Merge pull request #20 from Infisical/feat/add-kms-operations

feat: add kms operations
Infisical · Oct 30, 2024 · 3a24efb · 3a24efb
2 parents 0edc4a5 + d2463be
commit 3a24efb
Show file tree

Hide file tree

Showing 5 changed files with 133 additions and 0 deletions.
diff --git a/client.go b/client.go
@@ -33,6 +33,7 @@ type InfisicalClient struct {
 	folders        FoldersInterface
 	auth           AuthInterface
 	dynamicSecrets DynamicSecretsInterface
+	kms            KmsInterface
 }
 
 type InfisicalClientInterface interface {
@@ -41,6 +42,7 @@ type InfisicalClientInterface interface {
 	Folders() FoldersInterface
 	Auth() AuthInterface
 	DynamicSecrets() DynamicSecretsInterface
+	Kms() KmsInterface
 }
 
 type Config struct {
@@ -117,6 +119,7 @@ func NewInfisicalClient(context context.Context, config Config) InfisicalClientI
 	client.folders = NewFolders(client)
 	client.auth = NewAuth(client)
 	client.dynamicSecrets = NewDynamicSecrets(client)
+	client.kms = NewKms(client)
 
 	if config.AutoTokenRefresh {
 		go client.handleTokenLifeCycle(context)
@@ -178,6 +181,10 @@ func (c *InfisicalClient) DynamicSecrets() DynamicSecretsInterface {
 	return c.dynamicSecrets
 }
 
+func (c *InfisicalClient) Kms() KmsInterface {
+	return c.kms
+}
+
 func (c *InfisicalClient) handleTokenLifeCycle(context context.Context) {
 	var warningPrinted = false
 	authStrategies := map[util.AuthMethod]func(cred interface{}) (credential MachineIdentityCredential, err error){

diff --git a/kms.go b/kms.go
@@ -0,0 +1,49 @@
+package infisical
+
+import (
+	"encoding/base64"
+
+	api "github.com/infisical/go-sdk/packages/api/kms"
+)
+
+type KmsEncryptDataOptions = api.KmsEncryptDataV1Request
+type KmsDecryptDataOptions = api.KmsDecryptDataV1Request
+
+type KmsInterface interface {
+	EncryptData(options KmsEncryptDataOptions) (string, error)
+	DecryptData(options KmsDecryptDataOptions) (string, error)
+}
+
+type Kms struct {
+	client *InfisicalClient
+}
+
+func (f *Kms) EncryptData(options KmsEncryptDataOptions) (string, error) {
+	options.Plaintext = base64.StdEncoding.EncodeToString([]byte(options.Plaintext))
+	res, err := api.CallKmsEncryptDataV1(f.client.httpClient, options)
+
+	if err != nil {
+		return "", err
+	}
+
+	return res.Ciphertext, nil
+}
+
+func (f *Kms) DecryptData(options KmsDecryptDataOptions) (string, error) {
+	res, err := api.CallKmsDecryptDataV1(f.client.httpClient, options)
+
+	if err != nil {
+		return "", err
+	}
+
+	decodedPlaintext, err := base64.StdEncoding.DecodeString(res.Plaintext)
+	if err != nil {
+		return "", err
+	}
+
+	return string(decodedPlaintext), nil
+}
+
+func NewKms(client *InfisicalClient) KmsInterface {
+	return &Kms{client: client}
+}
diff --git a/packages/api/kms/decrypt_data.go b/packages/api/kms/decrypt_data.go
@@ -0,0 +1,29 @@
+package api
+
+import (
+	"fmt"
+
+	"github.com/go-resty/resty/v2"
+	"github.com/infisical/go-sdk/packages/errors"
+)
+
+const callKmsDecryptDataOperationV1 = "CallKmsDecryptDataV1"
+
+func CallKmsDecryptDataV1(httpClient *resty.Client, request KmsDecryptDataV1Request) (KmsDecryptDataV1Response, error) {
+	kmsDecryptDataResponse := KmsDecryptDataV1Response{}
+
+	res, err := httpClient.R().
+		SetResult(&kmsDecryptDataResponse).
+		SetBody(request).
+		Post(fmt.Sprintf("/v1/kms/keys/%s/decrypt", request.KeyId))
+
+	if err != nil {
+		return KmsDecryptDataV1Response{}, errors.NewRequestError(callKmsDecryptDataOperationV1, err)
+	}
+
+	if res.IsError() {
+		return KmsDecryptDataV1Response{}, errors.NewAPIErrorWithResponse(callKmsDecryptDataOperationV1, res)
+	}
+
+	return kmsDecryptDataResponse, nil
+}
diff --git a/packages/api/kms/encrypt_data.go b/packages/api/kms/encrypt_data.go
@@ -0,0 +1,29 @@
+package api
+
+import (
+	"fmt"
+
+	"github.com/go-resty/resty/v2"
+	"github.com/infisical/go-sdk/packages/errors"
+)
+
+const callKmsEncryptDataOperationV1 = "CallKmsEncryptDataV1"
+
+func CallKmsEncryptDataV1(httpClient *resty.Client, request KmsEncryptDataV1Request) (KmsEncryptDataV1Response, error) {
+	kmsEncryptDataResponse := KmsEncryptDataV1Response{}
+
+	res, err := httpClient.R().
+		SetResult(&kmsEncryptDataResponse).
+		SetBody(request).
+		Post(fmt.Sprintf("/v1/kms/keys/%s/encrypt", request.KeyId))
+
+	if err != nil {
+		return KmsEncryptDataV1Response{}, errors.NewRequestError(callKmsEncryptDataOperationV1, err)
+	}
+
+	if res.IsError() {
+		return KmsEncryptDataV1Response{}, errors.NewAPIErrorWithResponse(callKmsEncryptDataOperationV1, res)
+	}
+
+	return kmsEncryptDataResponse, nil
+}
diff --git a/packages/api/kms/models.go b/packages/api/kms/models.go
@@ -0,0 +1,19 @@
+package api
+
+type KmsEncryptDataV1Request struct {
+	KeyId     string
+	Plaintext string `json:"plaintext"`
+}
+
+type KmsEncryptDataV1Response struct {
+	Ciphertext string `json:"ciphertext"`
+}
+
+type KmsDecryptDataV1Request struct {
+	KeyId      string
+	Ciphertext string `json:"ciphertext"`
+}
+
+type KmsDecryptDataV1Response struct {
+	Plaintext string `json:"plaintext"`
+}