/
kms.go
executable file
·65 lines (56 loc) · 1.56 KB
/
kms.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
package aws
import (
"context"
"fmt"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/kms"
"github.com/sabariramc/goserverbase/v5/log"
)
type KMS struct {
_ struct{}
*kms.Client
keyArn *string
log log.Log
}
var defaultKMSClient *kms.Client
func NewKMSClientWithConfig(awsConfig aws.Config) *kms.Client {
client := kms.NewFromConfig(awsConfig)
return client
}
func GetDefaultKMSClient(logger log.Log, keyArn string) *KMS {
if defaultKMSClient == nil {
defaultKMSClient = NewKMSClientWithConfig(*defaultAWSConfig)
}
return NewKMSClient(logger, defaultKMSClient, keyArn)
}
func NewKMSClient(logger log.Log, client *kms.Client, keyArn string) *KMS {
return &KMS{Client: client, keyArn: &keyArn, log: logger.NewResourceLogger("KMS")}
}
func (k *KMS) Encrypt(ctx context.Context, plainText []byte) (cipherBlob []byte, err error) {
req := &kms.EncryptInput{
KeyId: k.keyArn,
Plaintext: plainText,
}
res, err := k.Client.Encrypt(ctx, req)
if err != nil {
k.log.Error(ctx, "error encrypting content", err)
err = fmt.Errorf("KMS.Encrypt: error encrypting content: %w", err)
return
}
cipherBlob = res.CiphertextBlob
return
}
func (k *KMS) Decrypt(ctx context.Context, cipherBlob []byte) (plainText []byte, err error) {
req := &kms.DecryptInput{
KeyId: k.keyArn,
CiphertextBlob: cipherBlob,
}
res, err := k.Client.Decrypt(ctx, req)
if err != nil {
k.log.Error(ctx, "error decrypting content", err)
err = fmt.Errorf("KMS.Decrypt: error decrypting content: %w", err)
return
}
plainText = res.Plaintext
return
}