dyno

package module

v1.1.0 Latest Latest Go to latest Published: Aug 7, 2024 License: MIT Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/RealImage/dyno

Links

Open Source Insights

README ¶

Dyno

Encrypt and decrypt DynamoDB table attribute value maps using either AWS KMS or AES with a password. Useful for sending clients the LastEvaluatedKey from the result of a DynamoDB Query or Scan operation, for paginating results without leaking sensitive information.

License

Dyno is available under the terms of the MIT license.

Documentation ¶

Overview ¶

Package dyno provides a simple way to encrypt and decrypt dynamodb items with a KMS key. It is useful for passing sensitive information to a client. For example, the LastEvaluatedKey returned by a dynamodb query can be encrypted and passed to a client. The client can then pass the encrypted LastEvaluatedKey back to the server, which can decrypt it and use it to continue the query.

Example:

// Create a new CryptedItem
cryptedItem := dyno.NewCryptedItem("alias/my-kms-key", kmsClient)

// Encrypt the lastEvaluatedKey
encryptedLastEvaluatedKey, err := cryptedItem.Encrypt(ctx, map[string]string{
	"clientID": "1234",
}, lastEvaluatedKey)

// Pass the encryptedLastEvaluatedKey to the client

// Client passes the encryptedLastEvaluatedKey back to the server

// Decrypt the encryptedLastEvaluatedKey
lastEvaluatedKey, err := cryptedItem.Decrypt(ctx, map[string]string{
	"clientID": "1234",
}, encryptedLastEvaluatedKey)

Index ¶

func WithEncryptionContext(ctx context.Context, ec map[string]string) context.Context
type Base64Bytes
- func (b *Base64Bytes) Decode(value string) (err error)
type ItemCrypter
- func NewAesItemCrypter(password, salt []byte) (ItemCrypter, error)
- func NewKmsItemCrypter(kmsKeyID string, kmsClient *kms.Client) ItemCrypter

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func WithEncryptionContext ¶

func WithEncryptionContext(ctx context.Context, ec map[string]string) context.Context

WithEncryptionContext returns a new context with the given AWS KMS encryption context.

Types ¶

type Base64Bytes ¶ added in v1.0.1

type Base64Bytes []byte

Base64Bytes reads a base64 encoded string and decodes it into a byte slice. Use it with the envconfig package to read bytes from an environment variable.

func (*Base64Bytes) Decode ¶ added in v1.0.1

func (b *Base64Bytes) Decode(value string) (err error)

type ItemCrypter ¶

type ItemCrypter interface {
	Encrypt(ctx context.Context, item map[string]types.AttributeValue) (string, error)
	Decrypt(ctx context.Context, item string) (map[string]types.AttributeValue, error)
}

ItemCrypter is an interface that encrypts and decrypts dynamodb items.

func NewAesItemCrypter ¶

func NewAesItemCrypter(password, salt []byte) (ItemCrypter, error)

NewAesItemCrypter creates a new ItemCrypter that uses AES GCM encryption.

func NewKmsItemCrypter ¶

func NewKmsItemCrypter(kmsKeyID string, kmsClient *kms.Client) ItemCrypter

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL