Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

volta

module

Go to main page

Versions in this module

v0

v0.2.1

Mar 11, 2026

v0.2.0

Mar 10, 2026

v0.1.0

Mar 6, 2026

Changes in this version

+ type AuditSummary struct

+ CredsAccessCount int

+ FailedEvents int

+ KeyOperations int

+ LastActivity time.Time

+ SensitiveDataAccessCount int

+ SuccessfulEvents int

+ TenantID string

+ TotalEvents int

+ type BulkOperationResult struct

+ Details map[string]interface{}

+ Error string

+ Success bool

+ TenantID string

+ Timestamp time.Time

+ type ContentType string

+ const ContentTypeBinary

+ const ContentTypeJSON

+ const ContentTypePEM

+ const ContentTypeTOML

+ const ContentTypeText

+ const ContentTypeXML

+ const ContentTypeYAML

+ type CryptoAlgorithm string

+ const ChaCha20Poly1305

+ type KeyMetadata struct

+ Active bool

+ CreatedAt time.Time

+ DeactivatedAt *time.Time

+ KeyID string

+ Reason string

+ Status KeyStatus

+ Version int

+ type KeyRotationMetadata struct

+ CurrentKeyID string

+ EncryptedKeys map[string][]byte

+ Keys map[string]KeyMetadata

+ LastRotation time.Time

+ Reason string

+ Version int

+ type KeyStatus string

+ const KeyStatusActive

+ const KeyStatusInactive

+ type Options struct

+ DerivationPassphrase string

+ DerivationSalt []byte

+ EnableMemoryLock bool

+ EnvPassphraseVar string

+ UserID string

+ func (o Options) Validate() error

+ type RetryConfig struct

+ BaseDelay time.Duration

+ MaxDelay time.Duration

+ MaxRetries int

+ func DefaultRetryConfig() RetryConfig

+ type SecretEntry struct

+ CreatedAt time.Time

+ Data []byte

+ ID string

+ Metadata *SecretMetadata

+ Tags []string

+ UpdatedAt time.Time

+ Version int

+ type SecretListEntry struct

+ CreatedAt time.Time

+ DataSize int

+ ID string

+ Metadata *SecretMetadata

+ Tags []string

+ UpdatedAt time.Time

+ Version int

+ type SecretListOptions struct

+ ContentType ContentType

+ Limit int

+ Offset int

+ Prefix string

+ Tags []string

+ type SecretMetadata struct

+ AccessCount int64

+ Checksum string

+ ContentType ContentType

+ CreatedAt time.Time

+ CustomFields map[string]string

+ Description string

+ ExpiresAt *time.Time

+ KeyID string

+ LastAccessed *time.Time

+ SecretID string

+ Size int

+ Tags []string

+ UpdatedAt time.Time

+ Version int

+ type SecretResult struct

+ Data []byte

+ Metadata *SecretMetadata

+ UsedActiveKey bool

+ type SecretWithContext struct

+ func (swc *SecretWithContext) Close()

+ func (swc *SecretWithContext) Data() []byte

+ func (swc *SecretWithContext) Done() <-chan struct{}

+ func (swc *SecretWithContext) IsCleared() bool

+ func (swc *SecretWithContext) String() string

+ type SecretsContainer struct

+ Secrets map[string]*SecretEntry

+ Timestamp time.Time

+ Version string

+ type SecureString struct

+ func NewSecureString(data []byte) (*SecureString, error)

+ func (ss *SecureString) Bytes() []byte

+ func (ss *SecureString) Close()

+ func (ss *SecureString) IsCleared() bool

+ func (ss *SecureString) String() string

+ type Vault struct

+ func (v *Vault) Backup(destinationDir, passphrase string) error

+ func (v *Vault) Close() error

+ func (v *Vault) Decrypt(base64CiphertextWithKeyID string) ([]byte, error)

+ func (v *Vault) DeleteSecret(secretID string) error

+ func (v *Vault) DeleteTenant(tenantID string) error

+ func (v *Vault) DestroyKey(keyID string) error

+ func (v *Vault) Encrypt(plaintext []byte) (ciphertextWithKeyID string, err error)

+ func (v *Vault) GetActiveKeyMetadata() (KeyMetadata, error)

