keystore

package

v0.13.0 Latest Latest Go to latest Published: Mar 8, 2026 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/petal-labs/iris

Links

Open Source Insights

Documentation ¶

Overview ¶

Package keystore provides secure storage for API keys.

Index ¶

Constants
Variables
func DefaultKeystorePath() string
type EnvMasterKeySource
- func (s *EnvMasterKeySource) GetMasterKey() ([]byte, error)
type ErrKeyNotFound
- func (e *ErrKeyNotFound) Error() string
type FallbackMasterKeySource
- func (s *FallbackMasterKeySource) GetMasterKey() ([]byte, error)
type FileKeystore
- func NewFileKeystore(path string) (*FileKeystore, error)
- func NewFileKeystoreWithSource(path string, source MasterKeySource) (*FileKeystore, error)
type Keystore
- func NewKeystore() (Keystore, error)
type MasterKeySource
type PromptMasterKeySource
- func (s *PromptMasterKeySource) GetMasterKey() ([]byte, error)

Constants ¶

View Source

const DefaultMasterKeyEnvVar = "IRIS_KEYSTORE_KEY"

DefaultMasterKeyEnvVar is the environment variable name for the master key.

Variables ¶

View Source

var ErrMasterKeyRequired = errors.New("master key required for keystore operation")

ErrMasterKeyRequired is returned when a master key is needed but not provided.

Functions ¶

func DefaultKeystorePath ¶

func DefaultKeystorePath() string

DefaultKeystorePath returns the default keystore file path. - macOS/Linux: ~/.iris/keys.enc - Windows: %USERPROFILE%\.iris\keys.enc

Types ¶

type EnvMasterKeySource ¶ added in v0.10.0

type EnvMasterKeySource struct {
	EnvVar string
}

EnvMasterKeySource provides the master key from an environment variable.

func (*EnvMasterKeySource) GetMasterKey ¶ added in v0.10.0

func (s *EnvMasterKeySource) GetMasterKey() ([]byte, error)

GetMasterKey returns the master key from the configured environment variable.

type ErrKeyNotFound ¶

type ErrKeyNotFound struct {
	Name string
}

ErrKeyNotFound is returned when a requested key does not exist.

func (*ErrKeyNotFound) Error ¶

func (e *ErrKeyNotFound) Error() string

type FallbackMasterKeySource ¶ added in v0.10.0

type FallbackMasterKeySource struct {
	Sources []MasterKeySource
}

FallbackMasterKeySource tries multiple sources in order.

func (*FallbackMasterKeySource) GetMasterKey ¶ added in v0.10.0

func (s *FallbackMasterKeySource) GetMasterKey() ([]byte, error)

GetMasterKey tries each source in order until one succeeds.

type FileKeystore ¶

type FileKeystore struct {
	// contains filtered or unexported fields
}

FileKeystore implements Keystore using encrypted file storage. Keys are stored in a JSON map encrypted with AES-256-GCM. v2 format uses Argon2id for key derivation from a master key.

func NewFileKeystore ¶

func NewFileKeystore(path string) (*FileKeystore, error)

NewFileKeystore creates a new file-based keystore at the given path. The encryption key is derived from machine-specific data (v1 legacy mode). For production use, prefer NewFileKeystoreWithSource.

func NewFileKeystoreWithSource ¶ added in v0.10.0

func NewFileKeystoreWithSource(path string, source MasterKeySource) (*FileKeystore, error)

NewFileKeystoreWithSource creates a new file-based keystore with a master key source. This is the recommended way to create a keystore for production use.

func (*FileKeystore) Delete ¶

func (f *FileKeystore) Delete(name string) error

Delete removes a key by name.

func (*FileKeystore) Get ¶

func (f *FileKeystore) Get(name string) (string, error)

Get retrieves a value by name.

func (*FileKeystore) IsV2Format ¶ added in v0.10.0

func (f *FileKeystore) IsV2Format() (bool, error)

IsV2Format checks if the keystore file is in v2 format.

func (*FileKeystore) List ¶

func (f *FileKeystore) List() ([]string, error)

List returns all stored key names.

func (*FileKeystore) MigrateToV2 ¶ added in v0.10.0

func (f *FileKeystore) MigrateToV2() error

MigrateToV2 migrates a v1 keystore to v2 format. The keystore must be opened with the new master key source.

func (*FileKeystore) Set ¶

func (f *FileKeystore) Set(name, value string) error

Set stores a key-value pair.

type Keystore ¶

type Keystore interface {
	// Set stores a key-value pair.
	Set(name, value string) error
	// Get retrieves a value by name. Returns error if not found.
	Get(name string) (string, error)
	// Delete removes a key by name.
	Delete(name string) error
	// List returns all stored key names.
	List() ([]string, error)
}

Keystore defines the interface for secure key storage.

func NewKeystore ¶

func NewKeystore() (Keystore, error)

NewKeystore creates a new keystore using file-based encrypted storage.

type MasterKeySource ¶ added in v0.10.0

type MasterKeySource interface {
	// GetMasterKey returns the master key for encryption/decryption.
	// Returns an error if the key cannot be obtained.
	GetMasterKey() ([]byte, error)
}

MasterKeySource provides the encryption master key. Implementations can source the key from various places (env var, prompt, etc.).

type PromptMasterKeySource ¶ added in v0.10.0

type PromptMasterKeySource struct {
	Prompter func(prompt string) ([]byte, error)
}

PromptMasterKeySource provides the master key via interactive prompt.

func (*PromptMasterKeySource) GetMasterKey ¶ added in v0.10.0

func (s *PromptMasterKeySource) GetMasterKey() ([]byte, error)

GetMasterKey prompts the user for the master key.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL