Interface KMSProviders

Configuration options that are used by specific KMS providers during key generation, encryption, and decryption.

Hierarchy

  • KMSProviders

Properties

aws? azure? gcp? kmip? local?

Properties

Optional aws

aws?: Record<string, never> | {
    accessKeyId: string;
    secretAccessKey: string;
    sessionToken?: string;
}

Configuration options for using 'aws' as your KMS provider

Type declaration

  • accessKeyId: string

    The access key used for the AWS KMS provider

  • secretAccessKey: string

    The secret access key used for the AWS KMS provider

  • Optional sessionToken?: string

    An optional AWS session token that will be used as the X-Amz-Security-Token header for AWS requests.

Optional azure

azure?: Record<string, never> | {
    clientId: string;
    clientSecret: string;
    identityPlatformEndpoint?: string;
    tenantId: string;
} | {
    accessToken: string;
}

Configuration options for using 'azure' as your KMS provider

Type declaration

  • clientId: string

    The client ID to authenticate a registered application

  • clientSecret: string

    The client secret to authenticate a registered application

  • Optional identityPlatformEndpoint?: string

    If present, a host with optional port. E.g. "example.com" or "example.com:443". This is optional, and only needed if customer is using a non-commercial Azure instance (e.g. a government or China account, which use different URLs). Defaults to "login.microsoftonline.com"

  • tenantId: string

    The tenant ID identifies the organization for the account

Type declaration

  • accessToken: string

    If present, an access token to authenticate with Azure.

Optional gcp

gcp?: Record<string, never> | {
    email: string;
    endpoint?: string;
    privateKey: string | Buffer;
} | {
    accessToken: string;
}

Configuration options for using 'gcp' as your KMS provider

Type declaration

  • email: string

    The service account email to authenticate

  • Optional endpoint?: string

    If present, a host with optional port. E.g. "example.com" or "example.com:443". Defaults to "oauth2.googleapis.com"

  • privateKey: string | Buffer

    A PKCS#8 encrypted key. This can either be a base64 string or a binary representation

Type declaration

  • accessToken: string

    If present, an access token to authenticate with GCP.

Optional kmip

kmip?: {
    endpoint?: string;
}

Configuration options for using 'kmip' as your KMS provider

Type declaration

  • Optional endpoint?: string

    The output endpoint string. The endpoint consists of a hostname and port separated by a colon. E.g. "example.com:123". A port is always present.

Optional local

local?: {
    key: string | Buffer;
}

Configuration options for using 'local' as your KMS provider

Type declaration

  • key: string | Buffer

    The master key used to encrypt/decrypt data keys. A 96-byte long Buffer or base64 encoded string.

Settings

Member Visibility

Theme

On This Page

Generated using TypeDoc