Documentation
¶
Index ¶
- Constants
- Variables
- func CreateKey(ctx context.Context, kid string, opts ...KeyOptions) error
- func CreateKeyWithUUID(ctx context.Context, kid uuid.UUID, opts ...KeyOptions) error
- func Decrypt(ctx context.Context, raw *EncryptedRaw, dest interface{}) error
- func Use()
- type Algorithm
- type DataEncryptionProperties
- type EncryptedMap
- type EncryptedRaw
- type Encryptor
- type KeyOperations
- type KeyOptions
- type KeyProperties
- type KeyType
- type Version
Constants ¶
View Source
const ( KeyTypeAES128 = "aes128-gcm96" KeyTypeAES256 = "aes256-gcm96" KeyTypeChaCha20 = "chacha20-poly1305" KeyTypeED25519 = "ed25519" KeyTypeECDSA256 = "ecdsa-p256" KeyTypeECDSA384 = "ecdsa-p384" KeyTypeECDSA521 = "ecdsa-p521" KeyTypeRSA2048 = "rsa-2048" KeyTypeRSA3072 = "rsa-3072" KeyTypeRSA4096 = "rsa-4096" )
https://www.vaultproject.io/api/secret/transit#create-key
View Source
const (
PropertiesPrefix = "data.encryption"
)
Variables ¶
View Source
var ( ErrUnsupportedVersion = data.NewDataError(data.ErrorCodeOrmMapping, "unsupported version of encrypted data format") ErrUnsupportedAlgorithm = data.NewDataError(data.ErrorCodeOrmMapping, "unsupported encryption algorithm of data") ErrInvalidFormat = data.NewDataError(data.ErrorCodeOrmMapping, "invalid encrypted data") ErrInvalidV1Format = data.NewDataError(data.ErrorCodeOrmMapping, "invalid V1 data payload format") )
View Source
var Module = &bootstrap.Module{ Name: "data-encryption", Precedence: bootstrap.DatabasePrecedence, Options: []fx.Option{ appconfig.FxEmbeddedDefaults(defaultConfigFS), fx.Provide(BindDataEncryptionProperties, provideEncryptor), fx.Invoke(initialize), }, }
Functions ¶
func CreateKey ¶
func CreateKey(ctx context.Context, kid string, opts ...KeyOptions) error
CreateKey create keys with given key ID. Note: KeyOptions is for future support, it's currently ignored
func CreateKeyWithUUID ¶
CreateKeyWithUUID create keys with given key ID. Note: KeyOptions is for future support, it's currently ignored
Types ¶
type Algorithm ¶
type Algorithm string
func (*Algorithm) UnmarshalText ¶
UnmarshalText implements encoding.TextUnmarshaler
type DataEncryptionProperties ¶
type DataEncryptionProperties struct {
Enabled bool `json:"enabled"`
Key KeyProperties `json:"key"`
}
func BindDataEncryptionProperties ¶
func BindDataEncryptionProperties(ctx *bootstrap.ApplicationContext) DataEncryptionProperties
BindDataEncryptionProperties create and bind SessionProperties, with a optional prefix
func NewDataEncryptionProperties ¶
func NewDataEncryptionProperties() *DataEncryptionProperties
NewDataEncryptionProperties create a CockroachProperties with default values
type EncryptedMap ¶
type EncryptedMap struct {
EncryptedRaw
Data map[string]interface{} `json:"-"`
}
func NewEncryptedMap ¶
func NewEncryptedMap(kid uuid.UUID, v map[string]interface{}) *EncryptedMap
func (*EncryptedMap) Scan ¶
func (d *EncryptedMap) Scan(src interface{}) error
Scan implements sql.Scanner
type EncryptedRaw ¶
type EncryptedRaw struct {
Ver Version `json:"v"`
KeyID string `json:"kid,omitempty"`
Alg Algorithm `json:"alg,omitempty"`
Raw json.RawMessage `json:"d,omitempty"`
}
EncryptedRaw is the carrier of encrypted data this data type implements gorm.Valuer, schema.GormDataTypeInterface
func Encrypt ¶
func Encrypt(ctx context.Context, kid string, v interface{}) (*EncryptedRaw, error)
Encrypt is a package level API that wraps shared Encryptor.Encrypt
func ParseEncryptedRaw ¶
func ParseEncryptedRaw(text string) (ret *EncryptedRaw, err error)
func (EncryptedRaw) GormDataType ¶
func (EncryptedRaw) GormDataType() string
GormDataType implements schema.GormDataTypeInterface
func (*EncryptedRaw) Scan ¶
func (d *EncryptedRaw) Scan(src interface{}) error
Scan implements sql.Scanner
func (*EncryptedRaw) UnmarshalTextV1 ¶
func (d *EncryptedRaw) UnmarshalTextV1(text []byte) error
UnmarshalTextV1 deserialize V1 format of text
type Encryptor ¶
type Encryptor interface {
// Encrypt encrypt given "v" and populate EncryptedRaw.Raw
// The process may read EncryptedRaw.Alg and EncryptedRaw.KeyID and update EncryptedRaw.Ver
Encrypt(ctx context.Context, kid string, v interface{}) (*EncryptedRaw, error)
// Decrypt reads EncryptedRaw and populate the decrypted data into given "v"
// if v is not pointer type, this method may return error
Decrypt(ctx context.Context, raw *EncryptedRaw, dest interface{}) error
// KeyOperations returns an object that operates on keys.
// depending on configurations, this method may returns no-op impl, but never nil
KeyOperations() KeyOperations
}
type KeyOperations ¶
type KeyOperations interface {
// Create create keys with given key ID.
// Note: KeyOptions is for future support, it's currently ignored
Create(ctx context.Context, kid string, opts ...KeyOptions) error
}
type KeyOptions ¶
type KeyOptions func(opt *keyOption)
type KeyProperties ¶
type KeyType ¶
type KeyType string
func (*KeyType) UnmarshalText ¶
UnmarshalText implements encoding.TextUnmarshaler
type Version ¶
type Version int
func (*Version) UnmarshalJSON ¶
UnmarshalJSON implements json.Unmarshaler with V1 support
func (*Version) UnmarshalText ¶
UnmarshalText implements encoding.TextUnmarshaler
Source Files
Click to show internal directories.
Click to hide internal directories.