processor

package
v1.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 14, 2026 License: MIT Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func IsLeafValue 

func IsLeafValue(v interface{}) bool

IsLeafValue checks if a value is a leaf (not a map or slice)

Types

type EnvFile added in v1.7.0 

type EnvFile struct {
	Lines []EnvLine
}

EnvFile represents a parsed .env file preserving structure

func ParseEnvFile added in v1.7.0 

func ParseEnvFile(content []byte) (*EnvFile, error)

ParseEnvFile parses .env file content preserving structure

func (*EnvFile) Get added in v1.7.0 

func (e *EnvFile) Get(key string) (string, bool)

Get returns the value for a key, or empty string if not found

func (*EnvFile) Keys added in v1.7.0 

func (e *EnvFile) Keys() []string

Keys returns all key names in the file (in order)

func (*EnvFile) Marshal added in v1.7.0 

func (e *EnvFile) Marshal() []byte

Marshal converts the EnvFile back to bytes, preserving structure

func (*EnvFile) Set added in v1.7.0 

func (e *EnvFile) Set(key, value string) bool

Set updates the value for a key

func (*EnvFile) ToMap added in v1.7.0 

func (e *EnvFile) ToMap() map[string]string

ToMap returns a map of all key-value pairs

type EnvLine added in v1.7.0 

type EnvLine struct {
	Type    EnvLineType
	Key     string // For key-value pairs
	Value   string // Raw value after = (may include quotes)
	Raw     string // Original line content
	Comment string // Inline comment (not encrypted)
	Export  bool   // Whether line had "export " prefix
}

EnvLine represents a single line in an .env file

type EnvLineType added in v1.7.0 

type EnvLineType int

EnvLineType represents the type of line in an .env file 

const (
	EnvLineBlank EnvLineType = iota
	EnvLineComment
	EnvLineKeyValue
)

type FileFormat 

type FileFormat int

FileFormat represents the format of a config file 

const (
	FormatYAML FileFormat = iota
	FormatJSON
	FormatEnv
	FormatFull // Full file encryption (binary or text)
)

func DetectFormat 

func DetectFormat(filePath string, override ...string) FileFormat

DetectFormat determines the file format from extension and optional override The override parameter can be "full", "yaml", "json", or "env" to force a specific format

type IdentityLoader 

type IdentityLoader func() ([]age.Identity, error)

IdentityLoader is a function that loads age identities

type MatchResult 

type MatchResult struct {
	Path      []string // Full path to the key
	KeyName   string   // Name of the key
	Value     interface{}
	Encrypted bool // Whether the value is already encrypted
}

MatchResult represents the result of checking a value for encryption

type Matcher 

type Matcher struct {
	// contains filtered or unexported fields
}

Matcher handles key matching logic for encryption

func NewMatcher 

func NewMatcher(include, exclude []config.KeyRule) (*Matcher, error)

NewMatcher creates a new Matcher from include and exclude rules

func (*Matcher) FindMatchingKeys 

func (m *Matcher) FindMatchingKeys(data interface{}) []MatchResult

FindMatchingKeys traverses a data structure and finds all keys that should be encrypted

func (*Matcher) ShouldEncrypt 

func (m *Matcher) ShouldEncrypt(keyName string, path []string) bool

ShouldEncrypt checks if a key at the given path should be encrypted keyName is the name of the key being checked path is the full path to the key (e.g., ["db", "connection", "password"])

type Processor 

type Processor struct {
	// contains filtered or unexported fields
}

Processor handles encryption/decryption of config files

func NewProcessor 

func NewProcessor(cfg *config.Config, identityLoader IdentityLoader) (*Processor, error)

NewProcessor creates a new Processor

func (*Processor) CheckFile 

func (p *Processor) CheckFile(filePath string, formatOverride ...string) ([]MatchResult, error)

CheckFile checks a file for unencrypted keys that should be encrypted The optional formatOverride parameter can be used to force a specific format

func (*Processor) ComputeMAC 

func (p *Processor) ComputeMAC(content []byte, fileFormat FileFormat) ([]byte, error)

ComputeMAC computes the MAC (SHA256 hash of all encrypted values) for a file

func (*Processor) Config 

func (p *Processor) Config() *config.Config

Config returns the processor's config

func (*Processor) EncryptMAC 

func (p *Processor) EncryptMAC(hash []byte) (string, error)

EncryptMAC encrypts the MAC hash using AES-GCM

func (*Processor) HasEncryptedValues 

func (p *Processor) HasEncryptedValues(content []byte, filePath string, formatOverride ...string) bool

HasEncryptedValues checks if file content contains any encrypted values The optional formatOverride parameter can be used to force a specific format

func (*Processor) HasUnencryptedValues added in v1.4.0 

func (p *Processor) HasUnencryptedValues(content []byte, filePath string, formatOverride ...string) bool

HasUnencryptedValues checks if file content contains any unencrypted values that match encryption rules The optional formatOverride parameter can be used to force a specific format

func (*Processor) MatchFile added in v1.11.0 

func (p *Processor) MatchFile(filePath string, formatOverride ...string) ([]MatchResult, error)

MatchFile returns all keys matching the configured patterns, regardless of encryption state.

func (*Processor) ProcessContent added in v1.10.0 

func (p *Processor) ProcessContent(content []byte, filePath string, encrypt bool, fileFormat FileFormat) ([]byte, bool, error)

ProcessContent processes content with a specific format for encryption or decryption

func (*Processor) ProcessFile 

func (p *Processor) ProcessFile(filePath string, encrypt bool, formatOverride ...string) ([]byte, bool, error)

ProcessFile processes a single file for encryption or decryption The optional formatOverride parameter can be used to force a specific format

func (*Processor) SaveEncryptedSecrets 

func (p *Processor) SaveEncryptedSecrets() error

SaveEncryptedSecrets encrypts the AES key for all recipients and saves to config

func (*Processor) SetupDecryption 

func (p *Processor) SetupDecryption(identities []age.Identity) (string, error)

SetupDecryption prepares the processor for decryption. Returns the public key of the recipient that was used for decryption.

func (*Processor) SetupEncryption 

func (p *Processor) SetupEncryption() error

SetupEncryption prepares the processor for encryption

func (*Processor) SetupEncryptionWithIdentities 

func (p *Processor) SetupEncryptionWithIdentities(identities []age.Identity) error

SetupEncryptionWithIdentities prepares the processor for encryption with optional identities If identities is nil, it will try to load them from environment/default location

func (*Processor) UpdateMAC 

func (p *Processor) UpdateMAC(filePath string, content []byte, formatOverride ...string) error

UpdateMAC computes and stores the MAC for a file The optional formatOverride parameter can be used to force a specific format

func (*Processor) VerifyMAC 

func (p *Processor) VerifyMAC(filePath string, content []byte, formatOverride ...string) error

VerifyMAC verifies the MAC for a file The optional formatOverride parameter can be used to force a specific format

func (*Processor) WriteFile 

func (p *Processor) WriteFile(filePath string, content []byte) error

WriteFile writes content to a file

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.