vault

package
v1.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 2, 2026 License: MIT Imports: 5 Imported by: 0

Documentation

Overview

Package vault handles the on-disk format of .env.vault files.

Format: 

The vault file stores the raw ciphertext as a base64-encoded string
wrapped with a header/footer for easy identification:

  #/---xenvsync vault---/
  <base64-encoded ciphertext>
  #/---end xenvsync vault---/

The key is NEVER included in the vault output.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Decode 

func Decode(data []byte) ([]byte, error)

Decode extracts raw ciphertext bytes from a vault file.

func Encode 

func Encode(ciphertext []byte) []byte

Encode wraps raw ciphertext bytes into the vault file format.

func EncodeV2 added in v1.4.0 

func EncodeV2(slots []KeySlot, ciphertext []byte) ([]byte, error)

EncodeV2 writes a V2 vault file with key slots and ciphertext.

func IsV2 added in v1.4.0 

func IsV2(data []byte) bool

IsV2 returns true if the data appears to be a V2 vault.

Types

type KeySlot added in v1.4.0 

type KeySlot struct {
	Name         string `json:"name"`
	EphemeralPub string `json:"ephemeral_pub"` // base64
	EncryptedKey string `json:"encrypted_key"` // base64
}

KeySlot holds the encrypted symmetric key for one team member.

type V2Vault added in v1.4.0 

type V2Vault struct {
	Slots      []KeySlot
	Ciphertext []byte
}

V2Vault represents a parsed V2 vault file.

func DecodeV2 added in v1.4.0 

func DecodeV2(data []byte) (*V2Vault, error)

DecodeV2 parses a V2 vault file into key slots and raw ciphertext.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.