class AwsKms extends Kms with NamedLogging
Stands for Amazon Web Services - Key Management Service and wraps the necessary encrypt and decrypt functions from the AWS SDK.
- Alphabetic
- By Inheritance
- AwsKms
- NamedLogging
- Kms
- FlagCloseable
- PerformUnlessClosing
- OnShutdownRunner
- AutoCloseable
- AnyRef
- Any
- Hide All
- Show All
- Public
- Protected
Instance Constructors
- new AwsKms(config: Aws, kmsClient: KmsAsyncClient, timeouts: ProcessingTimeout, loggerFactory: NamedLoggerFactory)
Value Members
- final def !=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def ##: Int
- Definition Classes
- AnyRef → Any
- final def ==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def asInstanceOf[T0]: T0
- Definition Classes
- Any
- def cancelShutdownTask(token: Long): Unit
Removes a shutdown task from the list using a token returned by runOnShutdown
Removes a shutdown task from the list using a token returned by runOnShutdown
- Definition Classes
- OnShutdownRunner
- def clone(): AnyRef
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.CloneNotSupportedException]) @native() @IntrinsicCandidate()
- final def close(): Unit
Blocks until all earlier tasks have completed and then prevents further tasks from being run.
Blocks until all earlier tasks have completed and then prevents further tasks from being run.
- Definition Classes
- FlagCloseable → OnShutdownRunner → AutoCloseable
- def closingTimeout: FiniteDuration
- Attributes
- protected
- Definition Classes
- FlagCloseable → PerformUnlessClosing
- val config: Aws
- def containsShutdownTask(token: Long): Boolean
- Definition Classes
- OnShutdownRunner
- def decryptAsymmetric(keyId: KmsKeyId, data: ByteString256, encryptionKeyScheme: EncryptionKeyScheme)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, ByteString190]
Asymmetrically decrypt the data passed as a byte array using a KMS private key.
Asymmetrically decrypt the data passed as a byte array using a KMS private key.
- keyId
key identifier (e.g. AWS key ARN)
- data
byte string to decrypt. The higher bound on the data size we can decrypt is 256bytes (i.e. the ciphertext length for RSA2048-OAEP-SHA256 encryption; when using RSAES-OAEP the ciphertext size is always equal to the size of the Modulus).
- encryptionKeyScheme
the encryption algorithm that was used to encrypt the plaintext message. The algorithm must be compatible with the KMS key that you specify.
- returns
a decrypted byte string or an error if it fails to decrypt
- Definition Classes
- Kms
- def decryptAsymmetricInternal(keyId: KmsKeyId, data: ByteString256, encryptionKeyScheme: EncryptionKeyScheme)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, ByteString190]
- def decryptSymmetric(keyId: KmsKeyId, data: ByteString6144)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, ByteString4096]
Symmetrically decrypt the data passed as a byte array using a KMS symmetric key.
Symmetrically decrypt the data passed as a byte array using a KMS symmetric key.
- keyId
key identifier (e.g. AWS key ARN)
- data
byte string to decrypt. The higher bound on the data size we can decrypt is 6144 bytes (i.e. maximum accepted input size for the external KMSs that we support).
- returns
a decrypted byte string or an error if it fails to decrypt
- Definition Classes
- Kms
- def decryptSymmetricInternal(keyId: KmsKeyId, data: ByteString6144)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, ByteString4096]
- def deleteKey(keyId: KmsKeyId)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, Unit]
Schedule a deletion of a KMS key (takes between 7-30 days)
Schedule a deletion of a KMS key (takes between 7-30 days)
- keyId
key identifier (e.g. AWS key ARN)
- returns
an error if it fails to schedule a deletion of a key
- Definition Classes
- Kms
- def deleteKeyInternal(keyId: KmsKeyId)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, Unit]
- def encryptSymmetric(keyId: KmsKeyId, data: ByteString4096)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, ByteString6144]
Symmetrically encrypt the data passed as a byte string using a KMS symmetric key.
Symmetrically encrypt the data passed as a byte string using a KMS symmetric key.
- keyId
key identifier (e.g. AWS key ARN)
- data
byte string to encrypt. The higher bound on the data size we can encrypt is 4kb (i.e. maximum accepted input size for the external KMSs that we support).
