Package keycrypt implements an API for storing and retrieving opaque blobs of data stored in a secure fashion. Keycrypt multiplexes several backends, both local (e.g., macOS Keychain) and remote (e.g., AWS's KMS and S3).



This section is empty.


View Source
var ErrNoSuchSecret = errors.New("no such secret")


func Get

func Get(rawurl string) ([]byte, error)

Get data from a keycrypt URL.

func GetJSON

func GetJSON(s Secret, v interface{}) error

Retrieve the content from a secret and unmarshal it into a value.

func Put

func Put(rawurl string, data []byte) error

Put writes data to a keycrypt URL.

func PutJSON

func PutJSON(s Secret, v interface{}) error

Marshal a value and write it into a secret.

func Register

func Register(scheme string, resolver Resolver)

Register associates a Resolver with a scheme.

func RegisterFunc

func RegisterFunc(scheme string, f func(string) Keycrypt)

RegisterFunc associates a Resolver (given by a func) with a scheme.


type Keycrypt

type Keycrypt interface {
	// Look up the named secret. A secret is returned even if it does
	// not yet exist. In this case, Secret.Get will return
	// ErrNoSuchSecret.
	Lookup(name string) Secret

Interface Keycrypt represents a secure secret storage.

type Resolver

type Resolver interface {
	Resolve(host string) Keycrypt

func ResolverFunc

func ResolverFunc(f func(string) Keycrypt) Resolver

type Secret

type Secret interface {
	// Retrieve the current value of this secret. If the secret does not
	// exist, Get returns ErrNoSuchSecret.
	Get() ([]byte, error)
	// Write a new value for this secret.
	Put([]byte) error

Secret represents a single object. Secret objects are uninterpreted bytes that are stored securely.

func Lookup

func Lookup(rawurl string) (Secret, error)

Lookup retrieves a secret based on a URL, in the standard form: scheme://host/path. The URL is interpreted according to the Resolver registered with the given scheme. The scheme "local" is a special scheme that attempts known local storage schemes: first "keychain", and then "file".

func Nonexistent

func Nonexistent() Secret

func Static

func Static(b []byte) Secret


Path Synopsis
file Package file implements a file-based keycrypt.
kms Package kms implements a Keycrypt using AWS's KMS service and S3.