Documentation
¶
Overview ¶
Package crypto provides encryption and key management operations using the age library.
This package handles:
- X25519 key generation (public/private key pairs)
- Secret encryption/decryption for secure API key storage
- Key rotation for periodic security best practices
- Atomic key replacement to prevent partial state
Thread Safety:
- Key file operations are not thread-safe (file I/O)
- Functions should not be called concurrently on same key files
Security:
- All key files use 0600 permissions (owner only)
- Temporary files are created with secure defaults
- Key rotation uses atomic operations to prevent data loss
- Private key material is never logged or printed
Performance:
- Key generation uses X25519 (fast, secure curve)
- Encryption uses age's efficient streaming API
- Temporary key files are cleaned up on failure
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DecryptSecrets ¶
DecryptSecrets decrypts the secrets file and returns the plaintext content.
func EncryptSecrets ¶
EncryptSecrets encrypts the given secrets string using age encryption and saves to the specified path.
func EnsureKeyExists ¶
EnsureKeyExists generates a new encryption key if one doesn't exist at the specified directory.
func GenerateKey ¶
GenerateKey generates a new X25519 encryption key and saves it to the specified path.
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.