envelope

package
v1.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 10, 2026 License: Apache-2.0 Imports: 2 Imported by: 0

Documentation

Overview

Package envelope provides types and interfaces for envelope encryption.

Envelope encryption combines asymmetric and symmetric cryptography to efficiently encrypt data. The Encryptor interface defines the encryption operation, returning data in JWE (JSON Web Encryption) format as defined in RFC 7516.

Implementations are available in subpackages:

  • internal/envelope/rsa: RSA-OAEP-256 + AES-256-GCM using JWE

See subpackage documentation for usage examples.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type EncryptedData 

type EncryptedData struct {
	// Data contains the encrypted payload
	Data []byte `json:"data"`
	// Type indicates the encryption format (e.g., "JWE-RSA")
	Type string `json:"type"`
}

EncryptedData represents encrypted data along with metadata about the encryption type.

func (*EncryptedData) ToMap 

func (ed *EncryptedData) ToMap() map[string]any

ToMap converts the EncryptedData struct to a map representation. Since we store data as an "_encryptedData" field in a Kubernetes unstructured object, passing a raw struct would cause a panic due to the behaviour of https://pkg.go.dev/k8s.io/apimachinery/pkg/runtime#DeepCopyJSONValue Passing a map to unstructured.SetNestedField avoids this issue.

type Encryptor 

type Encryptor interface {
	// Encrypt encrypts data using envelope encryption, returning an EncryptedData struct
	// containing the encrypted payload and encryption type metadata.
	Encrypt(ctx context.Context, data []byte) (*EncryptedData, error)
}

Encryptor performs envelope encryption on arbitrary data.

Source Files

View all Source files

Directories

Path Synopsis
Package keyfetch provides a client for fetching encryption keys from an HTTP endpoint.
 Package keyfetch provides a client for fetching encryption keys from an HTTP endpoint.
Package rsa implements RSA envelope encryption using JWE (JSON Web Encryption) format.
 Package rsa implements RSA envelope encryption using JWE (JSON Web Encryption) format.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.