envencrypt

package
v0.5.0-1a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 31, 2026 License: MIT Imports: 7 Imported by: 0

Documentation

Overview

Package envencrypt holds unobin's built-in encrypters.

The Encrypter contract lives in pkg/sdk/encrypt so provider libraries can register their own implementations. This package implements the env-key encrypter and the no-op pass-through. The core library registers them under runtime.Library.Encrypters.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type EnvKey 

type EnvKey struct {
	// contains filtered or unexported fields
}

EnvKey uses AES-256-GCM with a 32 byte symmetric key read from a named environment variable. The env value must be the base64-encoded key.

func NewEnvKey 

func NewEnvKey(envVar string) (*EnvKey, error)

NewEnvKey reads the env var, decodes the key, and returns an EnvKey encrypter. Errors when the env var is unset, not base64, or does not decode to 32 bytes.

func (*EnvKey) Decrypt 

func (e *EnvKey) Decrypt(ciphertext []byte) ([]byte, error)

Decrypt opens a value produced by Encrypt. Errors on tampered or truncated bytes.

func (*EnvKey) Encrypt 

func (e *EnvKey) Encrypt(plaintext []byte) ([]byte, error)

Encrypt seals plaintext with a fresh random nonce. Output bytes are `nonce || ciphertext+tag`.

type Noop 

type Noop struct{}

Noop passes bytes through unchanged. Useful in tests and for dev workflows where the operator has explicitly opted out of encryption.

func (Noop) Decrypt 

func (Noop) Decrypt(p []byte) ([]byte, error)

func (Noop) Encrypt 

func (Noop) Encrypt(p []byte) ([]byte, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.