Documentation
¶
Index ¶
- Variables
- type DataEncryption
- type KeyEntry
- type KeyFilter
- type KeyManager
- func (km *KeyManager) Decrypt(ctx context.Context, keyID string, ciphertext []byte) ([]byte, error)
- func (km *KeyManager) DecryptString(ctx context.Context, keyID string, ciphertext string) (string, error)
- func (km *KeyManager) Encrypt(ctx context.Context, keyID string, plaintext []byte) ([]byte, error)
- func (km *KeyManager) EncryptString(ctx context.Context, keyID string, plaintext string) (string, error)
- func (km *KeyManager) GenerateKey(ctx context.Context, keyType KeyType, purpose KeyPurpose, opts ...KeyOption) (*KeyMetadata, error)
- func (km *KeyManager) GetActiveKey(ctx context.Context, purpose KeyPurpose) (*KeyEntry, error)
- func (km *KeyManager) GetKey(ctx context.Context, id string) (*KeyEntry, error)
- func (km *KeyManager) ListKeys(ctx context.Context, filter KeyFilter) ([]*KeyMetadata, error)
- func (km *KeyManager) RevokeKey(ctx context.Context, id string, reason string) error
- func (km *KeyManager) RotateKey(ctx context.Context, id string) (*KeyMetadata, error)
- func (km *KeyManager) SetNotifier(notifier KeyRotationNotifier)
- func (km *KeyManager) StartRotation(interval time.Duration) *RotationJob
- type KeyMetadata
- type KeyOption
- type KeyPurpose
- type KeyRotationNotifier
- type KeyState
- type KeyStore
- type KeyType
- type MemoryKeyStore
- func (s *MemoryKeyStore) Create(entry *KeyEntry) error
- func (s *MemoryKeyStore) Delete(id string) error
- func (s *MemoryKeyStore) Get(id string) (*KeyEntry, error)
- func (s *MemoryKeyStore) GetActiveKey(purpose KeyPurpose) (*KeyEntry, error)
- func (s *MemoryKeyStore) List(filter KeyFilter) ([]*KeyMetadata, error)
- func (s *MemoryKeyStore) Update(entry *KeyEntry) error
- type RotationJob
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrKeyNotFound = errors.New("key not found") ErrKeyExpired = errors.New("key has expired") ErrKeyNotActive = errors.New("key is not active") ErrInvalidKey = errors.New("invalid key") ErrRotationFailed = errors.New("key rotation failed") ErrEncryptionFailed = errors.New("encryption failed") ErrDecryptionFailed = errors.New("decryption failed") )
Key management errors
Functions ¶
This section is empty.
Types ¶
type DataEncryption ¶
type DataEncryption struct {
// contains filtered or unexported fields
}
DataEncryption provides high-level data encryption utilities
func NewDataEncryption ¶
func NewDataEncryption(km *KeyManager, keyID string) *DataEncryption
NewDataEncryption creates a new data encryption helper
func (*DataEncryption) DecryptMap ¶
func (de *DataEncryption) DecryptMap(ctx context.Context, data map[string]interface{}) (map[string]interface{}, error)
DecryptMap decrypts a map of encrypted data
func (*DataEncryption) EncryptMap ¶
func (de *DataEncryption) EncryptMap(ctx context.Context, data map[string]interface{}) (map[string]interface{}, error)
EncryptMap encrypts a map of sensitive data
type KeyEntry ¶
type KeyEntry struct {
Metadata KeyMetadata `json:"metadata"`
Key []byte `json:"key"` // Encrypted key material
IV []byte `json:"iv,omitempty"`
Nonce []byte `json:"nonce,omitempty"`
}
KeyEntry represents a stored key with its metadata
type KeyFilter ¶
type KeyFilter struct {
Purpose KeyPurpose
State KeyState
Type KeyType
}
KeyFilter for filtering keys
type KeyManager ¶
type KeyManager struct {
// contains filtered or unexported fields
}
KeyManager manages encryption keys
func NewKeyManager ¶
func NewKeyManager(store KeyStore, masterKey []byte) *KeyManager
NewKeyManager creates a new key manager
func (*KeyManager) DecryptString ¶
func (km *KeyManager) DecryptString(ctx context.Context, keyID string, ciphertext string) (string, error)
DecryptString decrypts a base64 encoded string
func (*KeyManager) EncryptString ¶
func (km *KeyManager) EncryptString(ctx context.Context, keyID string, plaintext string) (string, error)
EncryptString encrypts a string and returns base64 encoded ciphertext
func (*KeyManager) GenerateKey ¶
func (km *KeyManager) GenerateKey(ctx context.Context, keyType KeyType, purpose KeyPurpose, opts ...KeyOption) (*KeyMetadata, error)
GenerateKey generates a new key
func (*KeyManager) GetActiveKey ¶
func (km *KeyManager) GetActiveKey(ctx context.Context, purpose KeyPurpose) (*KeyEntry, error)
GetActiveKey gets the current active key for a purpose
func (*KeyManager) ListKeys ¶
func (km *KeyManager) ListKeys(ctx context.Context, filter KeyFilter) ([]*KeyMetadata, error)
ListKeys lists keys with optional filtering
func (*KeyManager) RotateKey ¶
func (km *KeyManager) RotateKey(ctx context.Context, id string) (*KeyMetadata, error)
RotateKey rotates a key
func (*KeyManager) SetNotifier ¶
func (km *KeyManager) SetNotifier(notifier KeyRotationNotifier)
SetNotifier sets the key rotation notifier
func (*KeyManager) StartRotation ¶
func (km *KeyManager) StartRotation(interval time.Duration) *RotationJob
StartRotation starts the automatic key rotation job
type KeyMetadata ¶
type KeyMetadata struct {
ID string `json:"id"`
Name string `json:"name"`
Type KeyType `json:"type"`
Purpose KeyPurpose `json:"purpose"`
State KeyState `json:"state"`
Version int `json:"version"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
ExpiresAt *time.Time `json:"expires_at,omitempty"`
RotatedAt *time.Time `json:"rotated_at,omitempty"`
RotatedFrom string `json:"rotated_from,omitempty"`
RotationDays int `json:"rotation_days,omitempty"`
Labels map[string]string `json:"labels,omitempty"`
CreatedBy string `json:"created_by"`
Description string `json:"description,omitempty"`
}
KeyMetadata contains metadata about a key
type KeyOption ¶
type KeyOption func(*KeyMetadata)
KeyOption is a function that modifies key metadata
func WithCreatedBy ¶
WithCreatedBy sets who created the key
func WithDescription ¶
WithDescription sets the key description
func WithExpiration ¶
WithExpiration sets the key expiration
func WithLabels ¶
WithLabels sets the key labels
type KeyPurpose ¶
type KeyPurpose string
KeyPurpose defines the purpose of a key
const ( PurposeEncryption KeyPurpose = "encryption" PurposeSigning KeyPurpose = "signing" PurposeVerification KeyPurpose = "verification" PurposeDerivation KeyPurpose = "derivation" )
type KeyRotationNotifier ¶
type KeyRotationNotifier interface {
OnKeyRotated(ctx context.Context, oldKey, newKey *KeyMetadata)
OnKeyExpiring(ctx context.Context, key *KeyMetadata, daysRemaining int)
}
KeyRotationNotifier interface for key rotation notifications
type KeyStore ¶
type KeyStore interface {
Create(entry *KeyEntry) error
Get(id string) (*KeyEntry, error)
Update(entry *KeyEntry) error
Delete(id string) error
List(filter KeyFilter) ([]*KeyMetadata, error)
GetActiveKey(purpose KeyPurpose) (*KeyEntry, error)
}
KeyStore interface for key persistence
type MemoryKeyStore ¶
type MemoryKeyStore struct {
// contains filtered or unexported fields
}
MemoryKeyStore is an in-memory key store for testing
func NewMemoryKeyStore ¶
func NewMemoryKeyStore() *MemoryKeyStore
NewMemoryKeyStore creates a new memory key store
func (*MemoryKeyStore) Create ¶
func (s *MemoryKeyStore) Create(entry *KeyEntry) error
func (*MemoryKeyStore) Delete ¶
func (s *MemoryKeyStore) Delete(id string) error
func (*MemoryKeyStore) GetActiveKey ¶
func (s *MemoryKeyStore) GetActiveKey(purpose KeyPurpose) (*KeyEntry, error)
func (*MemoryKeyStore) List ¶
func (s *MemoryKeyStore) List(filter KeyFilter) ([]*KeyMetadata, error)
func (*MemoryKeyStore) Update ¶
func (s *MemoryKeyStore) Update(entry *KeyEntry) error
type RotationJob ¶
type RotationJob struct {
// contains filtered or unexported fields
}
RotationJob handles automatic key rotation
Source Files
Click to show internal directories.
Click to hide internal directories.