+ func (v *Vault) GetAudit() audit.Logger

+ func (v *Vault) GetBackupInfo(backupPath string) (*persist.BackupInfo, error)

+ func (v *Vault) GetSecret(secretID string) (*SecretResult, error)

+ func (v *Vault) GetSecretMetadata(secretID string) (*SecretMetadata, error)

+ func (v *Vault) GetSecretWithContext(ctx context.Context, secretID string) (*SecretWithContext, error)

+ func (v *Vault) GetSecretWithTimeout(secretID string, timeout time.Duration) (*SecretWithContext, error)

+ func (v *Vault) ListKeyMetadata() ([]KeyMetadata, error)

+ func (v *Vault) ListSecrets(options *SecretListOptions) ([]*SecretListEntry, error)

+ func (v *Vault) Restore(backupDir, passphrase string) error

+ func (v *Vault) RotateDataEncryptionKey(reason string) (*KeyMetadata, error)

+ func (v *Vault) RotateKeyEncryptionKey(newPassphrase string, reason string) error

+ func (v *Vault) SecretExists(secretID string) (bool, error)

+ func (v *Vault) SecureMemoryProtection() string

+ func (v *Vault) StoreSecret(secretID string, secretData []byte, tags []string, contentType ContentType) (*SecretMetadata, error)

+ func (v *Vault) UpdateSecret(secretID string, secretData []byte, tags []string, contentType ContentType) (*SecretMetadata, error)

+ func (v *Vault) UseSecret(secretID string, fn func(data []byte) error) error

+ func (v *Vault) UseSecretPair(secretID1, secretID2 string, fn func(secret1, secret2 []byte) error) error

+ func (v *Vault) UseSecretPairString(secretID1, secretID2 string, fn func(secret1, secret2 string) error) error

+ func (v *Vault) UseSecretString(secretID string, fn func(secret string) error) error

+ func (v *Vault) UseSecretWithContext(ctx context.Context, secretID string, fn func(data []byte) error) error

+ func (v *Vault) UseSecretWithTimeout(secretID string, timeout time.Duration, fn func(data []byte) error) error

+ func (v *Vault) UseSecrets(secretIDs []string, fn func(secrets map[string][]byte) error) error

+ func (v *Vault) UseSecretsString(secretIDs []string, fn func(secrets map[string]string) error) error

+ type VaultManager struct

+ func NewVaultManagerWithStoreConfig(baseOptions Options, storeConfig persist.StoreConfig, auditLogger audit.Logger) *VaultManager

+ func (tm *VaultManager) CloseAll() error

+ func (tm *VaultManager) CloseTenant(tenantID string) error

+ func (tm *VaultManager) DeleteTenant(tenantID string) error

+ func (tm *VaultManager) GetAuditSummary(tenantID string, since *time.Time) (AuditSummary, error)

+ func (tm *VaultManager) GetVault(tenantID string) (VaultService, error)

+ func (tm *VaultManager) ListTenants() ([]string, error)

+ func (tm *VaultManager) QueryAllTenantsAuditLogs(options audit.QueryOptions) (map[string]audit.QueryResult, error)

+ func (tm *VaultManager) QueryAuditLogs(options audit.QueryOptions) (*audit.QueryResult, error)

+ func (tm *VaultManager) QueryFailedOperations(tenantID string, since *time.Time) ([]audit.Event, error)

+ func (tm *VaultManager) QueryKeyOperations(tenantID string, keyID string, since *time.Time) ([]audit.Event, error)

+ func (tm *VaultManager) QueryPassphraseAccessLogs(tenantID string, since *time.Time) ([]audit.Event, error)

+ func (tm *VaultManager) QuerySecretAccess(tenantID string, secretID string, since *time.Time) ([]audit.Event, error)

+ func (tm *VaultManager) QueryTenantAuditLogs(tenantID string, options audit.QueryOptions) (audit.QueryResult, error)

+ func (tm *VaultManager) RotateAllTenantKeys(tenantIDs []string, reason string) ([]BulkOperationResult, error)

+ func (tm *VaultManager) RotateAllTenantPassphrases(tenantIDs []string, newPassphrase string, reason string) ([]BulkOperationResult, error)

