Documentation
¶
Index ¶
- Constants
- Variables
- func ApplyRenameRules(filename string, rules []string) (string, error)
- func FindConfigFromPath(startDir string) (string, error)
- func ParseRenameRule(rule string) (*regexp.Regexp, string, error)
- type ConfcryptSection
- type Config
- func (c *Config) AddFilePattern(pattern string)
- func (c *Config) ClearSecrets()
- func (c *Config) ConfigDir() string
- func (c *Config) ConfigPath() string
- func (c *Config) FindRecipientByKey(pubKey string) *RecipientConfig
- func (c *Config) GetDecryptRename(filePath string) (string, error)
- func (c *Config) GetEncryptRename(filePath string) (string, error)
- func (c *Config) GetMAC(filePath string) (string, bool)
- func (c *Config) GetMatchingFiles() ([]string, error)
- func (c *Config) GetMatchingFilesWithFormat() ([]MatchedFile, error)
- func (c *Config) GetRecipients() ([]age.Recipient, error)
- func (c *Config) GetSecretForRecipient(pubKey string) (string, bool)
- func (c *Config) HasSecrets() bool
- func (c *Config) MatchesFile(absFilePath string) (bool, error)
- func (c *Config) MatchesFileWithFormat(absFilePath string) (string, bool, error)
- func (c *Config) RemoveMAC(filePath string)
- func (c *Config) Save() error
- func (c *Config) SetMAC(filePath, mac string)
- func (c *Config) SetSecrets(secrets map[string]string)
- type FilePattern
- type KeyRule
- type MatchedFile
- type RecipientConfig
- type RenameFilesConfig
- type SecretEntry
Constants ¶
const DefaultConfigName = ".confcrypt.yml"
Variables ¶
var Version = "1.0.0" // Set by main package at startup
Version is the current tool/config format version
Functions ¶
func ApplyRenameRules ¶ added in v1.6.0
ApplyRenameRules applies a list of rename rules to a filename Returns the renamed filename (rules are applied in order, first match wins)
func FindConfigFromPath ¶ added in v1.8.0
FindConfigFromPath searches for .confcrypt.yml starting from startDir and walking upward
Types ¶
type ConfcryptSection ¶
type ConfcryptSection struct {
Version string `yaml:"version"`
UpdatedAt string `yaml:"updated_at"`
Store []SecretEntry `yaml:"store"`
MACs map[string]string `yaml:"macs,omitempty"` // file path -> encrypted MAC
}
ConfcryptSection represents the .confcrypt metadata section
type Config ¶
type Config struct {
Recipients []RecipientConfig `yaml:"recipients"`
Files []string `yaml:"files"`
FilesExclude []string `yaml:"files_exclude,omitempty"`
RenameFiles *RenameFilesConfig `yaml:"rename_files,omitempty"`
FilesRename *RenameFilesConfig `yaml:"files_rename,omitempty"`
KeysInclude []interface{} `yaml:"keys_include"` // Can be string or KeyRule
KeysExclude []interface{} `yaml:"keys_exclude"` // Can be string or KeyRule
Confcrypt *ConfcryptSection `yaml:".confcrypt,omitempty"`
// contains filtered or unexported fields
}
Config represents the .confcrypt.yml configuration file
func (*Config) AddFilePattern ¶ added in v1.8.0
AddFilePattern adds a file pattern to the config's files list
func (*Config) ClearSecrets ¶ added in v1.4.1
func (c *Config) ClearSecrets()
ClearSecrets removes all encrypted secrets from the store. This triggers a fresh AES key generation on the next encryption.
