Documentation

Overview

    Package astcrypt has functions for encrypting and decrypting confidential information in the configuration file AST.

    Index

    Constants

    This section is empty.

    Variables

    This section is empty.

    Functions

    func Decrypt

    func Decrypt(node ast.Node, decrypter Decrypter) error

      Decrypt decrypts the HCL or JSON document in the abstract syntax tree. It does this by walking the tree looking for ciphertext values of the form

      key {
      	ciphertext = "<encrypted-data>"
      }
      

      or the equivalent JSON

      "key": { "ciphertext": "<encrypted-data>" }
      

      These encrypted values are decrypted using the encryption data key information in the configuration file and converted into values of the form

      key = "<decrypted-data>"
      

      The decrypter is used to decrypt ciphertext. If the decrypter is nil this function will return success only if there is nothing in the AST to decrypt.

      func Encrypt

      func Encrypt(node ast.Node, encrypter Encrypter, keywords []string, valuewords []string) error

        Encrypt searches the AST for keys that match any of the keywords and values that match any of the values. Any key in the configuration file matches a keyword if it contains that keyword. Any value in the configuration file matches a valueword if it contains that valueword. Tests are case insensitive.

        When a match is detected it converts the form

        key = "<unencrypted-data>"
        

        into the form

        key {
        	ciphertext = "<encrypted-data>"
        }
        

        The encrypter is used to encrypt cleartext. If the encrypter is nil this function will return success only if there is nothing in the AST to encrypt.

        Types

        type Decrypter

        type Decrypter interface {
        	DecryptString(ciphertext string) (cleartext string, err error)
        }

          Decrypter is an interface for decrypting text.

          type Encrypter

          type Encrypter interface {
          	EncryptString(cleartext string) (ciphertext string, err error)
          }

            Encrypter is an interface for encrypting text.