- returns
an encrypted byte string or an error if it fails to encrypt
- Definition Classes
- Kms
- def encryptSymmetricInternal(keyId: KmsKeyId, data: ByteString4096)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, ByteString6144]
- final def eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- def equals(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef → Any
- implicit def errorLoggingContext(implicit traceContext: TraceContext): ErrorLoggingContext
- Attributes
- protected
- Definition Classes
- NamedLogging
- def generateAsymmetricEncryptionKeyPair(encryptionKeyScheme: EncryptionKeyScheme, name: Option[KeyName] = None)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, KmsKeyId]
Creates a new (asymmetric) encryption key pair in the KMS and returns a key identifier.
Creates a new (asymmetric) encryption key pair in the KMS and returns a key identifier.
- encryptionKeyScheme
defines the encryption key scheme to which the key is going to be used for.
- name
an optional name to identify the key.
- returns
a key id or an error if it fails to create a key
- Definition Classes
- Kms
- def generateAsymmetricEncryptionKeyPairInternal(encryptionKeyScheme: EncryptionKeyScheme, name: Option[KeyName])(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, KmsKeyId]
- def generateSigningKeyPair(signingKeyScheme: SigningKeyScheme, name: Option[KeyName] = None)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, KmsKeyId]
Creates a new signing key pair in the KMS and returns its key identifier.
Creates a new signing key pair in the KMS and returns its key identifier.
- signingKeyScheme
defines the signing key scheme to which the key is going to be used for.
- name
an optional name to identify the key.
- returns
a key id or an error if it fails to create a key
- Definition Classes
- Kms
- def generateSigningKeyPairInternal(signingKeyScheme: SigningKeyScheme, name: Option[KeyName])(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, KmsKeyId]
- def generateSymmetricEncryptionKey(name: Option[KeyName] = None)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, KmsKeyId]
Creates a new symmetric encryption key in the KMS and returns its key identifier.
Creates a new symmetric encryption key in the KMS and returns its key identifier. The specific encryption scheme is not necessary (default is taken) because this is intended to be used to generate a KMS wrapper key.
- name
an optional name to identify the key.
- returns
a key id or an error if it fails to create a key
- Definition Classes
- Kms
- def generateSymmetricEncryptionKeyInternal(name: Option[KeyName])(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, KmsKeyId]
- final def getClass(): Class[_ <: AnyRef]
- Definition Classes
- AnyRef → Any
- Annotations
- @native() @IntrinsicCandidate()
- def getPublicEncryptionKey(keyId: KmsKeyId)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, EncryptionPublicKey]
Get public key for encryption from KMS given a KMS key identifier.
Get public key for encryption from KMS given a KMS key identifier.
- keyId
key identifier (e.g. AWS key ARN)
- returns
the public encryption key for that keyId
- Definition Classes
- Kms
- def getPublicEncryptionKeyInternal(keyId: KmsKeyId)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, EncryptionPublicKey]
- def getPublicKey(keyId: KmsKeyId)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, PublicKey]
Get the public key with the given keyId
Get the public key with the given keyId
- Definition Classes
- Kms
- def getPublicSigningKey(keyId: KmsKeyId)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, SigningPublicKey]
Get public key for signing from KMS given a KMS key identifier.
Get public key for signing from KMS given a KMS key identifier.
- keyId
key identifier (e.g. AWS key ARN)
- returns
the public signing key for that keyId
- Definition Classes
- Kms
- def getPublicSigningKeyInternal(keyId: KmsKeyId)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, SigningPublicKey]
- def hashCode(): Int
- Definition Classes
- AnyRef → Any
- Annotations
- @native() @IntrinsicCandidate()
- def internalPerformUnlessClosingF[A](name: String)(f: => Future[A])(implicit ec: ExecutionContext, traceContext: TraceContext): UnlessShutdown[Future[A]]
- Attributes
- protected
- Definition Classes
- PerformUnlessClosing
- def isClosing: Boolean
Check whether we're closing.
Check whether we're closing. Susceptible to race conditions; unless you're using this as a flag to the retry lib or you really know what you're doing, prefer
performUnlessClosing
and friends.- Definition Classes
- OnShutdownRunner
- final def isInstanceOf[T0]: Boolean
- Definition Classes
- Any
- def keepTrackOfOpenFutures: Boolean
track running futures on shutdown
track running futures on shutdown
set to true to get detailed information about all futures that did not complete during shutdown. if set to false, we don't do anything.
- Attributes
- protected
- Definition Classes
- PerformUnlessClosing
- def keyExistsAndIsActive(keyId: KmsKeyId)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, Unit]
Checks that a key identified by keyId exists in the KMS and is not deleted or disabled, and therefore can be used.
Checks that a key identified by keyId exists in the KMS and is not deleted or disabled, and therefore can be used.
- keyId
key identifier (e.g. AWS key ARN)
- returns
error if it fails to find key
- Definition Classes
- Kms
- def keyExistsAndIsActiveInternal(keyId: KmsKeyId)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, Unit]
- def logger: TracedLogger
- Attributes
- protected
- Definition Classes
- NamedLogging
- val loggerFactory: NamedLoggerFactory
- Attributes
- protected
- Definition Classes
- AwsKms → NamedLogging
- def maxSleepMillis: Long
How often to poll to check that all tasks have completed.
How often to poll to check that all tasks have completed.
- Attributes
- protected
- Definition Classes
- PerformUnlessClosing
- implicit def namedLoggingContext(implicit traceContext: TraceContext): NamedLoggingContext
- Attributes
- protected
- Definition Classes
- NamedLogging
- final def ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- def noTracingLogger: Logger
- Attributes
- protected
- Definition Classes
- NamedLogging
- final def notify(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native() @IntrinsicCandidate()
- final def notifyAll(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native() @IntrinsicCandidate()
- def onCloseFailure(e: Throwable): Unit
- Attributes
- protected
- Definition Classes
- PerformUnlessClosing
- def onClosed(): Unit
- Definition Classes
- AwsKms → PerformUnlessClosing
- final def onFirstClose(): Unit
Blocks until all earlier tasks have completed and then prevents further tasks from being run.
Blocks until all earlier tasks have completed and then prevents further tasks from being run.
- Definition Classes
- PerformUnlessClosing → OnShutdownRunner
- Annotations
- @SuppressWarnings()
- def performUnlessClosing[A](name: String)(f: => A)(implicit traceContext: TraceContext): UnlessShutdown[A]
Performs the task given by
f
unless a shutdown has been initiated.Performs the task given by
f
unless a shutdown has been initiated. The shutdown will only begin afterf
completes, but other tasks may execute concurrently withf
, if started using this function, or one of the other variants (performUnlessClosingF and performUnlessClosingEitherT). The tasks are assumed to take less than closingTimeout to complete.DO NOT CALL
this.close
as part off
, because it will result in a deadlock.- f
The task to perform
- returns
scala.None$ if a shutdown has been initiated. Otherwise the result of the task.
- Definition Classes
- PerformUnlessClosing
- def performUnlessClosingCheckedT[A, N, R](name: String, onClosing: => Checked[A, N, R])(etf: => CheckedT[Future, A, N, R])(implicit ec: ExecutionContext, traceContext: TraceContext): CheckedT[Future, A, N, R]
- Definition Classes
- PerformUnlessClosing
- def performUnlessClosingEitherT[E, R](name: String, onClosing: => E)(etf: => EitherT[Future, E, R])(implicit ec: ExecutionContext, traceContext: TraceContext): EitherT[Future, E, R]
Performs the EitherT[Future] given by
etf
unless a shutdown has been initiated, in which case the provided error is returned instead.Performs the EitherT[Future] given by
etf
unless a shutdown has been initiated, in which case the provided error is returned instead. Bothetf
and the error are lazy;etf
is only evaluated if there is no shutdown, the error only if we're shutting down. The shutdown will only begin afteretf
completes, but other tasks may execute concurrently withetf
, if started using this function, or one of the other variants (performUnlessClosing and performUnlessClosingF). The tasks are assumed to take less than closingTimeout to complete.DO NOT CALL