func (*Config) ConfigPath ¶
ConfigPath returns the path to the config file
func (*Config) FindRecipientByKey ¶ added in v1.4.0
func (c *Config) FindRecipientByKey(pubKey string) *RecipientConfig
FindRecipientByKey finds a recipient config by their public key (age, ssh, yubikey, or fido2)
func (*Config) GetDecryptRename ¶ added in v1.6.0
GetDecryptRename returns the renamed path for decryption Applies rename_files.decrypt rules to the filename (basename only)
func (*Config) GetEncryptRename ¶ added in v1.6.0
GetEncryptRename returns the renamed path for encryption Applies rename_files.encrypt rules to the filename (basename only)
func (*Config) GetMatchingFiles ¶
GetMatchingFiles returns all files matching the configured patterns
func (*Config) GetMatchingFilesWithFormat ¶ added in v1.10.0
func (c *Config) GetMatchingFilesWithFormat() ([]MatchedFile, error)
GetMatchingFilesWithFormat returns all files matching the configured patterns with format info If a file matches multiple patterns, explicit format overrides (e.g., :full) take precedence
func (*Config) GetRecipients ¶
GetRecipients returns parsed recipients (age or SSH keys)
func (*Config) GetSecretForRecipient ¶
GetSecretForRecipient returns the encrypted secret for a specific recipient
func (*Config) HasSecrets ¶
HasSecrets returns true if there are encrypted secrets stored
func (*Config) MatchesFile ¶ added in v1.8.0
MatchesFile checks if the given absolute file path matches any of the configured file patterns
func (*Config) MatchesFileWithFormat ¶ added in v1.10.0
MatchesFileWithFormat checks if the given absolute file path matches any of the configured file patterns Returns the format override (if any) and whether the file matched If multiple patterns match, explicit format overrides take precedence
func (*Config) SetSecrets ¶
SetSecrets updates the encrypted secrets for all recipients
type FilePattern ¶ added in v1.10.0
type FilePattern struct {
Pattern string // The glob pattern (e.g., "*.yml", "*.txt")
Format string // Optional format override: "", "full", "yaml", "json", "env"
}
FilePattern represents a file pattern with optional format override
func ParseFilePattern ¶ added in v1.10.0
func ParseFilePattern(pattern string) FilePattern
ParseFilePattern parses a file pattern string that may include a format override Format: "pattern" or "pattern:format" (e.g., "*.txt:full", "*.yml:json")
type KeyRule ¶
type KeyRule struct {
Key string `yaml:"key"`
Type string `yaml:"type"` // "exact", "regex", "path"
Options string `yaml:"options,omitempty"` // "-i" for case-sensitive regex (default is case-insensitive)
}
KeyRule represents an explicit key matching rule
func ParseKeyRules ¶
ParseKeyRules parses the keys_include or keys_exclude into KeyRule structs
type MatchedFile ¶ added in v1.10.0
type MatchedFile struct {
Path string // Absolute path to the file
Format string // Format override from the pattern ("", "full", "yaml", "json", "env")
}
MatchedFile represents a file that matched a pattern, along with its format override
type RecipientConfig ¶
type RecipientConfig struct {
Name string `yaml:"name,omitempty"`
Age string `yaml:"age,omitempty"` // Native age X25519 public key
SSH string `yaml:"ssh,omitempty"` // SSH public key (ed25519, RSA)
YubiKey string `yaml:"yubikey,omitempty"` // YubiKey-derived age key (age1yubikey1...)
FIDO2 string `yaml:"fido2,omitempty"` // FIDO2-derived age key (age1fido21...)
}
RecipientConfig represents a recipient in the config
func (*RecipientConfig) GetKeyType ¶ added in v1.4.0
func (r *RecipientConfig) GetKeyType() crypto.KeyType
GetKeyType returns the type of key configured for this recipient
func (*RecipientConfig) GetPublicKey ¶ added in v1.4.0
func (r *RecipientConfig) GetPublicKey() string
GetPublicKey returns the public key from either Age, YubiKey, FIDO2, or SSH field
type RenameFilesConfig ¶ added in v1.6.0
type RenameFilesConfig struct {
Encrypt []string `yaml:"encrypt,omitempty"`
Decrypt []string `yaml:"decrypt,omitempty"`
}
RenameFilesConfig represents file renaming rules for encrypt/decrypt
type SecretEntry ¶
SecretEntry represents an encrypted secret for a recipient
Source Files