Documentation

Overview

Package secrets provides an easy and portable way to encrypt and decrypt messages. Subpackages contain driver implementations of secrets for supported services.

See https://gocloud.dev/howto/secrets/ for a detailed how-to guide.

OpenCensus Integration

OpenCensus supports tracing and metric collection for multiple languages and backend providers. See https://opencensus.io.

This API collects OpenCensus traces and metrics for the following methods:

- Encrypt
- Decrypt

All trace and metric names begin with the package import path. The traces add the method name. For example, "gocloud.dev/secrets/Encrypt". The metrics are "completed_calls", a count of completed method calls by driver, method and status (error code); and "latency", a distribution of method latency by driver and method. For example, "gocloud.dev/secrets/latency".

To enable trace collection in your application, see "Configure Exporter" at https://opencensus.io/quickstart/go/tracing. To enable metric collection in your application, see "Exporting stats" at https://opencensus.io/quickstart/go/metrics.

Example
Output:

Go CDK Secrets
Example (ErrorAs)
Output:

Example (OpenFromURL)
Output:

Go CDK Secrets

Index

Examples

Constants

This section is empty.

Variables

View Source
var NewKeeper = newKeeper

    NewKeeper is intended for use by drivers only. Do not use in application code.

    View Source
    var (
    
    	// OpenCensusViews are predefined views for OpenCensus metrics.
    	// The views include counts and latency distributions for API method calls.
    	// See the example at https://godoc.org/go.opencensus.io/stats/view for usage.
    	OpenCensusViews = oc.Views(pkgName, latencyMeasure)
    )

    Functions

    This section is empty.

    Types

    type Keeper

    type Keeper struct {
    	// contains filtered or unexported fields
    }

      Keeper does encryption and decryption. To create a Keeper, use constructors found in driver subpackages.

      func OpenKeeper

      func OpenKeeper(ctx context.Context, urlstr string) (*Keeper, error)

        OpenKeeper opens the Keeper identified by the URL given. See the URLOpener documentation in driver subpackages for details on supported URL formats, and https://gocloud.dev/concepts/urls for more information.

        func (*Keeper) Close

        func (k *Keeper) Close() error

          Close releases any resources used for the Keeper.

          func (*Keeper) Decrypt

          func (k *Keeper) Decrypt(ctx context.Context, ciphertext []byte) (plaintext []byte, err error)

            Decrypt decrypts the ciphertext and returns the plaintext.

            Example
            Output:
            
            

            func (*Keeper) Encrypt

            func (k *Keeper) Encrypt(ctx context.Context, plaintext []byte) (ciphertext []byte, err error)

              Encrypt encrypts the plaintext and returns the cipher message.

              Example
              Output:
              
              

              func (*Keeper) ErrorAs

              func (k *Keeper) ErrorAs(err error, i interface{}) bool

                ErrorAs converts i to driver-specific types. See https://gocloud.dev/concepts/as/ for background information and the driver package documentation for the specific types supported for that driver.

                ErrorAs panics if i is nil or not a pointer. ErrorAs returns false if err == nil.

                type KeeperURLOpener

                type KeeperURLOpener interface {
                	OpenKeeperURL(ctx context.Context, u *url.URL) (*Keeper, error)
                }

                  KeeperURLOpener represents types that can open Keepers based on a URL. The opener must not modify the URL argument. OpenKeeperURL must be safe to call from multiple goroutines.

                  This interface is generally implemented by types in driver packages.

                  type URLMux

                  type URLMux struct {
                  	// contains filtered or unexported fields
                  }

                    URLMux is a URL opener multiplexer. It matches the scheme of the URLs against a set of registered schemes and calls the opener that matches the URL's scheme. See https://gocloud.dev/concepts/urls/ for more information.

                    The zero value is a multiplexer with no registered schemes.

                    func DefaultURLMux

                    func DefaultURLMux() *URLMux

                      DefaultURLMux returns the URLMux used by OpenKeeper.

                      Driver packages can use this to register their KeeperURLOpener on the mux.

                      func (*URLMux) KeeperSchemes

                      func (mux *URLMux) KeeperSchemes() []string

                        KeeperSchemes returns a sorted slice of the registered Keeper schemes.

                        func (*URLMux) OpenKeeper

                        func (mux *URLMux) OpenKeeper(ctx context.Context, urlstr string) (*Keeper, error)

                          OpenKeeper calls OpenKeeperURL with the URL parsed from urlstr. OpenKeeper is safe to call from multiple goroutines.

                          func (*URLMux) OpenKeeperURL

                          func (mux *URLMux) OpenKeeperURL(ctx context.Context, u *url.URL) (*Keeper, error)

                            OpenKeeperURL dispatches the URL to the opener that is registered with the URL's scheme. OpenKeeperURL is safe to call from multiple goroutines.

                            func (*URLMux) RegisterKeeper

                            func (mux *URLMux) RegisterKeeper(scheme string, opener KeeperURLOpener)

                              RegisterKeeper registers the opener with the given scheme. If an opener already exists for the scheme, RegisterKeeper panics.

                              func (*URLMux) ValidKeeperScheme

                              func (mux *URLMux) ValidKeeperScheme(scheme string) bool

                                ValidKeeperScheme returns true iff scheme has been registered for Keepers.

                                Source Files

                                Directories

                                Path Synopsis
                                Package awskms provides a secrets implementation backed by AWS KMS.
                                Package awskms provides a secrets implementation backed by AWS KMS.
                                Package azurekeyvault provides a secrets implementation backed by Azure KeyVault.
                                Package azurekeyvault provides a secrets implementation backed by Azure KeyVault.
                                Package driver defines interfaces to be implemented by secrets drivers, which will be used by the secrets package to interact with the underlying services.
                                Package driver defines interfaces to be implemented by secrets drivers, which will be used by the secrets package to interact with the underlying services.
                                Package drivertest provides a conformance test for implementations of the secrets driver.
                                Package drivertest provides a conformance test for implementations of the secrets driver.
                                Package gcpkms provides a secrets implementation backed by Google Cloud KMS.
                                Package gcpkms provides a secrets implementation backed by Google Cloud KMS.
                                hashivault module
                                Package localsecrets provides a secrets implementation using a locally provided symmetric key.
                                Package localsecrets provides a secrets implementation using a locally provided symmetric key.
                                vault module