password

package

v1.0.4 Latest Latest Go to latest Published: Feb 14, 2020 License: Apache-2.0, BSD-3-Clause, MIT Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/blinkhealth/go-config-yourself

Links

Open Source Insights

README ¶

`password` provider

The Password provider encrypts values with a key derived from a user-defined password using golang.org/x/crypto/scrypt. The values are encrypted using AES in GCM mode.

A note on password security

Passwords are checked with muesli/crunchy unless --skip-password-validation is provided, which disables all checks. Warning: Only use this flag if you're certain your passwords will be of sufficient complexity. Simple passwords are easy to guess and/or brute force, and negate the benefits of encryption. Always ensure passwords with appropriate complexity are selected for your use case.

Example

# CONFIG_PASSWORD=password
crypto:
  provider: password
  # This is a random key encrypted with the provided password
  key: azfUzNRdpdbYHb3AlML2asSo/gpDF5I4I7graqxvvD1VxXLsOitnrlVgLrRXk1YWX6sqFtNfnE7V0l9wMCmoYAV60qMO7IxQkjmAY3ObZa8RC5cW6P5M1b5UJjA=
zero:
  # These are encrypted with the random key described above
  ciphertext: i9gzOO+rpVk0XvZAbeDnMPdBsCA0oHbQ28oevBylmMdwFPCeR1qIPnnPIdx5rcfPfFhZHcMQeyFi5Q==
  encrypted: true
  hash: 6ac095169b05c043f89c9957f097f405d683bc15531824dca61bce544682d3b2

Environment Variables

For all operations, you may set the CONFIG_PASSWORD environment variable and this provider will use that instead of prompting the user for the file's password. This is obviously very insecure, since the password will be available in your shell history!

# a space prefixes this `export` to prevent the shell from storing
# this password in its history file
export CONFIG_PASSWORD="a very long password that's hard to guess!"
go-config-yourself init --provider password file.yml
# INFO[0000] Creating config at file.yml
go-config-yourself set file.yml secret <<<"some secret"
go-config-yourself get file.yml secret
# some secret

Documentation ¶

Overview ¶

Package password adds password support for go-config-yourself

It encrypts values with a key derived from a user-defined password. The values are encrypted using AES in GCM mode.

Index ¶

func New(config map[string]interface{}) (pvd.Crypto, error)
type Provider

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func New ¶

func New(config map[string]interface{}) (pvd.Crypto, error)

New creates a new password.Provider and returns it

Types ¶

type Provider ¶

type Provider struct {
	// contains filtered or unexported fields
}

Provider implements provider.Crypto for passwords

func (*Provider) Decrypt ¶

func (provider *Provider) Decrypt(data []byte) (plainText string, err error)

Decrypt bytes

func (*Provider) Enabled ¶

func (provider *Provider) Enabled() bool

Enabled tells whether the provider is ready to operate on secrets

func (*Provider) Encrypt ¶

func (provider *Provider) Encrypt(plainText []byte) (cipherText []byte, err error)

Encrypt bytes

func (*Provider) Replace ¶

func (provider *Provider) Replace(args map[string]interface{}) (err error)

Replace the current data key with a new one, encrypting it with a different password

Will prompt for a `password` unless present in `args` or is set as `CONFIG_PASSWORD` in the environment

func (*Provider) Serialize ¶

func (provider *Provider) Serialize() (serialized map[string]interface{})

Serialize into a map of config for later hydration

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL