Documentation ¶
Index ¶
- Constants
- Variables
- func DefaultBulkDecrypt(ctx context.Context, decrypter Decrypter, ciphertexts []string) (map[string]string, error)
- type Crypter
- type Decrypter
- type Encrypter
- type Key
- type KeyArray
- type Map
- func (m Map) Copy(decrypter Decrypter, encrypter Encrypter) (Map, error)
- func (m Map) Decrypt(decrypter Decrypter) (map[Key]string, error)
- func (m Map) Get(k Key, path bool) (Value, bool, error)
- func (m Map) HasSecureValue() bool
- func (m Map) MarshalJSON() ([]byte, error)
- func (m Map) MarshalYAML() (interface{}, error)
- func (m Map) Remove(k Key, path bool) error
- func (m Map) SecureKeys() []Key
- func (m Map) Set(k Key, v Value, path bool) error
- func (m *Map) UnmarshalJSON(b []byte) error
- func (m *Map) UnmarshalYAML(unmarshal func(interface{}) error) error
- type TrackingDecrypter
- type Value
- func (c Value) Copy(decrypter Decrypter, encrypter Encrypter) (Value, error)
- func (c Value) MarshalJSON() ([]byte, error)
- func (c Value) MarshalYAML() (interface{}, error)
- func (c Value) Object() bool
- func (c Value) Secure() bool
- func (c Value) SecureValues(decrypter Decrypter) ([]string, error)
- func (c Value) ToObject() (interface{}, error)
- func (c *Value) UnmarshalJSON(b []byte) error
- func (c *Value) UnmarshalYAML(unmarshal func(interface{}) error) error
- func (c Value) Value(decrypter Decrypter) (string, error)
Constants ¶
const SymmetricCrypterKeyBytes = 32
SymmetricCrypterKeyBytes is the required key size in bytes.
Variables ¶
var ( NopDecrypter Decrypter = nopCrypter{} NopEncrypter Encrypter = nopCrypter{} )
Functions ¶
func DefaultBulkDecrypt ¶ added in v3.29.0
func DefaultBulkDecrypt(ctx context.Context, decrypter Decrypter, ciphertexts []string, ) (map[string]string, error)
DefaultBulkDecrypt decrypts a list of ciphertexts. Each ciphertext is decrypted individually. The returned map maps from ciphertext to plaintext. This should only be used by implementers of Decrypter to implement their BulkDecrypt method in cases where they can't do more efficient than just individual decryptions.
Types ¶
type Crypter ¶
Crypter can both encrypt and decrypt values.
var Base64Crypter Crypter = &base64Crypter{}
Base64Crypter is a Crypter that "encrypts" by encoding the string to base64.
var BlindingCrypter Crypter = blindingCrypter{}
BlindingCrypter returns a Crypter that instead of decrypting or encrypting data, just returns "[secret]", it can be used when you want to display configuration information to a user but don't want to prompt for a password so secrets will not be decrypted or encrypted.
func NewPanicCrypter ¶
func NewPanicCrypter() Crypter
NewPanicCrypter returns a new config crypter that will panic if used.
func NewSymmetricCrypter ¶
NewSymmetricCrypter creates a crypter that encrypts and decrypts values using AES-256-GCM. The nonce is stored with the value itself as a pair of base64 values separated by a colon and a version tag `v1` is prepended.
func NewSymmetricCrypterFromPassphrase ¶
NewSymmetricCrypterFromPassphrase uses a passphrase and salt to generate a key, and then returns a crypter using it.
type Decrypter ¶
type Decrypter interface { DecryptValue(ctx context.Context, ciphertext string) (string, error) // BulkDecrypt supports bulk decryption of secrets. BulkDecrypt(ctx context.Context, ciphertexts []string) (map[string]string, error) }
Decrypter decrypts encrypted ciphertext to its plaintext representation.
func NewBlindingDecrypter ¶
func NewBlindingDecrypter() Decrypter
NewBlindingDecrypter returns a blinding decrypter.
type Key ¶
type Key struct {
// contains filtered or unexported fields
}
func MustMakeKey ¶
MustMakeKey constructs a config.Key for a given namespace and name. The namespace may not contain a `:`
func (Key) MarshalJSON ¶
func (Key) MarshalYAML ¶
func (*Key) UnmarshalJSON ¶
func (*Key) UnmarshalYAML ¶
type Map ¶
Map is a bag of config stored in the settings file.
func (Map) Decrypt ¶
Decrypt returns the configuration as a map from module member to decrypted value.
func (Map) Get ¶
Get gets the value for a given key. If path is true, the key's name portion is treated as a path.
func (Map) HasSecureValue ¶
HasSecureValue returns true if the config map contains a secure (encrypted) value.
func (Map) MarshalJSON ¶
func (Map) MarshalYAML ¶
func (Map) Remove ¶
Remove removes the value for a given key. If path is true, the key's name portion is treated as a path.
func (Map) SecureKeys ¶ added in v3.3.0
SecureKeys returns a list of keys that have secure values.
func (Map) Set ¶
Set sets the value for a given key. If path is true, the key's name portion is treated as a path.
func (*Map) UnmarshalJSON ¶
func (*Map) UnmarshalYAML ¶
type TrackingDecrypter ¶
TrackingDecrypter is a Decrypter that keeps track if decrypted values, which can be retrieved via SecureValues().
func NewTrackingDecrypter ¶
func NewTrackingDecrypter(decrypter Decrypter) TrackingDecrypter
NewTrackingDecrypter returns a Decrypter that keeps track of decrypted values.
type Value ¶
type Value struct {
// contains filtered or unexported fields
}
Value is a single config value.
func NewObjectValue ¶
func NewSecureObjectValue ¶
func NewSecureValue ¶
func (Value) MarshalJSON ¶
func (Value) MarshalYAML ¶
func (Value) ToObject ¶
ToObject returns the string value (if not an object), or the unmarshalled JSON object (if an object).