Remove extras unused by OpenBao

These subpackages are unused by OpenBao. KMS is a package built on top of go-kms-wrapping which uses a database to store encryption keys: this is unnecessary in our case as we explicitly want all keys to be backed by the underlying wrapper (which, admittedly in the case of cloud KMSes, incurs some cost that extras/kms/ could avoid). Crypto adds, along other things, a HMAC-SHA-256 implementation: if we find this useful, we could add this directly to wrappers/ as an optional type (just like signing.go is). Lastly, StructWrapping adds a way to encrypt arbitrary interfaces, through a custom marshaling format built on protobuf. extras/multi remains: it is unclear if it might potentially be useful for multi-unseal in OpenBao in the future and aead/ had tests using it. Signed-off-by: Alexander Scheel <[email protected]>
openbao · Aug 15, 2024 · 12560ff · 12560ff
1 parent ed6cd95
commit 12560ff
Show file tree

Hide file tree

Showing 87 changed files with 31 additions and 16,101 deletions.
diff --git a/Makefile b/Makefile
@@ -17,11 +17,41 @@ proto:
 	find . -type f -name "*.pb.go" -delete
 	buf generate
 	buf format -w
-	
+
 	# inject classification tags (see: https://github.com/hashicorp/go-eventlogger/tree/main/filters/encrypt)
 	@protoc-go-inject-tag -input=./github.com.openbao.go.kms.wrapping.v2.types.pb.go
 
 .PHONY: tools
 tools:
 	go install github.com/favadi/[email protected]
 	go install github.com/bufbuild/buf/cmd/[email protected]
+
+.PHONY: tidy-all
+tidy-all:
+	cd entropy && go mod tidy
+	cd plugin && go mod tidy
+	cd wrappers/aead && go mod tidy
+	cd wrappers/alicloudkms && go mod tidy
+	cd wrappers/awskms && go mod tidy
+	cd wrappers/azurekeyvault && go mod tidy
+	cd wrappers/gcpckms && go mod tidy
+	cd wrappers/huaweicloudkms && go mod tidy
+	cd wrappers/ocikms && go mod tidy
+	cd wrappers/tencentcloudkms && go mod tidy
+	cd wrappers/transit && go mod tidy
+	go mod tidy
+
+.PHONY: generate-all
+generate-all:
+	cd entropy && GOARCH= GOOS= go generate ./...
+	cd plugin && GOARCH= GOOS= go generate ./...
+	cd wrappers/aead && GOARCH= GOOS= go generate ./...
+	cd wrappers/alicloudkms && GOARCH= GOOS= go generate ./...
+	cd wrappers/awskms && GOARCH= GOOS= go generate ./...
+	cd wrappers/azurekeyvault && GOARCH= GOOS= go generate ./...
+	cd wrappers/gcpckms && GOARCH= GOOS= go generate ./...
+	cd wrappers/huaweicloudkms && GOARCH= GOOS= go generate ./...
+	cd wrappers/ocikms && GOARCH= GOOS= go generate ./...
+	cd wrappers/tencentcloudkms && GOARCH= GOOS= go generate ./...
+	cd wrappers/transit && GOARCH= GOOS= go generate ./...
+	GOARCH= GOOS= go generate ./...
diff --git a/README.md b/README.md
@@ -61,22 +61,6 @@ package is capable of encrypting to a specified wrapper and
 decrypting using one of several wrappers switched on key ID. This can allow
 easy key rotation for KMSes that do not natively support it.
 
-* The
-[`structwrapping`](https://github.com/hashicorp/go-kms-wrapping/tree/main/extras/structwrapping)
-package allows for structs to have members encrypted and decrypted in a single
-pass via a single wrapper. This can be used for workflows such as database
-library callback functions to easily encrypt/decrypt data as it goes to/from
-storage.
-
-* The [`kms`](https://github.com/hashicorp/go-kms-wrapping/tree/main/extras/kms)
-  package provides key management system features for wrappers
-  including scoped [KEKs](https://en.wikipedia.org/wiki/Glossary_of_cryptographic_keys)
-  and [DEKs](https://en.wikipedia.org/wiki/Glossary_of_cryptographic_keys) which
-  are wrapped with an external KMS when stored in sqlite or postgres. 
-
-* The [`crypto`](https://github.com/hashicorp/go-kms-wrapping/tree/main/extras/crypto) package provides additional operations like HMAC-SHA256 and a
-  derived reader from which keys can be read.
-
 ## Installation
 
 `go get github.com/hashicorp/go-kms-wrapping/v2`

diff --git a/extras/crypto/derived_reader.go b/extras/crypto/derived_reader.go
diff --git a/extras/crypto/derived_reader_test.go b/extras/crypto/derived_reader_test.go