dyno

package module
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 31, 2024 License: MIT Imports: 12 Imported by: 0

README

Dyno

Go Reference

Encrypt and decrypt DynamoDB primary key attribute values. You can either use AWS KMS (you don't manage keys, but its expensive) or a cipher with your own key. AES-GCM and ChaCha20-Poly1305 are supported.

Use it to ecnrypt last evaluated key values from DynamoDB Query responses. Clients can use these encrypted opaque values to paginate through queries.

License

Dyno is available under the terms of the MIT license.

Qube Cinema © 2023, 2024

Documentation

Overview

Package dyno provides a simple way to encrypt and decrypt dynamodb items with a KMS key. It is useful for passing sensitive information to a client. For example, the LastEvaluatedKey returned by a dynamodb query can be encrypted and passed to a client. The client can then pass the encrypted LastEvaluatedKey back to the server, which can decrypt it and use it to continue the query.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func WithEncryptionContext 

func WithEncryptionContext(ctx context.Context, ec map[string]string) context.Context

WithEncryptionContext returns a new context with the given AWS KMS encryption context.

Types

type Base64Bytes added in v1.0.1 

type Base64Bytes []byte

Base64Bytes reads a base64 encoded string and decodes it into a byte slice. Use it with the envconfig package to read bytes from an environment variable.

func (*Base64Bytes) Decode added in v1.0.1 

func (b *Base64Bytes) Decode(value string) (err error)

type KeyCrypter added in v1.2.0 

type KeyCrypter interface {
	// Encrypt encrypts a DynamoDB primary key item along with an encryption context.
	Encrypt(ctx context.Context, item map[string]types.AttributeValue) (string, error)
	// Decrypt decrypts a DynamoDB primary key item.
	// If the item was encrypted with an encryption context,
	// the same context must be provided to decrypt the item.
	Decrypt(ctx context.Context, item string) (map[string]types.AttributeValue, error)
}

KeyCrypter is an interface that encrypts and decrypts DynamoDB primary key attribute values.

func NewAESCrypter added in v1.3.0 

func NewAESCrypter(key []byte) (KeyCrypter, error)

NewAESCrypter creates a new KeyCrypter that encrypts DynamoDB primary key attributes with AES GCM encryption. The key must be 16, 24, or 32 bytes long to select AES-128, AES-192, or AES-256.

func NewChaCha20Poly1305Crypter added in v1.3.0 

func NewChaCha20Poly1305Crypter(key []byte) (KeyCrypter, error)

NewChaCha20Poly1305Crypter creates a new KeyCrypter that encrypts DynamoDB primary key attributes with ChaCha20-Poly1305 encryption. The key must be 32 bytes long.

func NewKMSCrypter added in v1.3.0 

func NewKMSCrypter(kmsKeyID string, kmsClient *kms.Client) KeyCrypter

NewKMSCrypter returns a KeyCrypter that encrypts and decrypts dynamodb primary key attributevalues using AWS KMS. The KMS key ID is the ARN of the KMS key used to encrypt and decrypt the items. The KMS client is used to call the KMS API. If nil, a new client will be created.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.