usecase

package

v0.13.0 Latest Latest Go to latest Published: Feb 25, 2026 License: MIT Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/allisson/secrets

Links

Open Source Insights

Documentation ¶

Overview ¶

Package usecase defines business logic interfaces for KEK operations and repository contracts.

Package usecase implements business logic orchestration for cryptographic operations. Coordinates KEK lifecycle including creation, rotation, and decryption using repositories and services.

Index ¶

type DekRepository
type DekUseCase
- func NewDekUseCase(txManager database.TxManager, dekRepo DekRepository, ...) DekUseCase
type KekRepository
type KekUseCase
- func NewKekUseCase(txManager database.TxManager, kekRepo KekRepository, ...) KekUseCase

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type DekRepository ¶ added in v0.12.0

type DekRepository interface {
	// Update modifies an existing DEK in the repository.
	Update(ctx context.Context, dek *cryptoDomain.Dek) error

	// GetBatchNotKekID retrieves a batch of DEKs that are not encrypted with the given KEK ID.
	GetBatchNotKekID(ctx context.Context, kekID uuid.UUID, limit int) ([]*cryptoDomain.Dek, error)
}

DekRepository defines persistence operations for Data Encryption Keys. Implementations must support transaction-aware operations via context propagation.

type DekUseCase ¶ added in v0.12.0

type DekUseCase interface {
	// Rewrap finds DEKs that are not encrypted with the specified KEK ID,
	// decrypts them using their old KEKs, and re-encrypts them with the new KEK.
	// Returns the number of DEKs rewrapped in this batch.
	Rewrap(
		ctx context.Context,
		kekChain *cryptoDomain.KekChain,
		newKekID uuid.UUID,
		batchSize int,
	) (int, error)
}

DekUseCase defines business logic operations for Data Encryption Key management.

func NewDekUseCase ¶ added in v0.12.0

func NewDekUseCase(
	txManager database.TxManager,
	dekRepo DekRepository,
	keyManager cryptoService.KeyManager,
) DekUseCase

NewDekUseCase creates a new DekUseCase instance.

type KekRepository ¶

type KekRepository interface {
	// Create stores a new KEK in the repository.
	Create(ctx context.Context, kek *cryptoDomain.Kek) error

	// Update modifies an existing KEK in the repository.
	Update(ctx context.Context, kek *cryptoDomain.Kek) error

	// List retrieves all KEKs ordered by version descending (newest first).
	List(ctx context.Context) ([]*cryptoDomain.Kek, error)
}

KekRepository defines persistence operations for Key Encryption Keys. Implementations must support transaction-aware operations via context propagation.

type KekUseCase ¶

type KekUseCase interface {
	// Create generates and persists a new KEK using the active master key.
	Create(ctx context.Context, masterKeyChain *cryptoDomain.MasterKeyChain, alg cryptoDomain.Algorithm) error

	// Rotate performs atomic KEK rotation by creating a new KEK with incremented version.
	Rotate(ctx context.Context, masterKeyChain *cryptoDomain.MasterKeyChain, alg cryptoDomain.Algorithm) error

	// Unwrap decrypts all KEKs from the database and returns them in a KekChain for in-memory use.
	Unwrap(ctx context.Context, masterKeyChain *cryptoDomain.MasterKeyChain) (*cryptoDomain.KekChain, error)
}

KekUseCase defines business logic operations for Key Encryption Key management. It orchestrates KEK lifecycle including creation, rotation, and unwrapping.

func NewKekUseCase ¶

func NewKekUseCase(
	txManager database.TxManager,
	kekRepo KekRepository,
	keyManager cryptoService.KeyManager,
) KekUseCase

NewKekUseCase creates a new KEK use case with the provided dependencies.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mocks

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL