secret

package
v0.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 4, 2022 License: AGPL-3.0 Imports: 13 Imported by: 0

Documentation

Overview

Package secret provides abstractions for storing data securely when possible.

Index

Constants

This section is empty.

Variables

View Source 
var ErrIncorrectPassword = errors.New("incorrect password")

ErrIncorrectPassword is returned if the provided user password does not match what is on disk.

View Source 
var ErrNotFound = errors.New("key not found")

ErrNotFound is returned for unknown keys.

View Source 
var ErrUnsupportedPlatform = keyring.ErrUnsupportedPlatform

Functions

func PathIsEncrypted 

func PathIsEncrypted(path string) bool

PathIsEncrypted returns true if the given path is encrypted. It is the caller's responsibility to use SaltedFileDriver or EncryptedFileDriver on the same path.

In some cases, false will be returned if the status of encryption cannot be determined. In this case, when EncryptedFileDriver is used, storing will be errored out.

Types

type Driver 

type Driver interface {
	Get(string) ([]byte, error)
	Set(string, []byte) error
}

Driver is a basic getter-setter interface that describes a secret driver.

type EncryptedFile 

type EncryptedFile struct {
	// contains filtered or unexported fields
}

EncryptedFile is an implementation of a secret driver that encrypts the value stored using a generated salt. When created, EncryptedFileDriver should be used over SaltedFileDriver.

func EncryptedFileDriver 

func EncryptedFileDriver(passphrase, path string) *EncryptedFile

EncryptedFileDriver creates a new encrypted file driver with the given passphrase. The passphrase is hashed and compared with an existing one, or it will be used if there is none.

func SaltedFileDriver 

func SaltedFileDriver(path string) *EncryptedFile

SaltedFileDriver creates a new encrypted file driver with a generated passphrase. The .salt file is solely used as the hashing input, so the algorithm will trip without it. One way to completely lock out accounts encrypted with it is to move the file somewhere else.

func (*EncryptedFile) Get 

func (s *EncryptedFile) Get(key string) ([]byte, error)

func (*EncryptedFile) Set 

func (s *EncryptedFile) Set(key string, value []byte) error

type Keyring 

type Keyring struct {
	// contains filtered or unexported fields
}

Keyring is an implementation of a secret driver using the system's keyring driver.

func KeyringDriver 

func KeyringDriver(appID string) *Keyring

KeyringDriver creates a new keyring driver.

func (*Keyring) Get 

func (k *Keyring) Get(key string) ([]byte, error)

Get gets the key.

func (*Keyring) Set 

func (k *Keyring) Set(key string, value []byte) error

Set sets the key.

type Service 

type Service struct {
	// contains filtered or unexported fields
}

Service wraps multiple drivers to provide fallbacks.

func New 

func New(drivers ...Driver) Service

New creates a new service.

func (Service) Get 

func (s Service) Get(k string) ([]byte, error)

Get gets the given key from the internal list of drivers. The first error is returned.

func (Service) Set 

func (s Service) Set(k string, v []byte) error

Set sets the given key and value into the internal list of drivers. The first successful driver is used, and only the first error is returned.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.