-
Notifications
You must be signed in to change notification settings - Fork 289
/
const.go
89 lines (75 loc) · 2.4 KB
/
const.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
package kms
// KeyPurpose allows an application to specify the reason they need a key; this
// is used to select which DEK to return
type KeyPurpose uint
// ****************************************************************************
// IMPORTANT: if you're adding a new KeyPurpose, you should consider whether or
// not existing scopes need this new type of key. If they do, then you may want
// to add the new key into kms.ReconcileKeys(...)
// ****************************************************************************
const (
// KeyPurposeUnknown is the default, and indicates that a correct purpose
// wasn't specified
KeyPurposeUnknown KeyPurpose = iota
// KeyPurposeDatabase is used for general encryption needs for most values
// in the database, excluding the oplog
KeyPurposeDatabase
// KeyPurposeOplog is used for oplogs
KeyPurposeOplog
// KeyPurposeRecovery is used for recovery access
KeyPurposeRecovery
// KeyPurposeWorkerAuth is used for worker auth
KeyPurposeWorkerAuth
// KeyPurposeWorkerAuthStorage is used for worker credential storage
KeyPurposeWorkerAuthStorage
// KeyPurposeTokens is used for token encryption
KeyPurposeTokens
// KeyPurposeSessions is used as a base key to derive session-specific encryption keys
KeyPurposeSessions
// KeyPurposeOidc is used for encrypting oidc states included in
// authentication URLs
KeyPurposeOidc
// KeyPurposeAudit is used for audit operations
KeyPurposeAudit
// KeyPurposeRootKey is used as the root key
KeyPurposeRootKey
)
// String returns the key purpose cast as a string, just so it can be called as
// a function instead of direct casting elsewhere, yw
func (k KeyPurpose) String() string {
switch k {
case KeyPurposeDatabase:
return "database"
case KeyPurposeOplog:
return "oplog"
case KeyPurposeRecovery:
return "recovery"
case KeyPurposeWorkerAuth:
return "workerauth"
case KeyPurposeWorkerAuthStorage:
return "workerauthstorage"
case KeyPurposeTokens:
return "tokens"
case KeyPurposeSessions:
return "sessions"
case KeyPurposeOidc:
return "oidc"
case KeyPurposeAudit:
return "audit"
case KeyPurposeRootKey:
return "rootKey"
default:
return "unknown"
}
}
// ValidDekPurposes returns the current list of valid DEK key purposes
func ValidDekPurposes() []KeyPurpose {
return []KeyPurpose{
KeyPurposeDatabase,
KeyPurposeOplog,
KeyPurposeTokens,
KeyPurposeSessions,
KeyPurposeOidc,
KeyPurposeAudit,
}
}