crypto

package
v0.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 3, 2026 License: MIT Imports: 8 Imported by: 0

Documentation

Overview

Package crypto provides AES-256-GCM encryption and decryption for sensitive data such as secret headers and webhook secrets. The encryption key is loaded from the SPARROW_ENCRYPTION_KEY environment variable (64 hex chars = 32 bytes).

When no encryption key is configured, Sparrow continues to work but any attempt to encrypt or decrypt will return an ErrNoEncryptionKey error.

Index

Constants

This section is empty.

Variables

View Source 
var ErrNoEncryptionKey = errors.New("crypto: encryption key not configured (set SPARROW_ENCRYPTION_KEY)")

ErrNoEncryptionKey is returned when encryption/decryption is attempted without a configured encryption key.

Functions

func ParseKey 

func ParseKey(raw string) ([]byte, error)

ParseKey decodes a 64-character hex string into a 32-byte key suitable for NewService. Returns nil if raw is empty.

Types

type Service 

type Service struct {
	// contains filtered or unexported fields
}

Service provides encrypt/decrypt operations using AES-256-GCM. A nil *Service or one created without a key is valid — calls to Encrypt and Decrypt will return ErrNoEncryptionKey.

func NewService 

func NewService(key []byte) (*Service, error)

NewService creates a new crypto service from a 32-byte AES-256 key. Pass nil to create a no-op service that returns ErrNoEncryptionKey on use.

func (*Service) Decrypt 

func (s *Service) Decrypt(ciphertext []byte) ([]byte, error)

Decrypt decrypts data produced by Encrypt (nonce || ciphertext).

func (*Service) DecryptJSON 

func (s *Service) DecryptJSON(ciphertext []byte, v any) error

DecryptJSON decrypts ciphertext and unmarshals the result into v.

func (*Service) Enabled 

func (s *Service) Enabled() bool

Enabled reports whether the service has an encryption key configured.

func (*Service) Encrypt 

func (s *Service) Encrypt(plaintext []byte) ([]byte, error)

Encrypt encrypts plaintext using AES-256-GCM and returns nonce || ciphertext (nonce is prepended).

func (*Service) EncryptJSON 

func (s *Service) EncryptJSON(v any) ([]byte, error)

EncryptJSON marshals v to JSON, then encrypts the result.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.