this.close
as part ofetf
, because it will result in a deadlock.- etf
The task to perform
- Definition Classes
- PerformUnlessClosing
- def performUnlessClosingEitherTF[E, R](name: String, onClosing: => E)(etf: => EitherT[Future, E, Future[R]])(implicit ec: ExecutionContext, traceContext: TraceContext): EitherT[Future, E, Future[R]]
- Definition Classes
- PerformUnlessClosing
- def performUnlessClosingEitherU[E, R](name: String)(etf: => EitherT[Future, E, R])(implicit ec: ExecutionContext, traceContext: TraceContext): EitherT[FutureUnlessShutdown, E, R]
- Definition Classes
- PerformUnlessClosing
- def performUnlessClosingEitherUSF[E, R](name: String)(etf: => EitherT[FutureUnlessShutdown, E, R])(implicit ec: ExecutionContext, traceContext: TraceContext): EitherT[FutureUnlessShutdown, E, R]
- Definition Classes
- PerformUnlessClosing
- def performUnlessClosingF[A](name: String)(f: => Future[A])(implicit ec: ExecutionContext, traceContext: TraceContext): FutureUnlessShutdown[A]
Performs the Future given by
f
unless a shutdown has been initiated.Performs the Future given by
f
unless a shutdown has been initiated. The future is lazy and not evaluated during shutdown. The shutdown will only begin afterf
completes, but other tasks may execute concurrently withf
, if started using this function, or one of the other variants (performUnlessClosing and performUnlessClosingEitherT). The tasks are assumed to take less than closingTimeout to complete.DO NOT CALL
this.close
as part off
, because it will result in a deadlock.- f
The task to perform
- returns
The future completes with com.digitalasset.canton.lifecycle.UnlessShutdown.AbortedDueToShutdown if a shutdown has been initiated. Otherwise the result of the task wrapped in com.digitalasset.canton.lifecycle.UnlessShutdown.Outcome.
- Definition Classes
- PerformUnlessClosing
- def performUnlessClosingUSF[A](name: String)(f: => FutureUnlessShutdown[A])(implicit ec: ExecutionContext, traceContext: TraceContext): FutureUnlessShutdown[A]
- Definition Classes
- PerformUnlessClosing
- def runOnShutdown[T](task: RunOnShutdown)(implicit traceContext: TraceContext): Long
Same as runOnShutdown_ but returns a token that allows you to remove the task explicitly from being run using cancelShutdownTask
Same as runOnShutdown_ but returns a token that allows you to remove the task explicitly from being run using cancelShutdownTask
- Definition Classes
- OnShutdownRunner
- def runOnShutdown_[T](task: RunOnShutdown)(implicit traceContext: TraceContext): Unit
Register a task to run when shutdown is initiated.
Register a task to run when shutdown is initiated.
You can use this for example to register tasks that cancel long-running computations, whose termination you can then wait for in "closeAsync".
- Definition Classes
- OnShutdownRunner
- def runStateChanged(waitingState: Boolean = false): Unit
- Attributes
- protected
- Definition Classes
- OnShutdownRunner
- Annotations
- @VisibleForTesting()
- def sign(keyId: KmsKeyId, data: ByteString4096, signingKeyScheme: SigningKeyScheme)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, ByteString]
Sign the data passed as a byte string using a KMS key.
Sign the data passed as a byte string using a KMS key.
- keyId
key identifier (e.g. AWS key ARN)
- data
byte string to sign. The higher bound on the data size we can sign is 4kb (i.e. maximum accepted input size for the external KMSs that we support).
- signingKeyScheme
the signing algorithm to use to generate the signature
- returns
a byte string corresponding to the signature of the data
- Definition Classes
- Kms
- def signInternal(keyId: KmsKeyId, data: ByteString4096, signingKeyScheme: SigningKeyScheme)(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, ByteString]
- final def synchronized[T0](arg0: => T0): T0
- Definition Classes
- AnyRef
- val timeouts: ProcessingTimeout
- Definition Classes
- AwsKms → FlagCloseable
- def toString(): String
- Definition Classes
- AnyRef → Any
- final def wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- final def wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException]) @native()
- final def wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- def withRetries[T](description: String, checkKeyCreation: Boolean = false)(task: => EitherT[Future, KmsError, T])(implicit ec: ExecutionContext, tc: TraceContext): EitherT[Future, KmsError, T]
- Attributes
- protected
- Definition Classes
- Kms