Remove extras unused by OpenBao

These subpackages are unused by OpenBao. KMS is a package built on top of go-kms-wrapping which uses a database to store encryption keys: this is unnecessary in our case as we explicitly want all keys to be backed by the underlying wrapper (which, admittedly in the case of cloud KMSes, incurs some cost that extras/kms/ could avoid). Crypto adds, along other things, a HMAC-SHA-256 implementation: if we find this useful, we could add this directly to wrappers/ as an optional type (just like signing.go is). Lastly, StructWrapping adds a way to encrypt arbitrary interfaces, through a custom marshaling format built on protobuf. extras/multi remains: it is unclear if it might potentially be useful for multi-unseal in OpenBao in the future and aead/ had tests using it. Signed-off-by: Alexander Scheel <[email protected]>
openbao · Aug 15, 2024 · 394aa79 · 394aa79
1 parent ed6cd95
commit 394aa79
Show file tree

Hide file tree

Showing 84 changed files with 0 additions and 16,094 deletions.
diff --git a/README.md b/README.md
@@ -61,22 +61,6 @@ package is capable of encrypting to a specified wrapper and
 decrypting using one of several wrappers switched on key ID. This can allow
 easy key rotation for KMSes that do not natively support it.
 
-* The
-[`structwrapping`](https://github.com/hashicorp/go-kms-wrapping/tree/main/extras/structwrapping)
-package allows for structs to have members encrypted and decrypted in a single
-pass via a single wrapper. This can be used for workflows such as database
-library callback functions to easily encrypt/decrypt data as it goes to/from
-storage.
-
-* The [`kms`](https://github.com/hashicorp/go-kms-wrapping/tree/main/extras/kms)
-  package provides key management system features for wrappers
-  including scoped [KEKs](https://en.wikipedia.org/wiki/Glossary_of_cryptographic_keys)
-  and [DEKs](https://en.wikipedia.org/wiki/Glossary_of_cryptographic_keys) which
-  are wrapped with an external KMS when stored in sqlite or postgres. 
-
-* The [`crypto`](https://github.com/hashicorp/go-kms-wrapping/tree/main/extras/crypto) package provides additional operations like HMAC-SHA256 and a
-  derived reader from which keys can be read.
-
 ## Installation
 
 `go get github.com/hashicorp/go-kms-wrapping/v2`

diff --git a/extras/crypto/derived_reader.go b/extras/crypto/derived_reader.go
diff --git a/extras/crypto/derived_reader_test.go b/extras/crypto/derived_reader_test.go