Back to godoc.org
gocloud.dev / secrets

Package secrets

v0.20.0
Latest Go to latest
Published: Jun 10, 2020 | License: Apache-2.0 | Module: gocloud.dev

Overview

Package secrets provides an easy and portable way to encrypt and decrypt messages. Subpackages contain driver implementations of secrets for supported services.

See https://gocloud.dev/howto/secrets/ for a detailed how-to guide.

OpenCensus Integration

OpenCensus supports tracing and metric collection for multiple languages and backend providers. See https://opencensus.io.

This API collects OpenCensus traces and metrics for the following methods:

- Encrypt
- Decrypt

All trace and metric names begin with the package import path. The traces add the method name. For example, "gocloud.dev/secrets/Encrypt". The metrics are "completed_calls", a count of completed method calls by driver, method and status (error code); and "latency", a distribution of method latency by driver and method. For example, "gocloud.dev/secrets/latency".

To enable trace collection in your application, see "Configure Exporter" at https://opencensus.io/quickstart/go/tracing. To enable metric collection in your application, see "Exporting stats" at https://opencensus.io/quickstart/go/metrics.

Example

Code:

ctx := context.Background()

sk, err := localsecrets.NewRandomKey()
if err != nil {
	log.Fatal(err)
}
keeper := localsecrets.NewKeeper(sk)
defer keeper.Close()

plaintext := []byte("Go CDK Secrets")
ciphertext, err := keeper.Encrypt(ctx, plaintext)
if err != nil {
	log.Fatal(err)
}

decrypted, err := keeper.Decrypt(ctx, ciphertext)
if err != nil {
	log.Fatal(err)
}
fmt.Println(string(decrypted))
Go CDK Secrets
Example (ErrorAs)

Code:

ctx := context.Background()

const url = "gcpkms://projects/proj/locations/global/keyRings/test/ring/wrongkey"
keeper, err := secrets.OpenKeeper(ctx, url)
if err != nil {
	log.Fatal(err)
}
defer keeper.Close()

plaintext := []byte("Go CDK secrets")
_, err = keeper.Encrypt(ctx, plaintext)
if err != nil {
	var s *status.Status
	if keeper.ErrorAs(err, &s) {
		fmt.Println(s.Code())
	}
}
Example (OpenFromURL)

Code:

ctx := context.Background()

k, err := secrets.OpenKeeper(ctx, "base64key://smGbjm71Nxd1Ig5FS0wj9SlbzAIrnolCz9bQQ6uAhl4=")
if err != nil {
	log.Fatal(err)
}
defer k.Close()

plaintext := []byte("Go CDK Secrets")
ciphertext, err := k.Encrypt(ctx, plaintext)
if err != nil {
	log.Fatal(err)
}
decrypted, err := k.Decrypt(ctx, ciphertext)
if err != nil {
	log.Fatal(err)
}
fmt.Println(string(decrypted))
Go CDK Secrets

Index

Examples

Package Files

Variables

var NewKeeper = newKeeper

NewKeeper is intended for use by drivers only. Do not use in application code.

var (

	// OpenCensusViews are predefined views for OpenCensus metrics.
	// The views include counts and latency distributions for API method calls.
	// See the example at https://godoc.org/go.opencensus.io/stats/view for usage.
	OpenCensusViews = oc.Views(pkgName, latencyMeasure)
)

type Keeper

type Keeper struct {
	// contains filtered or unexported fields
}

Keeper does encryption and decryption. To create a Keeper, use constructors found in driver subpackages.

func OpenKeeper

func OpenKeeper(ctx context.Context, urlstr string) (*Keeper, error)

OpenKeeper opens the Keeper identified by the URL given. See the URLOpener documentation in driver subpackages for details on supported URL formats, and https://gocloud.dev/concepts/urls for more information.

func (*Keeper) Close

func (k *Keeper) Close() error

Close releases any resources used for the Keeper.

func (*Keeper) Decrypt

func (k *Keeper) Decrypt(ctx context.Context, ciphertext []byte) (plaintext []byte, err error)

Decrypt decrypts the ciphertext and returns the plaintext.

Example

Code:

ctx := context.Background()
var keeper *secrets.Keeper

var cipherText []byte // obtained from elsewhere and random-looking
plainText, err := keeper.Decrypt(ctx, cipherText)
if err != nil {
	log.Fatal(err)
}

_ = plainText

func (*Keeper) Encrypt

func (k *Keeper) Encrypt(ctx context.Context, plaintext []byte) (ciphertext []byte, err error)

Encrypt encrypts the plaintext and returns the cipher message.

Example

Code:

ctx := context.Background()
var keeper *secrets.Keeper

plainText := []byte("Secrets secrets...")
cipherText, err := keeper.Encrypt(ctx, plainText)
if err != nil {
	log.Fatal(err)
}

_ = cipherText

func (*Keeper) ErrorAs

func (k *Keeper) ErrorAs(err error, i interface{}) bool

ErrorAs converts i to driver-specific types. See https://gocloud.dev/concepts/as/ for background information and the driver package documentation for the specific types supported for that driver.

ErrorAs panics if i is nil or not a pointer. ErrorAs returns false if err == nil.

type KeeperURLOpener

type KeeperURLOpener interface {
	OpenKeeperURL(ctx context.Context, u *url.URL) (*Keeper, error)
}

KeeperURLOpener represents types that can open Keepers based on a URL. The opener must not modify the URL argument. OpenKeeperURL must be safe to call from multiple goroutines.

This interface is generally implemented by types in driver packages.

type URLMux

type URLMux struct {
	// contains filtered or unexported fields
}

URLMux is a URL opener multiplexer. It matches the scheme of the URLs against a set of registered schemes and calls the opener that matches the URL's scheme. See https://gocloud.dev/concepts/urls/ for more information.

The zero value is a multiplexer with no registered schemes.

func DefaultURLMux

func DefaultURLMux() *URLMux

DefaultURLMux returns the URLMux used by OpenKeeper.

Driver packages can use this to register their KeeperURLOpener on the mux.

func (*URLMux) KeeperSchemes

func (mux *URLMux) KeeperSchemes() []string

KeeperSchemes returns a sorted slice of the registered Keeper schemes.

func (*URLMux) OpenKeeper

func (mux *URLMux) OpenKeeper(ctx context.Context, urlstr string) (*Keeper, error)

OpenKeeper calls OpenKeeperURL with the URL parsed from urlstr. OpenKeeper is safe to call from multiple goroutines.

func (*URLMux) OpenKeeperURL

func (mux *URLMux) OpenKeeperURL(ctx context.Context, u *url.URL) (*Keeper, error)

OpenKeeperURL dispatches the URL to the opener that is registered with the URL's scheme. OpenKeeperURL is safe to call from multiple goroutines.

func (*URLMux) RegisterKeeper

func (mux *URLMux) RegisterKeeper(scheme string, opener KeeperURLOpener)

RegisterKeeper registers the opener with the given scheme. If an opener already exists for the scheme, RegisterKeeper panics.

func (*URLMux) ValidKeeperScheme

func (mux *URLMux) ValidKeeperScheme(scheme string) bool

ValidKeeperScheme returns true iff scheme has been registered for Keepers.

Documentation was rendered with GOOS=linux and GOARCH=amd64.

Jump to identifier

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to identifier