encryption

package

v0.1.0-debug.0 Latest Latest Go to latest Published: Mar 22, 2025 License: MIT Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/hatchet-dev/hatchet

Links

Open Source Insights

Documentation ¶

Index ¶

func GenerateJWTKeysetsFromCloudKMS(keyUri string, credentialsJSON []byte) (privateEc256 []byte, publicEc256 []byte, err error)
func GenerateLocalKeys() (masterKey []byte, privateEc256 []byte, publicEc256 []byte, err error)
func NewCloudKMSEncryption(keyUri string, credentialsJSON, privateEc256, publicEc256 []byte) (*cloudkmsEncryptionService, error)
func NewLocalEncryption(masterKey []byte, privateEc256 []byte, publicEc256 []byte) (*localEncryptionService, error)
type EncryptionService

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GenerateJWTKeysetsFromCloudKMS ¶

func GenerateJWTKeysetsFromCloudKMS(keyUri string, credentialsJSON []byte) (privateEc256 []byte, publicEc256 []byte, err error)

func GenerateLocalKeys ¶

func GenerateLocalKeys() (masterKey []byte, privateEc256 []byte, publicEc256 []byte, err error)

func NewCloudKMSEncryption ¶

func NewCloudKMSEncryption(keyUri string, credentialsJSON, privateEc256, publicEc256 []byte) (*cloudkmsEncryptionService, error)

NewCloudKMSEncryption creates a GCP CloudKMS-backed encryption service.

func NewLocalEncryption ¶

func NewLocalEncryption(masterKey []byte, privateEc256 []byte, publicEc256 []byte) (*localEncryptionService, error)

NewLocalEncryption creates a new local encryption service. keysetBytes is the raw keyset in base64-encoded JSON format. This can be generated by calling hatchet-admin keyset create-local.

Types ¶

type EncryptionService ¶

type EncryptionService interface {
	// Encrypt encrypts the given plaintext with the given data id. The data id is used to
	// associate the ciphertext with the data in the database.
	// For more information, see: https://developers.google.com/tink/client-side-encryption#kms_envelope_aead
	Encrypt(plaintext []byte, dataId string) ([]byte, error)

	// Decrypt decrypts the given ciphertext with the given data id. The data id is used to
	// associate the ciphertext with the data in the database.
	// For more information, see: https://developers.google.com/tink/client-side-encryption#kms_envelope_aead
	Decrypt(ciphertext []byte, dataId string) ([]byte, error)

	// EncryptString encrypts a string using base64 internally
	EncryptString(plaintext string, dataId string) (string, error)

	// DecryptString decrypts a string using base64 internally
	DecryptString(ciphertext string, dataId string) (string, error)

	// GetPrivateJWTHandle returns a private JWT handle. This is used to sign JWTs.
	GetPrivateJWTHandle() *keyset.Handle

	// GetPublicJWTHandle returns a public JWT handle. This is used to verify JWTs.
	GetPublicJWTHandle() *keyset.Handle
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL