Interface KMSProviders

Configuration options that are used by specific KMS providers during key generation, encryption, and decryption.特定KMS提供程序在键生成、加密和解密过程中使用的配置选项。

Hierarchy

  • KMSProviders

Properties

aws? azure? gcp? kmip? local?

Properties

Optional aws

aws?: Record<string, never> | {
    accessKeyId: string;
    secretAccessKey: string;
    sessionToken?: string;
}

Configuration options for using 'aws' as your KMS provider使用“aws”作为KMS提供程序的配置选项

Type declaration

  • accessKeyId: string

    The access key used for the AWS KMS providerAWS KMS提供商使用的访问键

  • secretAccessKey: string

    The secret access key used for the AWS KMS provider用于AWS KMS提供商的秘密访问键

  • Optional sessionToken?: string

    An optional AWS session token that will be used as the X-Amz-Security-Token header for AWS requests.可选的AWS会话令牌,将用作AWS请求的X-Amz-Security-token标头。

Optional azure

azure?: Record<string, never> | {
    clientId: string;
    clientSecret: string;
    identityPlatformEndpoint?: string;
    tenantId: string;
} | {
    accessToken: string;
}

Configuration options for using 'azure' as your KMS provider使用“azure”作为KMS提供程序的配置选项

Type declaration

  • clientId: string

    The client ID to authenticate a registered application用于验证已注册应用程序的客户端ID

  • clientSecret: string

    The client secret to authenticate a registered application用于验证已注册应用程序的客户端机密

  • Optional identityPlatformEndpoint?: string

    If present, a host with optional port. E.g. "example.com" or "example.com:443". 如果存在,则为具有可选端口的主机。例如"example.com"或"example.com:443"。 This is optional, and only needed if customer is using a non-commercial Azure instance (e.g. a government or China account, which use different URLs).这是可选的,并且只有当客户使用非商业Azure实例(例如,使用不同URL的政府或中国帐户)时才需要。 Defaults to "login.microsoftonline.com"默认为"login.microsoftonline.com"。

  • tenantId: string

    The tenant ID identifies the organization for the account租户ID标识帐户的组织

Type declaration

  • accessToken: string

    If present, an access token to authenticate with Azure.如果存在,则是用于向Azure进行身份验证的访问令牌。

Optional gcp

gcp?: Record<string, never> | {
    email: string;
    endpoint?: string;
    privateKey: string | Buffer;
} | {
    accessToken: string;
}

Configuration options for using 'gcp' as your KMS provider将“gcp”用作KMS提供程序的配置选项

Type declaration

  • email: string

    The service account email to authenticate要验证的服务帐户电子邮件

  • Optional endpoint?: string

    If present, a host with optional port. E.g. "example.com" or "example.com:443".如果存在,则为具有可选端口的主机。例如"example.com"或"example.com:443"。 Defaults to "oauth2.googleapis.com"默认为"oauth2.googleapis.com"。

  • privateKey: string | Buffer

    A PKCS#8 encrypted key. This can either be a base64 string or a binary representationPKCS#8加密键。这可以是base64字符串,也可以是二进制表示

Type declaration

  • accessToken: string

    If present, an access token to authenticate with GCP.如果存在,则提供用于向GCP进行身份验证的访问令牌。

Optional kmip

kmip?: {
    endpoint?: string;
}

Configuration options for using 'kmip' as your KMS provider使用“kmip”作为KMS提供程序的配置选项

Type declaration

  • Optional endpoint?: string

    The output endpoint string.输出端点字符串。 The endpoint consists of a hostname and port separated by a colon.端点由一个主机名和一个用冒号分隔的端口组成。 E.g. "example.com:123". A port is always present.例如"example.com:123"。端口始终存在。

Optional local

local?: {
    key: string | Buffer;
}

Configuration options for using 'local' as your KMS provider使用“local”作为KMS提供程序的配置选项

Type declaration

  • key: string | Buffer

    The master key used to encrypt/decrypt data keys.用于加密/解密数据键的主键。 A 96-byte long Buffer or base64 encoded string.一个96字节长的Buffer或base64编码字符串。

Settings

Member Visibility

Theme

On This Page

Generated using TypeDoc