domain

package

v0.8.0 Latest Latest Go to latest Published: Feb 20, 2026 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/allisson/secrets

Links

Open Source Insights

Documentation ¶

Overview ¶

Package domain defines transit encryption domain models and errors.

Index ¶

Variables
type EncryptedBlob
- func NewEncryptedBlob(content string) (EncryptedBlob, error)
- func (eb EncryptedBlob) String() string
type TransitKey

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrInvalidBlobFormat indicates the encrypted blob format is invalid.
	ErrInvalidBlobFormat = errors.Wrap(errors.ErrInvalidInput, "invalid encrypted blob format")

	// ErrInvalidBlobVersion indicates the version string cannot be parsed.
	ErrInvalidBlobVersion = errors.Wrap(errors.ErrInvalidInput, "invalid encrypted blob version")

	// ErrInvalidBlobBase64 indicates the ciphertext is not valid base64.
	ErrInvalidBlobBase64 = errors.Wrap(errors.ErrInvalidInput, "invalid encrypted blob base64")

	// ErrTransitKeyNotFound indicates the transit key was not found.
	ErrTransitKeyNotFound = errors.Wrap(errors.ErrNotFound, "transit key not found")

	// ErrTransitKeyAlreadyExists indicates a transit key with the same name and version already exists.
	ErrTransitKeyAlreadyExists = errors.Wrap(errors.ErrConflict, "transit key already exists")
)

Transit encryption error definitions.

These domain-specific errors wrap standard errors from internal/errors to provide context for transit encryption failures.

Functions ¶

This section is empty.

Types ¶

type EncryptedBlob ¶

type EncryptedBlob struct {
	Version    uint   // Transit key version used for encryption
	Ciphertext []byte // Encrypted data
	Plaintext  []byte // In memory only
}

EncryptedBlob represents an encrypted data blob with version and ciphertext. Format: "version:ciphertext-base64"

func NewEncryptedBlob ¶

func NewEncryptedBlob(content string) (EncryptedBlob, error)

NewEncryptedBlob creates an EncryptedBlob from string format "version:ciphertext-base64".

func (EncryptedBlob) String ¶

func (eb EncryptedBlob) String() string

String serializes the EncryptedBlob to format "version:ciphertext-base64".

type TransitKey ¶

type TransitKey struct {
	ID        uuid.UUID
	Name      string
	Version   uint
	DekID     uuid.UUID
	CreatedAt time.Time
	DeletedAt *time.Time
}

TransitKey represents a versioned encryption key for transit encryption operations. Supports key rotation by maintaining multiple versions with the same name. The active version (highest number) is used for encryption while older versions remain available for decryption. Soft deletion via DeletedAt field preserves keys for historical decryption.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL