Documentation ¶
Overview ¶
Package localsecrets provides a secrets implementation using a locally provided symmetric key. Use NewKeeper to construct a *secrets.Keeper.
URLs ¶
For secrets.OpenKeeper, localsecrets registers for the scheme "base64key". To customize the URL opener, or for more details on the URL format, see URLOpener. See https://gocloud.dev/concepts/urls/ for background information.
As ¶
localsecrets does not support any types for As.
Example (OpenFromURL) ¶
package main import ( "context" "log" "gocloud.dev/secrets" ) func main() { // PRAGMA: This example is used on gocloud.dev; PRAGMA comments adjust how it is shown and can be ignored. // PRAGMA: On gocloud.dev, add a blank import: _ "gocloud.dev/secrets/localsecrets" // PRAGMA: On gocloud.dev, hide lines until the next blank line. ctx := context.Background() // Using "base64key://", a new random key will be generated. randomKeyKeeper, err := secrets.OpenKeeper(ctx, "base64key://") if err != nil { log.Fatal(err) } defer randomKeyKeeper.Close() // Otherwise, the URL hostname must be a base64-encoded key, of length 32 bytes when decoded. // Note that base64.URLEncode should be used, to avoid URL-unsafe characters. savedKeyKeeper, err := secrets.OpenKeeper(ctx, "base64key://smGbjm71Nxd1Ig5FS0wj9SlbzAIrnolCz9bQQ6uAhl4=") if err != nil { log.Fatal(err) } defer savedKeyKeeper.Close() }
Output:
Index ¶
Examples ¶
Constants ¶
const (
Scheme = "base64key"
)
Scheme is the URL scheme localsecrets registers its URLOpener under on secrets.DefaultMux. See the package documentation and/or URLOpener for details.
Variables ¶
This section is empty.
Functions ¶
func Base64Key ¶ added in v0.12.0
Base64Key takes a secret key as a base64 string and converts it to a [32]byte, erroring if the decoded data is not 32 bytes. It uses base64.URLEncoding.
func Base64KeyStd ¶ added in v0.21.0
Base64KeyStd takes a secret key as a base64 string and converts it to a [32]byte, erroring if the decoded data is not 32 bytes. It uses base64.StdEncoding.
func NewKeeper ¶
NewKeeper returns a *secrets.Keeper that uses the given symmetric key. See the package documentation for an example.
Example ¶
package main import ( "log" "gocloud.dev/secrets/localsecrets" ) func main() { // PRAGMA: This example is used on gocloud.dev; PRAGMA comments adjust how it is shown and can be ignored. secretKey, err := localsecrets.NewRandomKey() if err != nil { log.Fatal(err) } keeper := localsecrets.NewKeeper(secretKey) defer keeper.Close() }
Output:
func NewRandomKey ¶ added in v0.14.0
NewRandomKey will generate random secret key material suitable to be used as the secret key argument to NewKeeper.
Types ¶
type URLOpener ¶ added in v0.12.0
type URLOpener struct{}
URLOpener opens localsecrets URLs like "base64key://smGbjm71Nxd1Ig5FS0wj9SlbzAIrnolCz9bQQ6uAhl4=".
The URL host must be base64 encoded, and must decode to exactly 32 bytes. Note that base64.URLEncoding should be used to avoid URL-unsafe character in the hostname. If the URL host is empty (e.g., "base64key://"), a new random key is generated.
No query parameters are supported.