encryption

package
v0.36.9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 14, 2024 License: MIT Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GenerateJWTKeysetsFromCloudKMS

func GenerateJWTKeysetsFromCloudKMS(keyUri string, credentialsJSON []byte) (privateEc256 []byte, publicEc256 []byte, err error)

func GenerateLocalKeys

func GenerateLocalKeys() (masterKey []byte, privateEc256 []byte, publicEc256 []byte, err error)

func NewCloudKMSEncryption

func NewCloudKMSEncryption(keyUri string, credentialsJSON, privateEc256, publicEc256 []byte) (*cloudkmsEncryptionService, error)

NewCloudKMSEncryption creates a GCP CloudKMS-backed encryption service.

func NewLocalEncryption

func NewLocalEncryption(masterKey []byte, privateEc256 []byte, publicEc256 []byte) (*localEncryptionService, error)

NewLocalEncryption creates a new local encryption service. keysetBytes is the raw keyset in base64-encoded JSON format. This can be generated by calling hatchet-admin keyset create-local.

Types

type EncryptionService

type EncryptionService interface {
	// Encrypt encrypts the given plaintext with the given data id. The data id is used to
	// associate the ciphertext with the data in the database.
	// For more information, see: https://developers.google.com/tink/client-side-encryption#kms_envelope_aead
	Encrypt(plaintext []byte, dataId string) ([]byte, error)

	// Decrypt decrypts the given ciphertext with the given data id. The data id is used to
	// associate the ciphertext with the data in the database.
	// For more information, see: https://developers.google.com/tink/client-side-encryption#kms_envelope_aead
	Decrypt(ciphertext []byte, dataId string) ([]byte, error)

	// EncryptString encrypts a string using base64 internally
	EncryptString(plaintext string, dataId string) (string, error)

	// DecryptString decrypts a string using base64 internally
	DecryptString(ciphertext string, dataId string) (string, error)

	// GetPrivateJWTHandle returns a private JWT handle. This is used to sign JWTs.
	GetPrivateJWTHandle() *keyset.Handle

	// GetPublicJWTHandle returns a public JWT handle. This is used to verify JWTs.
	GetPublicJWTHandle() *keyset.Handle
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL