dyno

package module

v1.2.1 Latest Latest Go to latest Published: Aug 13, 2024 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/RealImage/dyno

Links

Open Source Insights

README ¶

Dyno

Encrypt and decrypt DynamoDB primary key attribute values. You can either use AWS KMS (don't manage keys; expensive) or AES with your choice of password.

Use it to send encrypted last evaluated key values that clients can use as cursors to paginate through DynamoDB results.

License

Dyno is available under the terms of the MIT license.

Documentation ¶

Overview ¶

Package dyno provides a simple way to encrypt and decrypt dynamodb items with a KMS key. It is useful for passing sensitive information to a client. For example, the LastEvaluatedKey returned by a dynamodb query can be encrypted and passed to a client. The client can then pass the encrypted LastEvaluatedKey back to the server, which can decrypt it and use it to continue the query.

Example:

// Create a new AesCrypter
crypter := dyno.NewAesCrypter([]byte("encryption-password"), []byte("salt"))

// Encrypt the lastEvaluatedKey
encryptedLastEvaluatedKey, err := crypter.Encrypt(ctx, map[string]string{
	"clientID": "1234",
}, lastEvaluatedKey)

// Pass the encryptedLastEvaluatedKey to the client in the response

// Client passes the encryptedLastEvaluatedKey back to the server in the next request

// Decrypt the encryptedLastEvaluatedKey
lastEvaluatedKey, err := crypter.Decrypt(ctx, map[string]string{
	"clientID": "1234",
}, encryptedLastEvaluatedKey)

Index ¶

func WithEncryptionContext(ctx context.Context, ec map[string]string) context.Context
type Base64Bytes
- func (b *Base64Bytes) Decode(value string) (err error)
type KeyCrypter
- func NewAesCrypter(password, salt []byte) (KeyCrypter, error)
- func NewKmsCrypter(kmsKeyID string, kmsClient *kms.Client) KeyCrypter

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func WithEncryptionContext ¶

func WithEncryptionContext(ctx context.Context, ec map[string]string) context.Context

WithEncryptionContext returns a new context with the given AWS KMS encryption context.

Types ¶

type Base64Bytes ¶ added in v1.0.1

type Base64Bytes []byte

Base64Bytes reads a base64 encoded string and decodes it into a byte slice. Use it with the envconfig package to read bytes from an environment variable.

func (*Base64Bytes) Decode ¶ added in v1.0.1

func (b *Base64Bytes) Decode(value string) (err error)

type KeyCrypter ¶ added in v1.2.0

type KeyCrypter interface {
	Encrypt(ctx context.Context, item map[string]types.AttributeValue) (string, error)
	Decrypt(ctx context.Context, item string) (map[string]types.AttributeValue, error)
}

KeyCrypter is an interface that encrypts and decrypts DynamoDB primary key attribute values.

func NewAesCrypter ¶ added in v1.2.0

func NewAesCrypter(password, salt []byte) (KeyCrypter, error)

NewAesCrypter creates a new KeyCrypter that encrypts DynamoDB primary key attributes with AES GCM encryption.

func NewKmsCrypter ¶ added in v1.2.0

func NewKmsCrypter(kmsKeyID string, kmsClient *kms.Client) KeyCrypter

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL