encryption

package

v0.21.9 Latest Latest Go to latest Published: Apr 24, 2024 License: MIT Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hatchet-dev/hatchet

Links

Open Source Insights

Documentation ¶

Index ¶

func GenerateJWTKeysetsFromCloudKMS(keyUri string, credentialsJSON []byte) (privateEc256 []byte, publicEc256 []byte, err error)
func GenerateLocalKeys() (masterKey []byte, privateEc256 []byte, publicEc256 []byte, err error)
func GenerateRandomBytes(n int) (string, error)
func NewCloudKMSEncryption(keyUri string, credentialsJSON, privateEc256, publicEc256 []byte) (*cloudkmsEncryptionService, error)
func NewLocalEncryption(masterKey []byte, privateEc256 []byte, publicEc256 []byte) (*localEncryptionService, error)
type EncryptionService

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GenerateJWTKeysetsFromCloudKMS ¶ added in v0.7.0

func GenerateJWTKeysetsFromCloudKMS(keyUri string, credentialsJSON []byte) (privateEc256 []byte, publicEc256 []byte, err error)

func GenerateLocalKeys ¶ added in v0.7.0

func GenerateLocalKeys() (masterKey []byte, privateEc256 []byte, publicEc256 []byte, err error)

func GenerateRandomBytes ¶

func GenerateRandomBytes(n int) (string, error)

GenerateRandomBytes generates a random string of n bytes.

func NewCloudKMSEncryption ¶ added in v0.7.0

func NewCloudKMSEncryption(keyUri string, credentialsJSON, privateEc256, publicEc256 []byte) (*cloudkmsEncryptionService, error)

NewCloudKMSEncryption creates a GCP CloudKMS-backed encryption service.

func NewLocalEncryption ¶ added in v0.7.0

func NewLocalEncryption(masterKey []byte, privateEc256 []byte, publicEc256 []byte) (*localEncryptionService, error)

NewLocalEncryption creates a new local encryption service. keysetBytes is the raw keyset in base64-encoded JSON format. This can be generated by calling hatchet-admin keyset create-local.

Types ¶

type EncryptionService ¶ added in v0.7.0

type EncryptionService interface {
	// Encrypt encrypts the given plaintext with the given data id. The data id is used to
	// associate the ciphertext with the data in the database.
	// For more information, see: https://developers.google.com/tink/client-side-encryption#kms_envelope_aead
	Encrypt(plaintext []byte, dataId string) ([]byte, error)

	// Decrypt decrypts the given ciphertext with the given data id. The data id is used to
	// associate the ciphertext with the data in the database.
	// For more information, see: https://developers.google.com/tink/client-side-encryption#kms_envelope_aead
	Decrypt(ciphertext []byte, dataId string) ([]byte, error)

	// GetPrivateJWTHandle returns a private JWT handle. This is used to sign JWTs.
	GetPrivateJWTHandle() *keyset.Handle

	// GetPublicJWTHandle returns a public JWT handle. This is used to verify JWTs.
	GetPublicJWTHandle() *keyset.Handle
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL