README
¶
ssm 
🔐 Secure Secret Management 🔐
What
A Secret is an encrypted piece of information, whereas a Fact is a "told" Secret, which you can manipulate. You can hide all sorts of data into a Secret, even more Secrets.
Install
go get github.com/neoxelox/ssm
Usage
Create Fact and convert to Secret
fact, err := ssm.Create(cipher.Ciphers.Aes, nil)
if err == ssm.ErrEncryptionNotSupported {
// Do something
return
}
fact.Public.Metadata = map[string]interface{}{
// Insert something
}
fact.Protected.Metadata = map[string]interface{}{
// Insert something
}
fact.Private = [][]byte{[]byte("https://github.com/neoxelox/ssm")}
secret, err := fact.Hide("AwesomeKey")
switch err {
case ssm.ErrEncryptionNotSupported:
// Do something
return
case ssm.ErrEncryptionFailed:
// Do something
return
}
Parse Secret and convert to Fact
jsonData := []byte(`
{
"public": {
"version": "0.1.4",
"encryption": "AES",
"metadata": {
"color": "6463fb",
"keys": 1,
"name": "GitHub"
}
},
"private": "sPM54nv2F42RwZniPW4EmNz2P0i4l5Lxa/j0szQXFN6umTRDb+IxFjBzjLaAYeq/Zr2HSC6uugPQJ1k=",
"protected": "JJCY4C8hR+o2MTjNR/7WwIBHkA54A8VAEDhn7pN7qT7Vov4Ud3k1tcP3C5mMLykwMOncJoVs7ZlkFVkAsHRgla6featTZvyOgW7BcEZfJX3VTypH6O6zLVbRxr5K+mijpWzq2t78KAISaej6PFefUxoS3BusleFGjjQP+DVN8Gb9t8WUY+Oh032LXrzsGnbKeB249LZ4B+qhG6TdjKs6ZMoPdTEZxfjFM9T+8fEcsdm+ShQApZgdokdIDfxwV3j7CwIewwc="
}
`)
secret, err := ssm.Parse(jsonData)
if err == ssm.ErrNotASecret {
// Do something
return
}
fact, err := secret.Tell("AwesomeKey")
switch err {
case ssm.ErrEncryptionNotSupported:
// Do something
return
case ssm.ErrDecryptionFailed:
// Do something
return
case ssm.ErrChecksumMismatch:
// Do something
return
}
Persist to file
secretJSON, err := json.Marshal(secret)
if err != nil {
// Do something
return
}
err = ioutil.WriteFile("secret.json", secretJSON, 0644)
if err != nil {
// Do something
return
}
See GoDev for further documentation.
Models
Fact:
public:
version: string
encryption: cipher.Type
metadata: map[string]interface{}
private: [][]byte
protected:
checksum: [32]byte
separator: []byte
metadata: map[string]interface{}
Secret:
public:
version: string
encryption: cipher.Type
metadata: map[string]interface{}
private: []byte
protected: []byte
Contribute
Feel free to contribute to this project : ) .
License
This project is licensed under the MIT License - read the LICENSE file for details.
Documentation
¶
Overview ¶
Package ssm implements functions to deal with secure secret management.
Index ¶
Examples ¶
Constants ¶
View Source
const VERSION = "0.1.4"
VERSION describes the ssm version
Variables ¶
View Source
var ( // ErrEncryptionNotSupported : encryption not supported ErrEncryptionNotSupported = errors.New("encryption not supported") // ErrEncryptionFailed : encryption failed ErrEncryptionFailed = errors.New("encryption failed") // ErrDecryptionFailed : decryption failed ErrDecryptionFailed = errors.New("decryption failed") // ErrChecksumMismatch : private and protected checksums do not match ErrChecksumMismatch = errors.New("checksums do not match") // ErrNotASecret : input is not a secret ErrNotASecret = errors.New("input is not a secret") )
Functions ¶
This section is empty.
Types ¶
type Fact ¶
type Fact struct {
Public public `json:"public"`
Private [][]byte `json:"private"`
Protected protected `json:"protected"`
}
Fact describes all the parts that form a Fact
func Create ¶
Create creates a new Fact with encryption and separator
Example (Composed) ¶
Example: create a Fact with several secrets and Hide it
package main
import (
"encoding/json"
"fmt"
"time"
"github.com/neoxelox/ssm"
"github.com/neoxelox/ssm/cipher"
)
func main() {
childFact, err := ssm.Create(cipher.Ciphers.Aes, nil)
if err == ssm.ErrEncryptionNotSupported {
// Do something
return
}
childFact.Public.Metadata = map[string]interface{}{
"keys": 1,
"name": "GitHub",
"color": "6463fb",
}
childFact.Protected.Metadata = map[string]interface{}{
"created_at": time.Now(),
"last_view_at": time.Now(),
"last_change_at": time.Now(),
}
childFact.Private = [][]byte{[]byte("https://github.com/neoxelox/ssm")}
childSecret, err := childFact.Hide("AwesomeKey")
switch err {
case ssm.ErrEncryptionNotSupported:
// Do something
return
case ssm.ErrEncryptionFailed:
// Do something
return
}
childSecretJSON, err := json.Marshal(childSecret)
if err != nil {
// Do something
return
}
parentFact, err := ssm.Create(cipher.Ciphers.Aes, nil)
if err == ssm.ErrEncryptionNotSupported {
// Do something
return
}
parentFact.Private = [][]byte{childSecretJSON, []byte("I'm the parent"), []byte("Awesome!"), childSecretJSON}
parentSecret, err := parentFact.Hide("BreathtakingKey")
switch err {
case ssm.ErrEncryptionNotSupported:
// Do something
return
case ssm.ErrEncryptionFailed:
// Do something
return
}
parentSecretJSON, err := json.MarshalIndent(parentSecret, "", " ")
if err != nil {
// Do something
return
}
fmt.Println(string(parentSecretJSON))
}
Output: { "public": { "version": "0.1.4", "encryption": "AES", "metadata": null }, "private": "4zMsjvYNT+NNMLeotmfXEDw8wff40JURPgYKumoajpCWA8Cnqilm6rbnxHK2oakaIbIdPZwbzthjBUbGYO/BToj8JDgMfL0ST+kDrcFUC3vjwWk6GEeSK7HwNJDotRSQBvmzQU1LI/MGDQLgpArLhIZk8dolX+mQ2FIOBUQC6JvyGS16k/FsseIlqcIQba9TDb54ZoB+F5EgDYBDFQtAImby8sXwAW03vbl82x2ntz9+eK4Fmz1Jh2V5Qg1UwHWUEkX937s8hz24M0JK+WbCNC2+Kh0MKXS08ZsspHjfTUEFpYpugGAN5I0KLLeKP+t8KHyHlOhMCMg8epqZmW/LTsuUcy1IUWGlAovdbSWJZ83BRFebe2aFJg0lW4OJzaULeSQHQZly44v344ZfjLwVWHLJ4Hi39XPGXkXqJftNpjhdWaamxGrqIO0rc/kYb0wzyYeg09b3c9+S60GgB4DVf5TrMeYLkszStEaLK5X8KdrFoJh3/q3dn3ycmSZUKu0eIsPCNSYNOEE6/Rwc7KDoM5TDvekztANGkby5WZ/ODRvcyKgBWlo+Q6qA21Q606iUu5A/oc1ib4C1r3H/BLZfEDiGp41Snj+vOpCDrbJCbpL4oyNTp1wDSrVzD3bbWfrPeUj4UMmv2usfHOinl51phXgzLme/P1TvZecOWqD34IvHvF/hb/4NU2sXFGP3jwEZsn5cRqVjqztQ8jfd+59bJHLztwpsOYsJ+Z+U/imKjkFfdxkR81u6wP6mQkzlZckX+teGUneb+bTbyPTg0fgxmWCmgiDJzsADHGgfgbCdUpP6ZBt4Coc7gNqmX11mqs6tvu7Ct0j0X23rnhGlD/dN6KVxA1Tt4J/faoZvFZ8wDBaO76OmeoDeoXGPuesG2MpfRXxhOgY1l5BGgt+8SD7guUZ4RBQPSN8Hqyih2v3wwYivm/qXbkDbPZAQk4glPr+NuQQiNoFmqzL/PFd3i5kWAf2PJQm7aHcdNSctmKM2cPW0vyCCOJFboWNRm+qICYJz45v9da1sxOQNNL0CBF9ZsSeB7eWrggoheL0hD4pEHiv5G6H6mHIhRgqX0ZTSD8kzFDc21AvL3RmyDQSWJ1UGwMQG+d6p/9uyulPL1qe8kZIEP+wPRLj+bbTzK9QLs68TnigJX9HthcTVp3HWMeyJb7SZsYc6WQJdyuLGDZ4sEnlGFu3jF+BOZAGJu125S15Qtcr7x4sbXIATL3BfgAIoUmaJkAbm2pGwyEpYzlwzJLByyOF9W0TCjcnmbjmRHmpMaoCKWdLTE3k2EFNP4muTXw88Wm7MNdZSorAuX/3+FhaGM4ue2pH3AGug3ZzmDLu/jrwi5rgTWMXacd7OUhiFPsJXhgBQkT5yA2dwZakDUP/GzzX/GwyUsgjC3BXUPvOOsPKAXbT/T75ClTWPOAdjH9UM3y3ak4bHR8n7GocarozgtbHBfZpmAA3nnA2jPj03O/OOl8R7TwGCkoIneWVAuaQk1jlz7yXMc8o3qtYimIUG0+b+VypChg5ZRhqHJeGiXVL2XVIpKRunXpTkc6/Q1zfHWpi2I7j813089SrmrwkgA2sOh9LZ3wnDuCt/Hcgck0YI/oz2m+jrHhVx09hcK3DQSvAsq8c0i8ZKJ2K/clyCe2m6E2R5vW0iAwz8Entyj4geQVc5IhIWzGRiPor16adivGUp7EGQUF1OYkvm02iqtVHbHV9coJKrxLiqDZrds67A+QH+2+kO1hJ4IbRgZMANEwkQbOrK2e/REGvWMwIfoU4CgvgCuTIJcopOjhkt/Lp30q0er1hZV1p++b+bgmq+AdMNPKqKrY+5dUm30Hx/lDgQcYr4TNyl/bK0lVr4k0cdMSneYBhBth2ygVHWZPnSUGHK1v3iTQOWmSvO5kTEb1fkuJ1+wMhoiyUJ3cuVyvqnAA==", "protected": "/VL1wlMYsU+ftYLyt6+koj3zsdr/BoilGuY5FWoX9RDaExJmaBQTa5WFsv6n7qSDiqrwF3taVPoEb46pAn7oDBZtZvuBy6pftG1Je54xs8kXlGMnJi6IGL9fXmIM7bGT/oG6ak/vv6KSKnZabBA58HUmFAnIB3VYJvf0dJ5gxHcqKOsYkCGA2yddJtcOW/DXCzRQagt/fNHkPrrcDx8i5yyWJwfVG7XLrwRnOBKGSkRB0ILFz6iKps40q3y3QtEJIaI=" }
Example (Simple) ¶
Example: create a simple Fact and hide it
package main
import (
"encoding/json"
"fmt"
"time"
"github.com/neoxelox/ssm"
"github.com/neoxelox/ssm/cipher"
)
func main() {
fact, err := ssm.Create(cipher.Ciphers.Aes, nil)
if err == ssm.ErrEncryptionNotSupported {
// Do something
return
}
fact.Public.Metadata = map[string]interface{}{
"keys": 1,
"name": "GitHub",
"color": "6463fb",
}
fact.Protected.Metadata = map[string]interface{}{
"created_at": time.Now(),
"last_view_at": time.Now(),
"last_change_at": time.Now(),
}
fact.Private = [][]byte{[]byte("https://github.com/neoxelox/ssm")}
secret, err := fact.Hide("AwesomeKey")
