age

package
v3.9.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 16, 2024 License: MPL-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// SopsAgeKeyEnv can be set as an environment variable with a string list
	// of age keys as value.
	SopsAgeKeyEnv = "SOPS_AGE_KEY"
	// SopsAgeKeyFileEnv can be set as an environment variable pointing to an
	// age keys file.
	SopsAgeKeyFileEnv = "SOPS_AGE_KEY_FILE"
	// SopsAgeKeyUserConfigPath is the default age keys file path in
	// getUserConfigDir().
	SopsAgeKeyUserConfigPath = "sops/age/keys.txt"

	// KeyTypeIdentifier is the string used to identify an age MasterKey.
	KeyTypeIdentifier = "age"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type MasterKey

type MasterKey struct {
	// Identity used to contain a Bench32-encoded private key.
	// Deprecated: private keys are no longer publicly exposed.
	// Instead, they are either injected by a (local) key service server
	// using ParsedIdentities.ApplyToMasterKey, or loaded from the runtime
	// environment (variables) as defined by the `SopsAgeKey*` constants.
	Identity string
	// Recipient contains the Bench32-encoded age public key used to Encrypt.
	Recipient string
	// EncryptedKey contains the SOPS data key encrypted with age.
	EncryptedKey string
	// contains filtered or unexported fields
}

MasterKey is an age key used to Encrypt and Decrypt SOPS' data key.

func MasterKeyFromRecipient

func MasterKeyFromRecipient(recipient string) (*MasterKey, error)

MasterKeyFromRecipient takes a Bech32-encoded age public key, parses it, and returns a new MasterKey.

func MasterKeysFromRecipients

func MasterKeysFromRecipients(commaSeparatedRecipients string) ([]*MasterKey, error)

MasterKeysFromRecipients takes a comma-separated list of Bech32-encoded public keys, parses them, and returns a slice of new MasterKeys.

func (*MasterKey) Decrypt

func (key *MasterKey) Decrypt() ([]byte, error)

Decrypt decrypts the EncryptedKey with the parsed or loaded identities, and returns the result.

func (*MasterKey) Encrypt

func (key *MasterKey) Encrypt(dataKey []byte) error

Encrypt takes a SOPS data key, encrypts it with the Recipient, and stores the result in the EncryptedKey field.

func (*MasterKey) EncryptIfNeeded

func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error

EncryptIfNeeded encrypts the provided SOPS data key, if it has not been encrypted yet.

func (*MasterKey) EncryptedDataKey

func (key *MasterKey) EncryptedDataKey() []byte

EncryptedDataKey returns the encrypted SOPS data key this master key holds.

func (*MasterKey) NeedsRotation

func (key *MasterKey) NeedsRotation() bool

NeedsRotation returns whether the data key needs to be rotated or not.

func (*MasterKey) SetEncryptedDataKey

func (key *MasterKey) SetEncryptedDataKey(enc []byte)

SetEncryptedDataKey sets the encrypted SOPS data key for this master key.

func (*MasterKey) ToMap

func (key *MasterKey) ToMap() map[string]interface{}

ToMap converts the MasterKey to a map for serialization purposes.

func (*MasterKey) ToString

func (key *MasterKey) ToString() string

ToString converts the key to a string representation.

func (*MasterKey) TypeToIdentifier

func (key *MasterKey) TypeToIdentifier() string

TypeToIdentifier returns the string identifier for the MasterKey type.

type ParsedIdentities

type ParsedIdentities []age.Identity

ParsedIdentities contains a set of parsed age identities. It allows for creating a (local) keyservice.KeyServiceServer which parses identities only once, to then inject them using ApplyToMasterKey() for all requests.

func (ParsedIdentities) ApplyToMasterKey

func (i ParsedIdentities) ApplyToMasterKey(key *MasterKey)

ApplyToMasterKey configures the ParsedIdentities on the provided key.

func (*ParsedIdentities) Import

func (i *ParsedIdentities) Import(identity ...string) error

Import attempts to parse the given identities, to then add them to itself. It returns any parsing error. A single identity argument is allowed to be a multiline string containing multiple identities. Empty lines and lines starting with "#" are ignored. It is not thread safe, and parallel importing would better be done by parsing (using age.ParseIdentities) and appending to the slice yourself, in combination with e.g. a sync.Mutex.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL