Movatterモバイル変換

[0]ホーム
URL:

cryptokeys

package
v2.23.0Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest Published: Jun 3, 2025 License:AGPL-3.0Imports:16Imported by:0

Details

Repository

github.com/coder/coder

Links

Documentation

Overview

Package cryptokeys provides an abstraction for fetching internally used cryptographic keys mainly for JWT signing and verification.

Index

Constants

View Source
const (WorkspaceAppsTokenDuration =time.MinuteOIDCConvertTokenDuration   =time.Minute * 5TailnetResumeTokenDuration =time.Hour * 24// DefaultKeyDuration is the default duration for which a key is valid. It applies to all features.DefaultKeyDuration =time.Hour * 24 * 30)

Variables

View Source
var (ErrKeyNotFound    =xerrors.New("key not found")ErrKeyInvalid     =xerrors.New("key is invalid for use")ErrClosed         =xerrors.New("closed")ErrInvalidFeature =xerrors.New("invalid feature for this operation"))

Functions

funcStartRotator

func StartRotator(ctxcontext.Context, loggerslog.Logger, dbdatabase.Store, opts ...RotatorOption)

StartRotator starts a background process that rotates keys in the database.It ensures there's at least one valid key per feature prior to returning.Canceling the provided context will stop the background process.

Types

typeCacheOption

type CacheOption func(*cache)

funcWithCacheClock

func WithCacheClock(clockquartz.Clock)CacheOption

typeDBFetcher

type DBFetcher struct {DBdatabase.Store}

func (*DBFetcher)Fetch

typeEncryptionKeycache

type EncryptionKeycache interface {// EncryptingKey returns the latest valid key for encrypting payloads. A valid// key is one that is both past its start time and before its deletion time.EncryptingKey(ctxcontext.Context) (idstring, key interface{}, errerror)// DecryptingKey returns the key with the provided id which maps to its sequence// number. The key is valid for decryption as long as it is not deleted or past// its deletion date. We must allow for keys prior to their start time to// account for clock skew between peers (one key may be past its start time on// one machine while another is not).DecryptingKey(ctxcontext.Context, idstring) (key interface{}, errerror)io.Closer}

funcNewEncryptionCache

func NewEncryptionCache(ctxcontext.Context, loggerslog.Logger, fetcherFetcher,featurecodersdk.CryptoKeyFeature, opts ...func(*cache),) (EncryptionKeycache,error)

typeFetcher

type Fetcher interface {Fetch(ctxcontext.Context, featurecodersdk.CryptoKeyFeature) ([]codersdk.CryptoKey,error)}

typeRotatorOption

type RotatorOption func(*rotator)

funcWithClock

func WithClock(clockquartz.Clock)RotatorOption

funcWithKeyDuration

func WithKeyDuration(keyDurationtime.Duration)RotatorOption

typeSigningKeycache

type SigningKeycache interface {// SigningKey returns the latest valid key for signing. A valid key is one// that is both past its start time and before its deletion time.SigningKey(ctxcontext.Context) (idstring, key interface{}, errerror)// VerifyingKey returns the key with the provided id which should map to its// sequence number. The key is valid for verifying as long as it is not deleted// or past its deletion date. We must allow for keys prior to their start time// to account for clock skew between peers (one key may be past its start time// on one machine while another is not).VerifyingKey(ctxcontext.Context, idstring) (key interface{}, errerror)io.Closer}

funcNewSigningCache

func NewSigningCache(ctxcontext.Context, loggerslog.Logger, fetcherFetcher,featurecodersdk.CryptoKeyFeature, opts ...func(*cache),) (SigningKeycache,error)

NewSigningCache instantiates a cache. Close should be called to release resourcesassociated with its internal timer.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f orF : Jump to
y orY : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic.Learn more.
[8]ページ先頭
©2009-2025 Movatter.jp