey, req.Plaintext) + if err != nil { + return nil, err + } + response = &EncryptResponse{ + Ciphertext: ciphertext, + } case nil: return nil, status.Errorf(codes.NotFound, "Must provide a key") default: @@ -261,6 +293,14 @@ func (ks Server) Decrypt(ctx context.Context, response = &DecryptResponse{ Plaintext: plaintext, } + case *Key_AgeKey: + plaintext, err := ks.decryptWithAge(k.AgeKey, req.Ciphertext) + if err != nil { + return nil, err + } + response = &DecryptResponse{ + Plaintext: plaintext, + } case nil: return nil, grpc.Errorf(codes.NotFound, "Must provide a key") default: diff --git a/stores/stores.go b/stores/stores.go index 236940fb2..da8781ab2 100644 --- a/stores/stores.go +++ b/stores/stores.go @@ -15,6 +15,7 @@ import ( "fmt" "go.mozilla.org/sops/v3" + "go.mozilla.org/sops/v3/age" "go.mozilla.org/sops/v3/azkv" "go.mozilla.org/sops/v3/gcpkms" "go.mozilla.org/sops/v3/hcvault" @@ -42,6 +43,7 @@ type Metadata struct { GCPKMSKeys []gcpkmskey `yaml:"gcp_kms" json:"gcp_kms"` AzureKeyVaultKeys []azkvkey `yaml:"azure_kv" json:"azure_kv"` VaultKeys []vaultkey `yaml:"hc_vault" json:"hc_vault"` + AgeKeys []agekey `yaml:"age" json:"age"` LastModified string `yaml:"lastmodified" json:"lastmodified"` MessageAuthenticationCode string `yaml:"mac" json:"mac"` PGPKeys []pgpkey `yaml:"pgp" json:"pgp"` @@ -58,6 +60,7 @@ type keygroup struct { GCPKMSKeys []gcpkmskey `yaml:"gcp_kms,omitempty" json:"gcp_kms,omitempty"` AzureKeyVaultKeys []azkvkey `yaml:"azure_kv,omitempty" json:"azure_kv,omitempty"` VaultKeys []vaultkey `yaml:"hc_vault" json:"hc_vault"` + AgeKeys []agekey `yaml:"age" json:"age"` } type pgpkey struct { @@ -97,6 +100,11 @@ type azkvkey struct { EncryptedDataKey string `yaml:"enc" json:"enc"` } +type agekey struct { + Recipient string `yaml:"recipient" json:"recipient"` + EncryptedDataKey string `yaml:"enc" json:"enc"` +} + // MetadataFromInternal converts an internal SOPS metadata representation to a representation appropriate for storage func MetadataFromInternal(sopsMetadata sops.Metadata) Metadata { var m Metadata @@ -115,6 +123,7 @@ func MetadataFromInternal(sopsMetadata sops.Metadata) Metadata { m.GCPKMSKeys = gcpkmsKeysFromGroup(group) m.VaultKeys = vaultKeysFromGroup(group) m.AzureKeyVaultKeys = azkvKeysFromGroup(group) + m.AgeKeys = ageKeysFromGroup(group) } else { for _, group := range sopsMetadata.KeyGroups { m.KeyGroups = append(m.KeyGroups, keygroup{ @@ -123,6 +132,7 @@ func MetadataFromInternal(sopsMetadata sops.Metadata) Metadata { GCPKMSKeys: gcpkmsKeysFromGroup(group), VaultKeys: vaultKeysFromGroup(group), AzureKeyVaultKeys: azkvKeysFromGroup(group), + AgeKeys: ageKeysFromGroup(group), }) } } @@ -206,6 +216,19 @@ func azkvKeysFromGroup(group sops.KeyGroup) (keys []azkvkey) { return } +func ageKeysFromGroup(group sops.KeyGroup) (keys []agekey) { + for _, key := range group { + switch key := key.(type) { + case *age.MasterKey: + keys = append(keys, agekey{ + Recipient: key.Recipient, + EncryptedDataKey: key.EncryptedKey, + }) + } + } + return +} + // ToInternal converts a storage-appropriate Metadata struct to a SOPS internal representation func (m *Metadata) ToInternal() (sops.Metadata, error) { lastModified, err := time.Parse(time.RFC3339, m.LastModified) @@ -251,7 +274,7 @@ func (m *Metadata) ToInternal() (sops.Metadata, error) { }, nil } -func internalGroupFrom(kmsKeys []kmskey, pgpKeys []pgpkey, gcpKmsKeys []gcpkmskey, azkvKeys []azkvkey, vaultKeys []vaultkey) (sops.KeyGroup, error) { +func internalGroupFrom(kmsKeys []kmskey, pgpKeys []pgpkey, gcpKmsKeys []gcpkmskey, azkvKeys []azkvkey, vaultKeys []vaultkey, ageKeys []agekey) (sops.KeyGroup, error) { var internalGroup sops.KeyGroup for _, kmsKey := range kmsKeys { k, err := kmsKey.toInternal() @@ -288,13 +311,20 @@ func internalGroupFrom(kmsKeys []kmskey, pgpKeys []pgpkey, gcpKmsKeys []gcpkmske } internalGroup = append(internalGroup, k) } + for _, ageKey := range ageKeys { + k, err := ageKey.toInternal() + if err != nil { + return nil, err + } + internalGroup = append(internalGroup, k) + } return internalGroup, nil } func (m *Metadata) internalKeygroups() ([]sops.KeyGroup, error) { var internalGroups []sops.KeyGroup - if len(m.PGPKeys) > 0 || len(m.KMSKeys) > 0 || len(m.GCPKMSKeys) > 0 || len(m.AzureKeyVaultKeys) > 0 || len(m.VaultKeys) > 0 { - internalGroup, err := internalGroupFrom(m.KMSKeys, m.PGPKeys, m.GCPKMSKeys, m.AzureKeyVaultKeys, m.VaultKeys) + if len(m.PGPKeys) > 0 || len(m.KMSKeys) > 0 || len(m.GCPKMSKeys) > 0 || len(m.AzureKeyVaultKeys) > 0 || len(m.VaultKeys) > 0 || len(m.AgeKeys) > 0 { + internalGroup, err := internalGroupFrom(m.KMSKeys, m.PGPKeys, m.GCPKMSKeys, m.AzureKeyVaultKeys, m.VaultKeys, m.AgeKeys) if err != nil { return nil, err } @@ -302,7 +332,7 @@ func (m *Metadata) internalKeygroups() ([]sops.KeyGroup, error) { return internalGroups, nil } else if len(m.KeyGroups) > 0 { for _, group := range m.KeyGroups { - internalGroup, err := internalGroupFrom(group.KMSKeys, group.PGPKeys, group.GCPKMSKeys, group.AzureKeyVaultKeys, group.VaultKeys) + internalGroup, err := internalGroupFrom(group.KMSKeys, group.PGPKeys, group.GCPKMSKeys, group.AzureKeyVaultKeys, group.VaultKeys, group.AgeKeys) if err != nil { return nil, err } @@ -381,6 +411,13 @@ func (pgpKey *pgpkey) toInternal() (*pgp.MasterKey, error) { }, nil } +func (ageKey *agekey) toInternal() (*age.MasterKey, error) { + return &age.MasterKey{ + EncryptedKey: ageKey.EncryptedDataKey, + Recipient: ageKey.Recipient, + }, nil +} + // ExampleComplexTree is an example sops.Tree object exhibiting complex relationships var ExampleComplexTree = sops.Tree{ Branches: sops.TreeBranches{