Documentation
¶
Overview ¶
Package security provides shared security primitives for gokit modules.
It includes TLS configuration and certificate handling that can be reused across HTTP, gRPC, Kafka, and other transport modules.
TLS Configuration ¶
cfg := security.TLSConfig{
CAFile: "/path/to/ca.pem",
CertFile: "/path/to/cert.pem",
KeyFile: "/path/to/key.pem",
}
tlsConfig, err := cfg.Build()
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type TLSConfig ¶
type TLSConfig struct {
// SkipVerify disables server certificate verification.
// Not recommended for production.
SkipVerify bool `yaml:"skip_verify" mapstructure:"skip_verify"`
// CAFile is the path to the CA certificate file for verifying the server.
CAFile string `yaml:"ca_file" mapstructure:"ca_file"`
// CertFile is the path to the client TLS certificate file (for mTLS).
CertFile string `yaml:"cert_file" mapstructure:"cert_file"`
// KeyFile is the path to the client TLS key file (for mTLS).
KeyFile string `yaml:"key_file" mapstructure:"key_file"`
// ServerName overrides the server name used for certificate verification.
ServerName string `yaml:"server_name" mapstructure:"server_name"`
// MinVersion is the minimum TLS version (e.g., tls.VersionTLS12).
// Defaults to TLS 1.2 if not set.
MinVersion uint16 `yaml:"min_version" mapstructure:"min_version"`
}
TLSConfig holds TLS settings shared across gokit modules. Used by httpclient, grpc, kafka, discovery, and other transport layers.
func (*TLSConfig) Build ¶
Build creates a *tls.Config from the configuration. Returns nil if no TLS settings are configured (all fields are zero values).
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.