+ type VaultManagerService interface

+ CloseAll func() error

+ CloseTenant func(tenantID string) error

+ DeleteTenant func(tenatID string) error

+ GetAuditSummary func(tenantID string, since *time.Time) (AuditSummary, error)

+ GetVault func(tenantID string) (VaultService, error)

+ ListTenants func() ([]string, error)

+ QueryAllTenantsAuditLogs func(options audit.QueryOptions) (map[string]audit.QueryResult, error)

+ QueryAuditLogs func(options audit.QueryOptions) (*audit.QueryResult, error)

+ QueryFailedOperations func(tenantID string, since *time.Time) ([]audit.Event, error)

+ QueryKeyOperations func(tenantID string, keyID string, since *time.Time) ([]audit.Event, error)

+ QueryPassphraseAccessLogs func(tenantID string, since *time.Time) ([]audit.Event, error)

+ QuerySecretAccess func(tenantID string, secretID string, since *time.Time) ([]audit.Event, error)

+ QueryTenantAuditLogs func(tenantID string, options audit.QueryOptions) (audit.QueryResult, error)

+ RotateAllTenantKeys func(tenantIDs []string, reason string) ([]BulkOperationResult, error)

+ RotateAllTenantPassphrases func(tenantIDs []string, newPassphrase string, reason string) ([]BulkOperationResult, error)

+ func NewVaultManagerFileStore(options Options, basePath string, auditLogger audit.Logger) VaultManagerService

+ func NewVaultManagerS3Store(options Options, storeConfig persist.S3Config, auditLogger audit.Logger) (VaultManagerService, error)

+ func NewVaultManagerWithStoreFactory(baseOptions Options, storeFactory func(tenantID string) (persist.Store, error), ...) VaultManagerService

+ type VaultService interface

+ Backup func(destinationDir, passphrase string) error

+ Close func() error

+ Decrypt func(base64CiphertextWithKeyID string) (plaintext []byte, err error)

+ DeleteSecret func(secretID string) error

+ DeleteTenant func(tenantID string) error

+ DestroyKey func(keyID string) error

+ Encrypt func(plaintext []byte) (ciphertextWithKeyID string, err error)

+ GetActiveKeyMetadata func() (KeyMetadata, error)

+ GetAudit func() audit.Logger

+ GetSecret func(secretID string) (*SecretResult, error)

+ GetSecretMetadata func(secretID string) (*SecretMetadata, error)

+ GetSecretWithContext func(ctx context.Context, secretID string) (*SecretWithContext, error)

+ GetSecretWithTimeout func(secretID string, timeout time.Duration) (*SecretWithContext, error)

+ ListKeyMetadata func() ([]KeyMetadata, error)

+ ListSecrets func(options *SecretListOptions) ([]*SecretListEntry, error)

+ Restore func(destinationDir, passphrase string) error

+ RotateDataEncryptionKey func(reason string) (*KeyMetadata, error)

+ RotateKeyEncryptionKey func(newPassphrase string, reason string) error

+ SecretExists func(secretID string) (bool, error)

+ SecureMemoryProtection func() string

+ StoreSecret func(secretID string, secretData []byte, tags []string, contentType ContentType) (*SecretMetadata, error)

+ UpdateSecret func(secretID string, secretData []byte, tags []string, contentType ContentType) (*SecretMetadata, error)

+ UseSecret func(secretID string, fn func(data []byte) error) error

+ UseSecretPair func(secretID1, secretID2 string, fn func(secret1, secret2 []byte) error) error

+ UseSecretPairString func(secretID1, secretID2 string, fn func(secret1, secret2 string) error) error

+ UseSecretString func(secretID string, fn func(secret string) error) error

+ UseSecretWithContext func(ctx context.Context, secretID string, fn func(data []byte) error) error

+ UseSecretWithTimeout func(secretID string, timeout time.Duration, fn func(data []byte) error) error

+ UseSecrets func(secretIDs []string, fn func(secrets map[string][]byte) error) error

+ UseSecretsString func(secretIDs []string, fn func(secrets map[string]string) error) error

+ func NewWithStore(options Options, store persist.Store, auditLogger audit.Logger, ...) (VaultService, error)