container

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 29, 2026 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrAliasNotFound = errors.New("container: alias not found")

ErrAliasNotFound is returned when no entry matches the requested alias.

Functions

This section is empty.

Types

type ContainerConfig 

type ContainerConfig struct {
	Type    ContainerType
	LocalKV LocalKVConfig
	KMS     KMSConfig
	HSM     HSMConfig
}

ContainerConfig defines runtime key container selection.

func (ContainerConfig) Validate 

func (c ContainerConfig) Validate() error

Validate checks minimal config correctness.

type ContainerType 

type ContainerType string

ContainerType identifies where keys are managed. 

const (
	ContainerTypeLocalKV ContainerType = "local_kv"
	ContainerTypeKMS     ContainerType = "kms"
	ContainerTypeHSM     ContainerType = "hsm"
)

type HSMConfig 

type HSMConfig struct {
	ModulePath string
	SlotID     string
	TokenLabel string
}

HSMConfig defines HSM key container options.

type KMSConfig 

type KMSConfig struct {
	Endpoint string
	Project  string
	Keyring  string
}

KMSConfig defines remote KMS key container options.

type KMSContainer 

type KMSContainer struct {
	// contains filtered or unexported fields
}

KMSContainer is a placeholder implementation for remote KMS backend.

func NewKMSContainer 

func NewKMSContainer(cfg KMSConfig) (*KMSContainer, error)

NewKMSContainer creates a kms key container with minimal validation.

func (*KMSContainer) ContainerType 

func (c *KMSContainer) ContainerType() ContainerType

func (*KMSContainer) Read 

func (c *KMSContainer) Read(ctx context.Context, query KeyQuery) (*KeyEntry, error)

func (*KMSContainer) Write 

func (c *KMSContainer) Write(ctx context.Context, req KeyWriteRequest) error

type KeyContainer 

type KeyContainer interface {
	ContainerType() ContainerType
	Read(ctx context.Context, query KeyQuery) (*KeyEntry, error)
	Write(ctx context.Context, req KeyWriteRequest) error
}

KeyContainer abstracts key read/write for Local KV, KMS and HSM.

type KeyDeleter 

type KeyDeleter interface {
	Delete(ctx context.Context, alias string) error
}

KeyDeleter is implemented by containers that support removing entries.

type KeyEntry 

type KeyEntry struct {
	KeyID      string
	Alias      string
	Algorithm  string
	KeyBase64  string
	KeyRef     string
	Exportable bool
	Metadata   map[string]string
}

KeyEntry is a normalized key model returned by any container backend.

- Exportable=true: KeyBase64 should be populated. - Exportable=false: KeyRef should be populated (typical KMS/HSM mode).

type KeyLister 

type KeyLister interface {
	List(ctx context.Context) ([]KeyMeta, error)
}

KeyLister is implemented by containers that can enumerate stored aliases.

type KeyMeta 

type KeyMeta struct {
	Alias     string
	Algorithm string
	UpdatedAt time.Time
}

KeyMeta is a lightweight key descriptor returned by KeyLister.

type KeyQuery 

type KeyQuery struct {
	KeyID     string
	Alias     string
	Algorithm string
	Version   string
}

KeyQuery is used to locate one key entry.

type KeyWriteRequest 

type KeyWriteRequest struct {
	KeyID      string
	Alias      string
	Algorithm  string
	KeyBase64  string
	KeyRef     string
	Exportable bool
	Metadata   map[string]string
}

KeyWriteRequest describes one key write operation.

type LocalKVConfig 

type LocalKVConfig struct {
	Path       string
	Passphrase string
}

LocalKVConfig defines local SM4-GCM encrypted key-value container options.

type LocalKVContainer 

type LocalKVContainer struct {
	// contains filtered or unexported fields
}

LocalKVContainer is a single-file SM4-GCM encrypted key-value store.

The underlying file is a self-describing JSON envelope (see secretkv). All entries live in memory after the first successful Load and are re-serialized on every mutation; reads are served from the in-memory cache.

func NewLocalKVContainer 

func NewLocalKVContainer(cfg LocalKVConfig) (*LocalKVContainer, error)

NewLocalKVContainer constructs a container, eagerly loading the underlying file if present. A non-existent file is treated as an empty store.

func (*LocalKVContainer) ContainerType 

func (c *LocalKVContainer) ContainerType() ContainerType

ContainerType implements KeyContainer.

func (*LocalKVContainer) Delete 

func (c *LocalKVContainer) Delete(ctx context.Context, alias string) error

Delete removes the entry whose alias matches (case-insensitive).

func (*LocalKVContainer) List 

func (c *LocalKVContainer) List(ctx context.Context) ([]KeyMeta, error)

List returns all stored aliases sorted lexicographically.

func (*LocalKVContainer) Read 

func (c *LocalKVContainer) Read(ctx context.Context, query KeyQuery) (*KeyEntry, error)

Read returns the entry whose alias equals query.Alias (case-insensitive).

func (*LocalKVContainer) Refresh 

func (c *LocalKVContainer) Refresh(ctx context.Context) error

Refresh reloads the file from disk, replacing any in-memory state.

func (*LocalKVContainer) Write 

func (c *LocalKVContainer) Write(ctx context.Context, req KeyWriteRequest) error

Write inserts or updates an entry. The whole store is re-encrypted and atomically rewritten to disk on success.

Source Files

View all Source files

Directories

Path Synopsis
internal
secretkv
Package secretkv provides an SM4-GCM encrypted key-value file format.
 Package secretkv provides an SM4-GCM encrypted key-value file format.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.