Documentation
¶
Overview ¶
Package secret provides types to guard your secret values from leaking into logs, std* etc.
The objective is to disallow writing/serializing of secret values to std*, logs, JSON string etc. but provide access to the secret when requested explicitly.
Index ¶
- Constants
- Variables
- type Key
- func (k *Key) Base64() string
- func (k *Key) Equals(s2 *Key) bool
- func (s Key) LogValue() slog.Value
- func (k Key) MarshalJSON() ([]byte, error)
- func (k *Key) MarshalText() ([]byte, error)
- func (k *Key) Raw() []byte
- func (s *Key) Scan(src any) error
- func (k *Key) String() string
- func (k *Key) UnmarshalJSON(b []byte) error
- func (k *Key) UnmarshalText(b []byte) error
- func (k Key) Value() (driver.Value, error)
- type SealedKey
- func (k *SealedKey) Base64() string
- func (k *SealedKey) Equals(s2 *SealedKey) bool
- func (s SealedKey) LogValue() slog.Value
- func (k SealedKey) MarshalJSON() ([]byte, error)
- func (k *SealedKey) MarshalText() ([]byte, error)
- func (k *SealedKey) Open(encryptionKey *Key) (*Key, error)
- func (k *SealedKey) OpenWithEnclave(enclave *memguard.Enclave) (*Key, error)
- func (k *SealedKey) Raw() []byte
- func (s *SealedKey) Scan(src any) error
- func (k *SealedKey) String() string
- func (k *SealedKey) UnmarshalJSON(b []byte) error
- func (k *SealedKey) UnmarshalText(b []byte) error
- func (k SealedKey) Value() (driver.Value, error)
- type Text
- func (s *Text) Equals(s2 Text) bool
- func (s Text) LogValue() slog.Value
- func (s Text) MarshalJSON() ([]byte, error)
- func (s Text) MarshalText() ([]byte, error)
- func (s Text) Raw() string
- func (s *Text) Scan(src any) error
- func (s Text) String() string
- func (s *Text) UnmarshalJSON(b []byte) error
- func (s *Text) UnmarshalText(b []byte) error
- func (s Text) Value() (driver.Value, error)
Constants ¶
const KeyLength = 32
const RedactText string = "*****"
RedactText is used by default if no other redact hint is given.
const (
SealedKeyLength = nonceLength + KeyLength + secretbox.Overhead
)
Variables ¶
var Empty = NewText("")
var ErrInvalidKeySize = errors.New("invalid key size")
Functions ¶
This section is empty.
Types ¶
type Key ¶
type Key struct {
// contains filtered or unexported fields
}
func KeyFromBase64 ¶
func KeyFromRaw ¶
func (Key) MarshalJSON ¶
MarshalJSON allows Key to be serialized into a JSON string. Only the redact hint is part of the the JSON string.
func (*Key) MarshalText ¶
MarshalKey implements encoding.KeyMarshaler. It marshals redact string into bytes rather than the actual secret value.
func (*Key) String ¶
String implements the fmt.Stringer interface and returns only the redact hint. This prevents the secret value from being printed to std*, logs etc.
func (*Key) UnmarshalJSON ¶
UnmarshalJSON allows a JSON string to be deserialized into a Key value. DefaultRedact is set as the redact hint.
func (*Key) UnmarshalText ¶
UnmarshalKey implements encoding.KeyUnmarshaler. It unmarshals b into receiver's new secret value. If redact string is present then it is reused otherwise [DefaultRedact] is used.
type SealedKey ¶
type SealedKey struct {
// contains filtered or unexported fields
}
func SealKeyWithEnclave ¶
func SealedKeyFromBase64 ¶
func (SealedKey) MarshalJSON ¶
MarshalJSON allows Key to be serialized into a JSON string. Only the redact hint is part of the the JSON string.
func (*SealedKey) MarshalText ¶
MarshalKey implements encoding.KeyMarshaler. It marshals redact string into bytes rather than the actual secret value.
func (*SealedKey) OpenWithEnclave ¶
func (*SealedKey) String ¶
String implements the fmt.Stringer interface and returns only the redact hint. This prevents the secret value from being printed to std*, logs etc.
func (*SealedKey) UnmarshalJSON ¶
UnmarshalJSON allows a JSON string to be deserialized into a Key value. DefaultRedact is set as the redact hint.
func (*SealedKey) UnmarshalText ¶
UnmarshalKey implements encoding.KeyUnmarshaler. It unmarshals b into receiver's new secret value. If redact string is present then it is reused otherwise [DefaultRedact] is used.
type Text ¶
type Text struct {
// contains filtered or unexported fields
}
Text provides a way to safely store your secret value and a corresponding redact hint. This redact hint what is used in operations like printing and serializing. The default value of Text is usable.
func NewText ¶
NewText creates a new Text instance with s as the secret value. Multiple option functions can be passed to alter default behavior.
func (Text) MarshalJSON ¶
MarshalJSON allows Text to be serialized into a JSON string. Only the redact hint is part of the the JSON string.
func (Text) MarshalText ¶
MarshalText implements encoding.TextMarshaler. It marshals redact string into bytes rather than the actual secret value.
func (Text) String ¶
String implements the fmt.Stringer interface and returns only the redact hint. This prevents the secret value from being printed to std*, logs etc.
func (*Text) UnmarshalJSON ¶
UnmarshalJSON allows a JSON string to be deserialized into a Text value. RedactText is set as the redact hint.
func (*Text) UnmarshalText ¶
UnmarshalText implements encoding.TextUnmarshaler. It unmarshals b into receiver's new secret value. If redact string is present then it is reused otherwise RedactText is used.
Source Files