README
¶
Charm Crypt
We take privacy seriously. All data stored in the Charm Cloud is encrypted, decryptable only with your Charm account. That means even we don't have the ability to decrypt or view your data.
Usage
# encrypt secrets
charm crypt encrypt < secrets.md > encryptedsecrets.md
# decrypt secrets
charm crypt decrypt < encryptedsecrets.md
# am lost, need help
charm crypt -h
How it works
Encryption works by issuing symmetric keys (basically a generated password) and
encrypting it with the local SSH public key generated by charm. That
encrypted key is then sent up to our server. We can’t read it since we don’t
have your private key. When you want to decrypt something or view your stash,
that key is downloaded from our server and decrypted locally using the SSH
private key. When you link accounts, the symmetric key is encrypted for each
new public key. This happens on your machine and not our server, so we never
see any unencrypted data from you.
Documentation
¶
Overview ¶
Package crypt provides encryption writer/readers.
Index ¶
- Variables
- type Crypt
- func (cr *Crypt) DecryptLookupField(field string) (string, error)
- func (cr *Crypt) EncryptLookupField(field string) (string, error)
- func (cr *Crypt) Keys() []*charm.EncryptKey
- func (cr *Crypt) NewDecryptedReader(r io.Reader) (*DecryptedReader, error)
- func (cr *Crypt) NewEncryptedWriter(w io.Writer) (*EncryptedWriter, error)
- type DecryptedReader
- type EncryptedWriter
Constants ¶
This section is empty.
Variables ¶
var ErrIncorrectEncryptKeys = fmt.Errorf("incorrect or missing encrypt keys")
ErrIncorrectEncryptKeys is returned when the encrypt keys are missing or incorrect for the encrypted data.
Functions ¶
This section is empty.
Types ¶
type Crypt ¶
type Crypt struct {
// contains filtered or unexported fields
}
Crypt manages the account and encryption keys used for encrypting and decrypting.
func NewCrypt ¶
NewCrypt authenticates a user to the Charm Cloud and returns a Crypt struct ready for encrypting and decrypting.
func (*Crypt) DecryptLookupField ¶
DecryptLookupField decrypts a string encrypted with EncryptLookupField.
func (*Crypt) EncryptLookupField ¶
EncryptLookupField will deterministically encrypt a string and the same encrypted value every time this string is encrypted with the same EncryptKey. This is useful if you need to look up an encrypted value without knowing the plaintext on the storage side. For writing encrypted data, use EncrytpedWriter which is non-deterministic.
func (*Crypt) Keys ¶ added in v0.10.0
func (cr *Crypt) Keys() []*charm.EncryptKey
Keys returns the EncryptKeys this Crypt is using.
func (*Crypt) NewDecryptedReader ¶
func (cr *Crypt) NewDecryptedReader(r io.Reader) (*DecryptedReader, error)
NewDecryptedReader creates a new Reader that will read from and decrypt the passed in io.Reader of encrypted data.
func (*Crypt) NewEncryptedWriter ¶
func (cr *Crypt) NewEncryptedWriter(w io.Writer) (*EncryptedWriter, error)
NewEncryptedWriter creates a new Writer that encrypts all data and writes the encrypted data to the supplied io.Writer.
type DecryptedReader ¶
type DecryptedReader struct {
// contains filtered or unexported fields
}
DecryptedReader is an io.Reader that decrypts data from an encrypted underlying io.Reader.
type EncryptedWriter ¶
type EncryptedWriter struct {
// contains filtered or unexported fields
}
EncryptedWriter is an io.WriteCloser. All data written to this writer is encrypted before being written to the underlying io.Writer.
func (*EncryptedWriter) Close ¶
func (ew *EncryptedWriter) Close() error
Close closes the underlying io.WriteCloser.
Source Files