secrets

package
v0.115.0-nightly Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 20, 2026 License: AGPL-3.0 Imports: 9 Imported by: 0

Documentation

Overview

Package secrets provides application-level encryption for sensitive data stored in RQLite. Uses AES-256-GCM with HKDF key derivation from the cluster secret.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Decrypt 

func Decrypt(ciphertext string, key []byte) (string, error)

Decrypt decrypts an "enc:"-prefixed ciphertext string with AES-256-GCM. If the input is not prefixed with "enc:", it is returned as-is (plaintext passthrough for backward compatibility during migration).

func DeriveKey 

func DeriveKey(clusterSecret, purpose string) ([]byte, error)

DeriveKey derives a 32-byte AES-256 key from the cluster secret using HKDF-SHA256. The purpose string provides domain separation (e.g., "turn-encryption").

func Encrypt 

func Encrypt(plaintext string, key []byte) (string, error)

Encrypt encrypts plaintext with AES-256-GCM using the given key. Returns a base64-encoded string prefixed with "enc:" for identification.

func IsEncrypted 

func IsEncrypted(value string) bool

IsEncrypted returns true if the value has the "enc:" prefix.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.