passphrase

package

v0.6.0 Latest Latest Go to latest Published: Mar 17, 2026 License: MIT Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/langoai/lango

Links

Documentation ¶

Index ¶

func ReadKeyfile(path string) (string, error)
func ReadStdinPipe() (string, error)
func ShredKeyfile(path string) error
func ValidatePermissions(path string) error
func WriteKeyfile(path, passphrase string) error
type Options
type Source
- func Acquire(opts Options) (string, Source, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ReadKeyfile ¶

func ReadKeyfile(path string) (string, error)

ReadKeyfile reads the passphrase from a keyfile, validating file permissions. Returns the passphrase with trailing whitespace trimmed.

func ReadStdinPipe ¶

func ReadStdinPipe() (string, error)

ReadStdinPipe reads a single line from non-terminal stdin. Returns an error if the line is empty after trimming.

func ShredKeyfile ¶

func ShredKeyfile(path string) error

ShredKeyfile overwrites the keyfile content with zeros, syncs to disk, and removes it. Returns nil if the file does not exist (idempotent).

func ValidatePermissions ¶

func ValidatePermissions(path string) error

ValidatePermissions checks that the file has exactly 0600 permissions.

func WriteKeyfile ¶

func WriteKeyfile(path, passphrase string) error

WriteKeyfile creates a keyfile with 0600 permissions. Parent directories are created with 0700 permissions if needed.

Types ¶

type Options ¶

type Options struct {
	KeyfilePath     string           // default: ~/.lango/keyfile
	AllowCreation   bool             // if true, prompt for confirmation on new passphrase
	KeyringProvider keyring.Provider // if non-nil, try secure keyring first (biometric/TPM)
}

Options configures passphrase acquisition behavior.

type Source ¶

type Source int

Source represents how the passphrase was obtained.

const (
	SourceKeyfile     Source = iota // from ~/.lango/keyfile
	SourceInteractive               // from interactive terminal prompt
	SourceStdin                     // from piped stdin
	SourceKeyring                   // from hardware keyring (Touch ID / TPM)
)

func Acquire ¶

func Acquire(opts Options) (string, Source, error)

Acquire obtains a passphrase from the highest-priority available source. Priority: keyring -> keyfile -> interactive terminal -> stdin pipe -> error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL