secrets

package
Version: v2.0.0-...-93c23f5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 2, 2021 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Overview

Example
ctx, cancel := context.WithCancel(context.Background())
defer cancel()

// use "smGbjm71Nxd1Ig5FS0wj9SlbzAIrnolCz9bQQ6uAhl4=" as secret
c, err := New(ctx, "base64key://smGbjm71Nxd1Ig5FS0wj9SlbzAIrnolCz9bQQ6uAhl4=")
if err != nil {
	fmt.Println(err)
	return
}
defer c.Close()

plainKey := make([]byte, 32)
rand.Read(plainKey)

cypherKey, err := c.EncryptKey(ctx, plainKey)
if err != nil {
	fmt.Println(err)
	return
}

plainText := "asdfghjklñqwertyuiozxcvbnm,"

cypherText, err := c.Encrypt(ctx, []byte(plainText), cypherKey)
if err != nil {
	fmt.Println(err)
	return
}

result, err := c.Decrypt(ctx, cypherText, cypherKey)
if err != nil {
	fmt.Println(err)
	return
}

if r := string(result); r != plainText {
	fmt.Printf("unexpected result: %s", r)
}
Output:

Index

Examples

Constants

This section is empty.

Variables

View Source
var OpenCensusViews = secrets.OpenCensusViews

OpenCensusViews are predefined views for OpenCensus metrics. The views include counts and latency distributions for API method calls.

Functions

func Decrypt

func Decrypt(data []byte, passphrase []byte) ([]byte, error)

Decrypt decrypts the received data with a passphrase using AES GCM

Example
msg := "zxcvbnmasdfghjklqwertyuiop1234567890"
passphrase := "some secret"

cypherMsg1, err := Encrypt([]byte(msg), []byte(passphrase))
if err != nil {
	fmt.Println(err)
	return
}

cypherMsg2, err2 := Encrypt([]byte(msg), []byte(passphrase))
if err2 != nil {
	fmt.Println(err2)
	return
}

if string(cypherMsg1) == string(cypherMsg2) {
	fmt.Println("two executions with the same input shall not generate the same output")
	return
}

res1, err3 := Decrypt(cypherMsg1, []byte(passphrase))
if err != nil {
	fmt.Println(err3)
	return
}

res2, err4 := Decrypt(cypherMsg2, []byte(passphrase))
if err != nil {
	fmt.Println(err4)
	return
}

if string(res1) != string(res2) {
	fmt.Println("results are different:", string(res1), string(res2))
	return
}
Output:

func Encrypt

func Encrypt(data []byte, passphrase []byte) ([]byte, error)

Encrypt encrypts the received data with a passphrase using AES GCM

Example
msg := "zxcvbnmasdfghjklqwertyuiop1234567890"
passphrase := "some secret"

cypherMsg, err := Encrypt([]byte(msg), []byte(passphrase))
if err != nil {
	fmt.Println(err)
	return
}

cypherMsg2, err2 := Encrypt([]byte(msg), []byte(passphrase))
if err2 != nil {
	fmt.Println(err2)
	return
}

if string(cypherMsg) == string(cypherMsg2) {
	fmt.Println("two executions with the same input shall not generate the same output")
}
Output:

Types

type Cypher

type Cypher struct {
	// contains filtered or unexported fields
}

Cypher is a structure able to encrypt and decrypt messages with an encrypted key. Before encrypting or decrypting the message, the encrypted key is decrypted with the help of the wrapped secrets.Keeper

func New

func New(ctx context.Context, url string) (*Cypher, error)

New returns a Cypher wrapping a secrets.Keeper accesing the secret stored at the given url. The url depends on the secrets driver required (awskms, azurekeyvault, gcpkms, hashivault and localsecrets). See the URLOpener documentation in gocloud.dev/secrets driver subpackages for details on supported URL formats, and https://gocloud.dev/concepts/urls for more information.

func (*Cypher) Close

func (c *Cypher) Close()

Close releases any resources used for the Cypher

func (*Cypher) Decrypt

func (c *Cypher) Decrypt(ctx context.Context, cipherText, cipheredKey []byte) ([]byte, error)

Decrypt decrypts an encrypted text using a encrypted key, returning a plain message. Before using the given key, it decrypts the key with the secrets.Keeper

func (*Cypher) Encrypt

func (c *Cypher) Encrypt(ctx context.Context, plainText, cipheredKey []byte) ([]byte, error)

Encrypt encrypts a plain text using a encrypted key, returning a cipher message. Before using the given key, it decrypts the key with the secrets.Keeper

func (*Cypher) EncryptKey

func (c *Cypher) EncryptKey(ctx context.Context, plainKey []byte) ([]byte, error)

EncryptKey encrypts the given plain key with the secrets.Keeper

Source Files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL