Documentation
¶
Overview ¶
Package azurekeyvault provides the same repository-style cryptographic API as the local package, backed by Azure Key Vault when a Key Vault key reference is supplied.
The package supports provider-backed symmetric encryption, RSA-OAEP, RSA-PSS, RSA SHA-256, and HMAC through the Azure SDK, while still routing explicit local keys to the local implementation. Ed25519 remains local-only because Azure Key Vault doesn't expose provider-backed Ed25519 operations in this package.
When a provider key identifier is needed, the package reads it from viper using "encrypt.vault.azure-key-vault.key-id", with compatibility fallback to "encrypt.azure-key-vault.key-id".
Index ¶
- func NewRepository() *repository
- func ParseEd25519PrivateKeyFromBase64(b64 string) (ed25519.PrivateKey, error)
- func ParseEd25519PublicKeyFromBase64(b64 string) (ed25519.PublicKey, error)
- func ParseRSAPrivateKeyFromBase64(b64 string) (*rsa.PrivateKey, error)
- func ParseRSAPublicKeyFromBase64(b64 string) (*rsa.PublicKey, error)
- type AsymmetricRepository
- type HashRepository
- type Repository
- type SignatureRepository
- type SymmetricRepository
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewRepository ¶
func NewRepository() *repository
func ParseEd25519PrivateKeyFromBase64 ¶
func ParseEd25519PrivateKeyFromBase64(b64 string) (ed25519.PrivateKey, error)
ParseEd25519PrivateKeyFromBase64 decodes a Base64-encoded Ed25519 private key.
func ParseEd25519PublicKeyFromBase64 ¶
ParseEd25519PublicKeyFromBase64 decodes a Base64-encoded Ed25519 public key.
func ParseRSAPrivateKeyFromBase64 ¶
func ParseRSAPrivateKeyFromBase64(b64 string) (*rsa.PrivateKey, error)
ParseRSAPrivateKeyFromBase64 decodes a Base64-encoded RSA private key.
Types ¶
type AsymmetricRepository ¶
type AsymmetricRepository interface {
GeneratesRSAKey(ctx context.Context, size common.SizeAsymetrycKey) (*models.AsymmetricKeyData, error)
RSA_OAEP_Encode(ctx context.Context, publicKey, text string) (string, error)
RSA_OAEP_Decode(ctx context.Context, privateKey, cipherText string) (string, error)
}
func NewAsymmetricRepository ¶
func NewAsymmetricRepository() AsymmetricRepository
type HashRepository ¶
type HashRepository interface {
GenerateHMAC(ctx context.Context, secretKey, message string) string
ValidateHMAC(ctx context.Context, secretKey, message, providedHash string) bool
Sha256Hex(ctx context.Context, message string) string
Blake3(ctx context.Context, message string) string
}
func NewHashRepository ¶
func NewHashRepository() HashRepository
type Repository ¶
type Repository interface {
SymmetricRepository
AsymmetricRepository
SignatureRepository
HashRepository
}
type SignatureRepository ¶
type SignatureRepository interface {
GeneratesEd255Key(ctx context.Context, size common.SizeAsymetrycKey) (*models.AsymmetricKeyData, error)
SignEd25519(ctx context.Context, privateKey, text string) (string, error)
VerifyEd25519(ctx context.Context, publicKey, text, signature string) error
SignRSAPSS(ctx context.Context, privateKey, text string) (string, error)
VerifyRSAPSS(ctx context.Context, publicKey, text, signature string) error
SignPKCS1v15_SHA256(ctx context.Context, data string, privateKey *rsa.PrivateKey) (string, error)
VerifySHA256(ctx context.Context, data, signature string, publicKey *rsa.PublicKey) error
}
func NewSignatureRepository ¶
func NewSignatureRepository() SignatureRepository
type SymmetricRepository ¶
type SymmetricRepository interface {
GeneratesSymetrycKey(ctx context.Context, size common.SizeSymetrycKey) (*models.SymmetricKeyData, error)
EncryptAES(ctx context.Context, secretKey, value string, additional *string) (string, error)
DecryptAES(ctx context.Context, secretKey, cipherValue string, additional *string) (string, error)
}
func NewSymmetricRepository ¶
func NewSymmetricRepository() SymmetricRepository
Source Files