security

package
v0.1.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 1, 2026 License: MIT Imports: 4 Imported by: 0

Documentation

Overview

Package security provides shared security primitives for gokit modules.

It includes TLS configuration and certificate handling that can be reused across HTTP, gRPC, Kafka, and other transport modules.

TLS Configuration

cfg := security.TLSConfig{
    CAFile:   "/path/to/ca.pem",
    CertFile: "/path/to/cert.pem",
    KeyFile:  "/path/to/key.pem",
}

tlsConfig, err := cfg.Build()

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type TLSConfig

type TLSConfig struct {
	// SkipVerify disables server certificate verification.
	// Not recommended for production.
	SkipVerify bool `yaml:"skip_verify" mapstructure:"skip_verify"`

	// CAFile is the path to the CA certificate file for verifying the server.
	CAFile string `yaml:"ca_file" mapstructure:"ca_file"`

	// CertFile is the path to the client TLS certificate file (for mTLS).
	CertFile string `yaml:"cert_file" mapstructure:"cert_file"`

	// KeyFile is the path to the client TLS key file (for mTLS).
	KeyFile string `yaml:"key_file" mapstructure:"key_file"`

	// ServerName overrides the server name used for certificate verification.
	ServerName string `yaml:"server_name" mapstructure:"server_name"`

	// MinVersion is the minimum TLS version (e.g., tls.VersionTLS12).
	// Defaults to TLS 1.2 if not set.
	MinVersion uint16 `yaml:"min_version" mapstructure:"min_version"`
}

TLSConfig holds TLS settings shared across gokit modules. Used by httpclient, grpc, kafka, discovery, and other transport layers.

func (*TLSConfig) Build

func (c *TLSConfig) Build() (*tls.Config, error)

Build creates a *tls.Config from the configuration. Returns nil if no TLS settings are configured (all fields are zero values).

func (*TLSConfig) IsEnabled

func (c *TLSConfig) IsEnabled() bool

IsEnabled returns true if any TLS setting is configured.

func (*TLSConfig) Validate

func (c *TLSConfig) Validate() error

Validate checks that the TLS configuration is consistent.

Directories

Path Synopsis
Package tlstest provides TLS certificate generation for testing.
Package tlstest provides TLS certificate generation for testing.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL