Skip to content

Go aws v4 signer implementation with pluggable hmac function

License

Notifications You must be signed in to change notification settings

psanford/awsv4signer

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

awsv4signer: aws-sdk-go pluggable request signer

awsv4signer is a fork of the aws-sdk-go v4 signer that allows you to provide your own HMAC hasher. The envisioned use-case for this is to allow you to store your AWS API keys in hardware (a TPM) that supports HMAC operations.

Usage

aws-sdk-go allows you to replace the request signer on a per service basis.

func listBucket(accessKeyID, secretAccessKey, bucket string) {
	s := awsv4signer.Signer{
		AccessKeyID:               accessKeyID,
		SecretAccessKeyHmacSha256: awsv4signer.StaticAccessKeyHmac(secretAccessKey),
	}

	sess := session.New(&aws.Config{
		Region: region,
	})
	svc := s3.New(sess)

	// remove the default v4 signing handler
	svc.Handlers.Sign.RemoveByName(v4.SignRequestHandler.Name)
	// add our signing handler
	svc.Handlers.Sign.PushBack(s.SignSDKRequest)

	resp, err := svc.ListObjects(&s3.ListObjectsInput{
		Bucket: aws.String(bucket),
	})
	if err != nil {
		panic(err)
	}

	for _, obj := range resp.Contents {
		fmt.Printf("%s\n", *obj.Key)
	}
}

The above example can be found in examples/s3ls.

For a working example of storing your secret access key in your TPM, see examples/tpmsigner.

Copyright

Code in internal/awssign is derived from https://github.com/aws/aws-sdk-go. Copyright for that code can be found in NOTICE.txt.

Credits

This work was inspired by the demo @salrashid123's demo in https://github.com/salrashid123/aws_hmac.

About

Go aws v4 signer implementation with pluggable hmac function

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages