Back to godoc.org

Package keycrypt

v0.0.9
Latest Go to latest
Published: Jun 24, 2020 | License: Apache-2.0 | Module: github.com/grailbio/base

Overview

Package keycrypt implements an API for storing and retrieving opaque blobs of data stored in a secure fashion. Keycrypt multiplexes several backends, both local (e.g., macOS Keychain) and remote (e.g., AWS's KMS and S3).

Index

Package Files

Variables

var ErrNoSuchSecret = errors.New("no such secret")

func Get

func Get(rawurl string) ([]byte, error)

Get data from a keycrypt URL.

func GetJSON

func GetJSON(s Secret, v interface{}) error

Retrieve the content from a secret and unmarshal it into a value.

func Put

func Put(rawurl string, data []byte) error

Put writes data to a keycrypt URL.

func PutJSON

func PutJSON(s Secret, v interface{}) error

Marshal a value and write it into a secret.

func Register

func Register(scheme string, resolver Resolver)

Register associates a Resolver with a scheme.

func RegisterFunc

func RegisterFunc(scheme string, f func(string) Keycrypt)

RegisterFunc associates a Resolver (given by a func) with a scheme.

type Keycrypt

type Keycrypt interface {
	// Look up the named secret. A secret is returned even if it does
	// not yet exist. In this case, Secret.Get will return
	// ErrNoSuchSecret.
	Lookup(name string) Secret
}

Interface Keycrypt represents a secure secret storage.

type Resolver

type Resolver interface {
	Resolve(host string) Keycrypt
}

func ResolverFunc

func ResolverFunc(f func(string) Keycrypt) Resolver

type Secret

type Secret interface {
	// Retrieve the current value of this secret. If the secret does not
	// exist, Get returns ErrNoSuchSecret.
	Get() ([]byte, error)
	// Write a new value for this secret.
	Put([]byte) error
}

Secret represents a single object. Secret objects are uninterpreted bytes that are stored securely.

func Lookup

func Lookup(rawurl string) (Secret, error)

Lookup retrieves a secret based on a URL, in the standard form: scheme://host/path. The URL is interpreted according to the Resolver registered with the given scheme. The scheme "local" is a special scheme that attempts known local storage schemes: first "keychain", and then "file".

func Nonexistent

func Nonexistent() Secret

func Static

func Static(b []byte) Secret
Documentation was rendered with GOOS=linux and GOARCH=amd64.

Jump to identifier

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to identifier