localsecrets

package
v0.40.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 10, 2024 License: Apache-2.0 Imports: 10 Imported by: 17

Documentation

Overview

Package localsecrets provides a secrets implementation using a locally provided symmetric key. Use NewKeeper to construct a *secrets.Keeper.

URLs

For secrets.OpenKeeper, localsecrets registers for the scheme "base64key". To customize the URL opener, or for more details on the URL format, see URLOpener. See https://gocloud.dev/concepts/urls/ for background information.

As

localsecrets does not support any types for As.

Example (OpenFromURL)
package main

import (
	"context"
	"log"

	"gocloud.dev/secrets"
)

func main() {
	// PRAGMA: This example is used on gocloud.dev; PRAGMA comments adjust how it is shown and can be ignored.

	// PRAGMA: On gocloud.dev, add a blank import: _ "gocloud.dev/secrets/localsecrets"

	// PRAGMA: On gocloud.dev, hide lines until the next blank line.
	ctx := context.Background()

	// Using "base64key://", a new random key will be generated.
	randomKeyKeeper, err := secrets.OpenKeeper(ctx, "base64key://")
	if err != nil {
		log.Fatal(err)
	}
	defer randomKeyKeeper.Close()

	// Otherwise, the URL hostname must be a base64-encoded key, of length 32 bytes when decoded.
	// Note that base64.URLEncode should be used, to avoid URL-unsafe characters.
	savedKeyKeeper, err := secrets.OpenKeeper(ctx, "base64key://smGbjm71Nxd1Ig5FS0wj9SlbzAIrnolCz9bQQ6uAhl4=")
	if err != nil {
		log.Fatal(err)
	}
	defer savedKeyKeeper.Close()
}
Output:

Index

Examples

Constants

View Source
const (
	Scheme = "base64key"
)

Scheme is the URL scheme localsecrets registers its URLOpener under on secrets.DefaultMux. See the package documentation and/or URLOpener for details.

Variables

This section is empty.

Functions

func Base64Key added in v0.12.0

func Base64Key(base64str string) ([32]byte, error)

Base64Key takes a secret key as a base64 string and converts it to a [32]byte, erroring if the decoded data is not 32 bytes. It uses base64.URLEncoding.

func Base64KeyStd added in v0.21.0

func Base64KeyStd(base64str string) ([32]byte, error)

Base64KeyStd takes a secret key as a base64 string and converts it to a [32]byte, erroring if the decoded data is not 32 bytes. It uses base64.StdEncoding.

func NewKeeper

func NewKeeper(sk [32]byte) *secrets.Keeper

NewKeeper returns a *secrets.Keeper that uses the given symmetric key. See the package documentation for an example.

Example
package main

import (
	"log"

	"gocloud.dev/secrets/localsecrets"
)

func main() {
	// PRAGMA: This example is used on gocloud.dev; PRAGMA comments adjust how it is shown and can be ignored.

	secretKey, err := localsecrets.NewRandomKey()
	if err != nil {
		log.Fatal(err)
	}
	keeper := localsecrets.NewKeeper(secretKey)
	defer keeper.Close()
}
Output:

func NewRandomKey added in v0.14.0

func NewRandomKey() ([32]byte, error)

NewRandomKey will generate random secret key material suitable to be used as the secret key argument to NewKeeper.

Types

type URLOpener added in v0.12.0

type URLOpener struct{}

URLOpener opens localsecrets URLs like "base64key://smGbjm71Nxd1Ig5FS0wj9SlbzAIrnolCz9bQQ6uAhl4=".

The URL host must be base64 encoded, and must decode to exactly 32 bytes. Note that base64.URLEncoding should be used to avoid URL-unsafe character in the hostname. If the URL host is empty (e.g., "base64key://"), a new random key is generated.

No query parameters are supported.

func (*URLOpener) OpenKeeperURL added in v0.12.0

func (o *URLOpener) OpenKeeperURL(ctx context.Context, u *url.URL) (*secrets.Keeper, error)

OpenKeeperURL opens Keeper URLs.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL