Documentation

Overview

    Package keycrypt implements an API for storing and retrieving opaque blobs of data stored in a secure fashion. Keycrypt multiplexes several backends, both local (e.g., macOS Keychain) and remote (e.g., AWS's KMS and S3).

    Index

    Constants

    This section is empty.

    Variables

    View Source
    var ErrNoSuchSecret = errors.New("no such secret")

    Functions

    func Get

    func Get(rawurl string) ([]byte, error)

      Get data from a keycrypt URL.

      func GetJSON

      func GetJSON(s Secret, v interface{}) error

        Retrieve the content from a secret and unmarshal it into a value.

        func Put

        func Put(rawurl string, data []byte) error

          Put writes data to a keycrypt URL.

          func PutJSON

          func PutJSON(s Secret, v interface{}) error

            Marshal a value and write it into a secret.

            func Register

            func Register(scheme string, resolver Resolver)

              Register associates a Resolver with a scheme.

              func RegisterFunc

              func RegisterFunc(scheme string, f func(string) Keycrypt)

                RegisterFunc associates a Resolver (given by a func) with a scheme.

                Types

                type Keycrypt

                type Keycrypt interface {
                	// Look up the named secret. A secret is returned even if it does
                	// not yet exist. In this case, Secret.Get will return
                	// ErrNoSuchSecret.
                	Lookup(name string) Secret
                }

                  Interface Keycrypt represents a secure secret storage.

                  type Resolver

                  type Resolver interface {
                  	Resolve(host string) Keycrypt
                  }

                  func ResolverFunc

                  func ResolverFunc(f func(string) Keycrypt) Resolver

                  type Secret

                  type Secret interface {
                  	// Retrieve the current value of this secret. If the secret does not
                  	// exist, Get returns ErrNoSuchSecret.
                  	Get() ([]byte, error)
                  	// Write a new value for this secret.
                  	Put([]byte) error
                  }

                    Secret represents a single object. Secret objects are uninterpreted bytes that are stored securely.

                    func Lookup

                    func Lookup(rawurl string) (Secret, error)

                      Lookup retrieves a secret based on a URL, in the standard form: scheme://host/path. The URL is interpreted according to the Resolver registered with the given scheme. The scheme "local" is a special scheme that attempts known local storage schemes: first "keychain", and then "file".

                      func Nonexistent

                      func Nonexistent() Secret

                      func Static

                      func Static(b []byte) Secret

                      Directories

                      Path Synopsis
                      Package file implements a file-based keycrypt.
                      Package file implements a file-based keycrypt.
                      Package kms implements a Keycrypt using AWS's KMS service and S3.
                      Package kms implements a Keycrypt using AWS's KMS service and S3.