Documentation
¶
Index ¶
- Variables
- func DecodeKey(encodedKey string) ([]byte, error)
- func EncodeKey(key []byte) string
- func GenerateKey() ([]byte, error)
- type Credential
- func CredentialFromConfig(cfg CredentialConfig, encryptionKey []byte, allowEmpty bool) (*Credential, error)
- func CredentialFromEnv(envName string, encryptionKey []byte, allowEmpty bool) (*Credential, error)
- func CredentialFromFile(filename string, encryptionKey []byte, allowEmpty bool) (*Credential, error)
- func NewCredential(plaintext string, encryptionKey []byte, allowEmpty bool) (*Credential, error)
- type CredentialConfig
- type DefaultCredentialConfig
Constants ¶
This section is empty.
Variables ¶
Functions ¶
func GenerateKey ¶
GenerateKey generates a random 32-byte key for AES-256
Types ¶
type Credential ¶
type Credential struct {
// contains filtered or unexported fields
}
Credential stores sensitive information (like passwords) in encrypted form in memory
func CredentialFromConfig ¶
func CredentialFromConfig(cfg CredentialConfig, encryptionKey []byte, allowEmpty bool) (*Credential, error)
CredentialFromConfig attempts to parse credentials from a CredentialConfig struct if no valid credentials found, returns error; if environment var is used, it is read only once and then overwritten with an empty value
func CredentialFromEnv ¶
func CredentialFromEnv(envName string, encryptionKey []byte, allowEmpty bool) (*Credential, error)
CredentialFromEnv creates a Credential from an environment variable
func CredentialFromFile ¶
func CredentialFromFile(filename string, encryptionKey []byte, allowEmpty bool) (*Credential, error)
CredentialFromFile creates a Credential from a secrets file
func NewCredential ¶
func NewCredential(plaintext string, encryptionKey []byte, allowEmpty bool) (*Credential, error)
NewCredential creates a new secure credential container The encryption key should be unique per application instance You can use env variables, hardware tokens, etc. as the source of the encryption key
func (*Credential) Get ¶
func (sc *Credential) Get() (string, error)
Get decrypts and returns the plaintext credential This should be called only when needed to minimize exposure of the sensitive data in memory
func (*Credential) IsEmpty ¶
func (sc *Credential) IsEmpty() bool
IsEmpty returns true if credentials is empty
func (*Credential) Update ¶
func (sc *Credential) Update(plaintext string) error
Update updates the credential with a new plaintext value
type CredentialConfig ¶
type DefaultCredentialConfig ¶
type DefaultCredentialConfig struct {
Password string `json:"password"` // Password plaintext password; if set, is used instead of the rest
PasswordEnvVar string `json:"passwordEnvVar"` // PasswordEnvVar name of env var with secret
PasswordFile string `json:"passwordFile"` // PasswordFile name of secrets file, to be read; if none of the above set, this one is used
}
DefaultCredentialConfig misc options for credentials if different field names are required, just implement CredentialConfig interface
func (DefaultCredentialConfig) GetEnvVar ¶
func (c DefaultCredentialConfig) GetEnvVar() string
GetEnvVar fetch environment var name holding the password
func (DefaultCredentialConfig) GetFileName ¶
func (c DefaultCredentialConfig) GetFileName() string
GetFileName fetch file name holding the password
func (DefaultCredentialConfig) GetPassword ¶
func (c DefaultCredentialConfig) GetPassword() string
GetPassword fetch password value
Source Files