switch err {
case ssm.ErrEncryptionNotSupported:
// Do something
return
case ssm.ErrEncryptionFailed:
// Do something
return
}
secretJSON, err := json.MarshalIndent(secret, "", " ")
if err != nil {
// Do something
return
}
fmt.Println(string(secretJSON))
}
Output: { "public": { "version": "0.1.4", "encryption": "AES", "metadata": { "color": "6463fb", "keys": 1, "name": "GitHub" } }, "private": "udif2nhqJCcQamkaTnYh4PQxQolZDReB+MRQZZ74eANGsVJLWJ7edLdA8zUQfklQtS1nHCjRyc1Ami8=", "protected": "UO7zqefb92GXVFv9mpmDqhFooRz+7kjNftsD7zRzaGacDhZuXWUVxl48vh913h/u0HK/w0Bb7ErHq/9Bmj+vDSHAtp5Z0N73F0UDijFe+HqExTivKw1DyJnxoPrb3WYE5UZ8NyIVvD0gNUIuOavGBNzaeAGlhM8Ub8I1gJ/cKoAEpKIvzMP5dJKIR1KJ1OcUuTe45p65yruus7eoUifl5NLm9nVH4aXJvmVp+xVM9NIIrUR6/WuXPVamR5VA5EnZ+Gy4Nx5S+Ewyfp+AAh7LEXvwaZuuxPRPwgdAQ4V7cUYocoLMyD1CsGhKVAO+RoBnury1WDnkrOiJPdSFm1ovxG1Gc/m2cREmndC/5EKJh0xGMCCZdXm+LQb7FIIYr8+7eeBH7JeUCeKRqR9VEE3Qcxj9n13htzcItlzXKR8io1FQ7/1iwOIB1g1Qlqwa8G7vKHpzNMCEwtO4eheQ4EHkS40/zQ==" }
type Secret ¶
type Secret struct {
Public public `json:"public"`
Private []byte `json:"private"`
Protected []byte `json:"protected"`
}
Secret describes all the parts that form a Secret
func Parse ¶
Parse creates a new Secret from byte data
Example ¶
Example: parse a Secret from byte data and Tell it
package main
import (
"fmt"
"github.com/neoxelox/ssm"
)
func main() {
jsonData := []byte(`
{
"public": {
"version": "0.1.4",
"encryption": "AES",
"metadata": {
"color": "6463fb",
"keys": 1,
"name": "GitHub"
}
},
"private": "sPM54nv2F42RwZniPW4EmNz2P0i4l5Lxa/j0szQXFN6umTRDb+IxFjBzjLaAYeq/Zr2HSC6uugPQJ1k=",
"protected": "JJCY4C8hR+o2MTjNR/7WwIBHkA54A8VAEDhn7pN7qT7Vov4Ud3k1tcP3C5mMLykwMOncJoVs7ZlkFVkAsHRgla6featTZvyOgW7BcEZfJX3VTypH6O6zLVbRxr5K+mijpWzq2t78KAISaej6PFefUxoS3BusleFGjjQP+DVN8Gb9t8WUY+Oh032LXrzsGnbKeB249LZ4B+qhG6TdjKs6ZMoPdTEZxfjFM9T+8fEcsdm+ShQApZgdokdIDfxwV3j7CwIewwc="
}
`)
secret, err := ssm.Parse(jsonData)
if err == ssm.ErrNotASecret {
// Do something
return
}
fact, err := secret.Tell("AwesomeKey")
switch err {
case ssm.ErrEncryptionNotSupported:
// Do something
return
case ssm.ErrDecryptionFailed:
// Do something
return
case ssm.ErrChecksumMismatch:
// Do something
return
}
fmt.Println(string(fact.Private[0]))
}
Output: https://github.com/neoxelox/ssm
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.