Documentation
¶
Overview ¶
Package keycrypt implements an API for storing and retrieving opaque blobs of data stored in a secure fashion. Keycrypt multiplexes several backends, both local (e.g., macOS Keychain) and remote (e.g., AWS's KMS and S3).
Index ¶
- Variables
- func Get(rawurl string) ([]byte, error)
- func GetJSON(s Secret, v interface{}) error
- func Put(rawurl string, data []byte) error
- func PutJSON(s Secret, v interface{}) error
- func Register(scheme string, resolver Resolver)
- func RegisterFunc(scheme string, f func(string) Keycrypt)
- type Keycrypt
- type Resolver
- type Secret
Constants ¶
This section is empty.
Variables ¶
var ErrNoSuchSecret = errors.New("no such secret")
Functions ¶
func RegisterFunc ¶
RegisterFunc associates a Resolver (given by a func) with a scheme.
Types ¶
type Keycrypt ¶
type Keycrypt interface {
// Look up the named secret. A secret is returned even if it does
// not yet exist. In this case, Secret.Get will return
// ErrNoSuchSecret.
Lookup(name string) Secret
}
Interface Keycrypt represents a secure secret storage.
type Resolver ¶
func ResolverFunc ¶
type Secret ¶
type Secret interface {
// Retrieve the current value of this secret. If the secret does not
// exist, Get returns ErrNoSuchSecret.
Get() ([]byte, error)
// Write a new value for this secret.
Put([]byte) error
}
Secret represents a single object. Secret objects are uninterpreted bytes that are stored securely.
func Lookup ¶
Lookup retrieves a secret based on a URL, in the standard form: scheme://host/path. The URL is interpreted according to the Resolver registered with the given scheme. The scheme "local" is a special scheme that attempts known local storage schemes: first "keychain", and then "file".
func Nonexistent ¶
func Nonexistent() Secret
Source Files
Directories