encryption

package
v0.375.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 1, 2024 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Builder added in v0.363.0

type Builder struct {
	// contains filtered or unexported fields
}

Builder constructs a DataEncryptor when used with a provider. Use a chain of With* methods to configure the builder.

func NewBuilder added in v0.363.0

func NewBuilder() Builder

func (Builder) Build added in v0.363.0

func (b Builder) Build(ctx context.Context, provider api.KeyStoreProvider) (api.DataEncryptor, error)

func (Builder) WithKMSURI added in v0.363.0

func (b Builder) WithKMSURI(kmsURI optional.Option[string]) Builder

WithKMSURI sets the URI for the KMS key to use. Omitting this call or using None will create a NoOpEncryptor.

type KMSEncryptor added in v0.363.0

type KMSEncryptor struct {
	// contains filtered or unexported fields
}

KMSEncryptor encrypts and decrypts using a KMS key via tink.

func NewKMSEncryptorWithKMS added in v0.363.0

func NewKMSEncryptorWithKMS(uri string, v1client *kms.KMS, encryptedKeyset []byte) (*KMSEncryptor, error)

func (*KMSEncryptor) Decrypt added in v0.363.0

func (k *KMSEncryptor) Decrypt(encrypted api.Encrypted) ([]byte, error)

func (*KMSEncryptor) Encrypt added in v0.363.0

func (k *KMSEncryptor) Encrypt(cleartext []byte, dest api.Encrypted) error

func (*KMSEncryptor) GetEncryptedKeyset added in v0.363.0

func (k *KMSEncryptor) GetEncryptedKeyset() []byte

type NoOpEncryptor added in v0.363.0

type NoOpEncryptor struct{}

NoOpEncryptor does not encrypt and just passes the input as is.

func NewNoOpEncryptor added in v0.363.0

func NewNoOpEncryptor() NoOpEncryptor

func (NoOpEncryptor) Decrypt added in v0.363.0

func (n NoOpEncryptor) Decrypt(encrypted api.Encrypted) ([]byte, error)

func (NoOpEncryptor) Encrypt added in v0.363.0

func (n NoOpEncryptor) Encrypt(cleartext []byte, dest api.Encrypted) error

type Service

type Service struct {
	// contains filtered or unexported fields
}

func New

func New(ctx context.Context, conn libdal.Connection, encryptionBuilder Builder) (*Service, error)

func (*Service) AEAD added in v0.370.0

func (s *Service) AEAD() (tink.AEAD, error)

AEAD returns the AEAD instance used by the encryptor. TODO: Remove this method once we have a better way to handle this.

func (*Service) Decrypt

func (s *Service) Decrypt(encrypted api.Encrypted) ([]byte, error)

func (*Service) DecryptJSON

func (s *Service) DecryptJSON(encrypted api.Encrypted, v any) error

DecryptJSON decrypts the given encrypted object and stores it in the provided destination.

func (*Service) Encrypt

func (s *Service) Encrypt(cleartext []byte, dest api.Encrypted) error

func (*Service) EncryptJSON

func (s *Service) EncryptJSON(v any, dest api.Encrypted) error

EncryptJSON encrypts the given JSON object and stores it in the provided destination.

Directories

Path Synopsis
internal
dal
sql

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL