vault

package

v1.3.1 Latest Latest Go to latest Published: Aug 8, 2020 License: MIT Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jhunt/ssg

Links

Open Source Insights

Documentation ¶

Index ¶

func Decrypt(v Vault, id string, down provider.Downloader) (provider.Downloader, error)
func Encrypt(v Vault, id, alg string, up provider.Uploader) (provider.Uploader, error)
type Cipher
- func (c Cipher) Decrypt(rd io.Reader) (io.Reader, error)
- func (c Cipher) Encrypt(wr io.Writer) (io.WriteCloser, error)
type DecryptedDownloader
type EncryptedUploader
type FixedKeyResolver
type FixedKeySource
- func (fks FixedKeySource) Derive(alg string, resolve func(string) ([]byte, error)) (Cipher, error)
type NilVault
type Vault
- func (v Vault) Cipher(alg string) (Cipher, error)
type VaultProvider

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Decrypt ¶

func Decrypt(v Vault, id string, down provider.Downloader) (provider.Downloader, error)

func Encrypt ¶

func Encrypt(v Vault, id, alg string, up provider.Uploader) (provider.Uploader, error)

Types ¶

type Cipher ¶

type Cipher struct {
	Algorithm string
	Key       []byte
	IV        []byte
}

func (Cipher) Decrypt ¶

func (c Cipher) Decrypt(rd io.Reader) (io.Reader, error)

func (Cipher) Encrypt ¶

func (c Cipher) Encrypt(wr io.Writer) (io.WriteCloser, error)

type DecryptedDownloader ¶

type DecryptedDownloader struct {
	// contains filtered or unexported fields
}

func (DecryptedDownloader) Close ¶

func (d DecryptedDownloader) Close() error

func (DecryptedDownloader) Read ¶

func (d DecryptedDownloader) Read(b []byte) (int, error)

func (DecryptedDownloader) ReadCompressed ¶

func (d DecryptedDownloader) ReadCompressed() int64

func (DecryptedDownloader) ReadUncompressed ¶

func (d DecryptedDownloader) ReadUncompressed() int64

type EncryptedUploader ¶

type EncryptedUploader struct {
	// contains filtered or unexported fields
}

func (EncryptedUploader) Cancel ¶

func (e EncryptedUploader) Cancel() error

func (EncryptedUploader) Close ¶

func (e EncryptedUploader) Close() error

func (EncryptedUploader) Path ¶

func (e EncryptedUploader) Path() string

func (EncryptedUploader) Write ¶

func (e EncryptedUploader) Write(b []byte) (int, error)

func (EncryptedUploader) WroteCompressed ¶

func (e EncryptedUploader) WroteCompressed() int64

func (EncryptedUploader) WroteUncompressed ¶

func (e EncryptedUploader) WroteUncompressed() int64

type FixedKeyResolver ¶ added in v1.3.0

type FixedKeyResolver func(in string) ([]byte, error)

var PassThroughResolver FixedKeyResolver = func(in string) ([]byte, error) {
	return []byte(in), nil
}

type FixedKeySource ¶ added in v1.0.4

type FixedKeySource struct {
	// Enabled turns on fixed key derivation.
	//
	Enabled bool

	// PBKDF2 is the id of a secret, stored in the provider
	// backend vault, from which we will derive encrpytion
	// parameters.
	//
	PBKDF2 string

	// Literal provides paths to algorithm-specific key and
	// initialization vector values stored in the vault.
	//
	Literal struct {
		AES128 struct {
			Key string
			IV  string
		}
		AES192 struct {
			Key string
			IV  string
		}
		AES256 struct {
			Key string
			IV  string
		}
	}
}

FixedKeySource represents operator configuration for the source and derivation of a single fixed cipher's static key and initialization vector.

We currently support the following methods:

PBKDF2   Password-Based Key Derivation; the operator
         points us at a secret *in* the vault, and
         we use that as an input to a deterministic
         function for deriving key + iv.

Literal  The key and the iv, encoded as fixed-length
         hexadecimal values, are to be found in the
         vault at fixed locations.  Different paths
         (ids) in the vault are used for different
         algorithms.

func (FixedKeySource) Derive ¶ added in v1.3.0

func (fks FixedKeySource) Derive(alg string, resolve func(string) ([]byte, error)) (Cipher, error)

type NilVault ¶

type NilVault struct{}

func (NilVault) Delete ¶

func (NilVault) Delete(_ string) error

func (NilVault) FixedKeyResolver ¶ added in v1.3.0

func (NilVault) FixedKeyResolver() FixedKeyResolver

func (NilVault) GetCipher ¶ added in v1.0.4

func (NilVault) GetCipher(_ string) (Cipher, error)

func (NilVault) SetCipher ¶ added in v1.0.4

func (NilVault) SetCipher(_ string, _ Cipher) error

type Vault ¶

type Vault struct {
	FixedKey FixedKeySource
	Provider VaultProvider
}

var Nil Vault

func (Vault) Cipher ¶ added in v1.0.4

func (v Vault) Cipher(alg string) (Cipher, error)

type VaultProvider ¶ added in v1.0.4

type VaultProvider interface {
	FixedKeyResolver() FixedKeyResolver
	SetCipher(string, Cipher) error
	GetCipher(string) (Cipher, error)
	Delete(string) error
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL