Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrDataKeyNotFound = errors.New("data key not found")
Functions ¶
This section is empty.
Types ¶
type BackgroundProvider ¶
BackgroundProvider should be implemented for a provider that has a task that needs to be run in the background.
type EncryptionOptions ¶
type EncryptionOptions func() string
func WithScope ¶
func WithScope(scope string) EncryptionOptions
WithScope uses a data key for encryption bound to some specific scope (i.e., user, org, etc.). Scope should look like "user:10", "org:1".
func WithoutScope ¶
func WithoutScope() EncryptionOptions
WithoutScope uses a root level data key for encryption (DEK), in other words this DEK is not bound to any specific scope (not attached to any user, org, etc.).
type Provider ¶
type Provider interface { Encrypt(ctx context.Context, blob []byte) ([]byte, error) Decrypt(ctx context.Context, blob []byte) ([]byte, error) }
Provider is a key encryption key provider for envelope encryption
type ProviderID ¶
type ProviderID string
func (ProviderID) Kind ¶
func (id ProviderID) Kind() (string, error)
type Service ¶
type Service interface { // Encrypt MUST NOT be used within database transactions, it may cause database locks. // For those specific use cases where the encryption operation cannot be moved outside // the database transaction, look at database-specific methods present at the specific // implementation present at manager.SecretsService. Encrypt(ctx context.Context, payload []byte, opt EncryptionOptions) ([]byte, error) Decrypt(ctx context.Context, payload []byte) ([]byte, error) // EncryptJsonData MUST NOT be used within database transactions. // Look at Encrypt method comment for further details. EncryptJsonData(ctx context.Context, kv map[string]string, opt EncryptionOptions) (map[string][]byte, error) DecryptJsonData(ctx context.Context, sjd map[string][]byte) (map[string]string, error) GetDecryptedValue(ctx context.Context, sjd map[string][]byte, key, fallback string) string ReEncryptDataKeys(ctx context.Context) error }
Service is an envelope encryption service in charge of encrypting/decrypting secrets. It is a replacement for encryption.Service
type Store ¶
type Store interface { GetDataKey(ctx context.Context, name string) (*DataKey, error) GetAllDataKeys(ctx context.Context) ([]*DataKey, error) CreateDataKey(ctx context.Context, dataKey DataKey) error CreateDataKeyWithDBSession(ctx context.Context, dataKey DataKey, sess *xorm.Session) error DeleteDataKey(ctx context.Context, name string) error ReEncryptDataKeys(ctx context.Context, providers map[ProviderID]Provider, currProvider ProviderID) error }
Store defines methods to interact with secrets storage