envencrypt

package
v0.6.0-24a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 10, 2026 License: MIT Imports: 7 Imported by: 0

Documentation

Overview

Package envencrypt holds unobin's built-in encrypters.

The Encrypter contract lives in pkg/sdk/encrypt. This package implements the env-key encrypter and the no-op pass-through; pkg/backends puts them in the fixed set an operator selects by name.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type EnvKey 

type EnvKey struct {
	// contains filtered or unexported fields
}

EnvKey uses AES-256-GCM with a 32 byte symmetric key read from a named environment variable. The env value must be the base64-encoded key.

func NewEnvKey 

func NewEnvKey(envVar string) (*EnvKey, error)

NewEnvKey reads the env var, decodes the key, and returns an EnvKey encrypter. Errors when the env var is unset, not base64, or does not decode to 32 bytes.

func (*EnvKey) Decrypt 

func (e *EnvKey) Decrypt(ciphertext []byte) ([]byte, error)

Decrypt opens a value produced by Encrypt. Errors on tampered or truncated bytes.

func (*EnvKey) Encrypt 

func (e *EnvKey) Encrypt(plaintext []byte) ([]byte, error)

Encrypt seals plaintext with a fresh random nonce. Output bytes are `nonce || ciphertext+tag`.

type Noop 

type Noop struct{}

Noop passes bytes through unchanged. Useful in tests and for dev workflows where the operator has explicitly opted out of encryption.

func (Noop) Decrypt 

func (Noop) Decrypt(p []byte) ([]byte, error)

func (Noop) Encrypt 

func (Noop) Encrypt(p []byte) ([]byte, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.