Documentation
¶
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var AllocTimer = metrics.GetOrRegisterTimer("secret.memguard.alloctimer", nil)
AllocTimer is used to record the time taken to allocate a secret.
Functions ¶
This section is empty.
Types ¶
type Secret ¶
type Secret struct {
// contains filtered or unexported fields
}
Secret contains sensitive memory and stores data in protected page(s) in memory. Always call close after use to avoid memory leaks.
func (*Secret) IsClosed ¶
IsClosed returns true if the underlying data container has already been closed
func (*Secret) WithBytes ¶
WithBytes makes the underlying bytes readable and passes them to the function provided. A reference MUST not be kept to the bytes passed to the function as the underlying array will no longer be readable after the function exits. WithBytes panics if it is not able to update the access protection of the data region's memory pages as needed.
Example ¶
package main
import (
"fmt"
"github.com/nikoo28/test-go/languages/go/securememory/memguard"
)
func main() {
factory := new(memguard.SecretFactory)
secret, err := factory.CreateRandom(32)
if err != nil {
panic("unexpected error!")
}
defer secret.Close()
err = secret.WithBytes(func(bytes []byte) error {
// You obviously shouldn't ever print a secret but this is just an example
fmt.Printf("my original secret: %s", string(bytes))
return nil
})
if err != nil {
panic("unexpected error!")
}
}
Output:
func (*Secret) WithBytesFunc ¶
WithBytesFunc makes the underlying bytes readable and passes them to the function provided. A reference MUST not be kept to the bytes passed to the function as the underlying array will no longer be readable after the function exits. WithBytesFunc panics if it is not able to update the access protection of the data region's memory pages as needed.
Example ¶
package main
import (
"encoding/base64"
"fmt"
"github.com/nikoo28/test-go/languages/go/securememory/memguard"
)
func main() {
factory := new(memguard.SecretFactory)
secret, err := factory.CreateRandom(32)
if err != nil {
panic("unexpected error!")
}
defer secret.Close()
// In this example we're encoding our underlying secret data using base64
encryptedBytes, err := secret.WithBytesFunc(func(bytes []byte) ([]byte, error) {
return []byte(base64.StdEncoding.EncodeToString(bytes)), nil
})
if err != nil {
panic("unexpected error!")
}
fmt.Printf("my encrypted payload is: %s", string(encryptedBytes))
}
Output:
type SecretFactory ¶
type SecretFactory struct {
}
SecretFactory is used to create memguard-based Secret implementations.
func (SecretFactory) CreateRandom ¶
func (SecretFactory) CreateRandom(size int) (securememory.Secret, error)
CreateRandom returns a memguard-backed Secret that contains a random byte slice of the specified size. CreateRandom panics if it is not able to set the access protection of the data region's memory pages to none.
Example ¶
package main
import (
"github.com/nikoo28/test-go/languages/go/securememory/memguard"
)
func main() {
factory := new(memguard.SecretFactory)
secret, err := factory.CreateRandom(32)
if err != nil {
panic("unexpected error!")
}
defer secret.Close()
// do something with the secret...
}
Output:
func (SecretFactory) New ¶
func (SecretFactory) New(b []byte) (securememory.Secret, error)
New takes in a byte slice and returns a memguard-backed Secret containing that data. New panics if it is not able to set the access protection of the data region's memory pages to none. The underlying array will be wiped after the function exits.
Example ¶
package main
import (
"github.com/nikoo28/test-go/languages/go/securememory/memguard"
)
func main() {
factory := new(memguard.SecretFactory)
secret, err := factory.New([]byte("some really secret value"))
if err != nil {
panic("unexpected error!")
}
defer secret.Close()
// do something with the secret...
}
Output:
Source Files