simple-example

command

v0.4.0 Latest Latest Go to latest Published: Apr 16, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/IronCoreLabs/tenant-security-client-go

Links

Open Source Insights

README ¶

Simple Round-Trip Example

In order to run this example, you need to be running a Tenant Security Proxy (TSP) on your machine. Check the README.md file in the parent directory to see how to start the TSP, if you haven't done so yet.

Once the TSP is running, you can experiment with this example Go program. It illustrates the basics of how to use the Tenant Security Client (TSC) SDK to encrypt and decrypt data. The example code shows two scenarios:

encryption and decryption of a record that you might store in a key-value store or a database
encryption and decryption of a file, using the file-system for storage

To run the example, you will need to have Go 1.17+ installed on your computer.

export API_KEY='0WUaXesNgbTAuLwn'
go run .

We've assigned an API key for you, but in production you will make your own and edit the TSP configuration with it. This should produce output like:

Using tenant tenant-gcp-l
Decrypted SSN: 000-12-2345
Decrypted address: 2825-519 Stone Creek Rd, Bozeman, MT 59715
Decrypted name: Jim Bridger
Wrote encrypted file to success.jpg.enc
Wrote edek to success.jpg.edek
Wrote decrypted file to decrypted.jpg

The decrypted output is printed after round-tripping encryption and decryption of the customer record.

If you look in the current directory, you'll find a success.jpg file. The example code encrypted that file to produce a success.jpg.enc file containing the encrypted file data, and a second file success.jpg.edek that contains the Encrypted Data Encryption Key (EDEK) that is required to decrypt the file. It then used that EDEK to decrypt the .enc file, writing a decrypted.jpg file.

If you do a cksum success.jpg decrypted.jpg, you can confirm that the decrypted file is identical to the original.

When you run the example, you should see a number of INFO outputs generated by your TSP indicating that it was wrapping a new DEK using the KMS, then unwrapping an EDEK.

If you would like to experiment with a different tenant, just do:

export API_KEY='0WUaXesNgbTAuLwn'
export TENANT_ID=<selected-tenant-ID>
go run .

The list of available tenants is listed in the README.md in the parent directory.

If you set the tenant to tenant-gcp-l and run the program, then compare the logs generated by the TSP to the logs generated when you use tenant-gcp, you can see the difference between using a KMS configuration that has key leasing enabled vs. one that does not.

Additional Resources

If you would like some more in-depth information, our website features a section of technical documentation about the SaaS Shield product.

Documentation ¶

Overview ¶

nolint: forbidigo

Source Files ¶

View all Source files

simple-example.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL