vault

package
v6.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 3, 2025 License: MIT Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source 
const ResponseLimit = 10

ResponseLimit is the default number of records to limit a response to.

Variables

View Source 
var (
	DefaultClient = &Client{
		Endpoint: "https://api.workos.com",
	}
)

DefaultClient is the client used by SetAPIKey and Vault functions.

Functions

func DecodeU32 

func DecodeU32(buf []byte) (uint32, int, error)

DecodeU32 converts a leb128 byte array to a uint32.

func Decrypt 

func Decrypt(
	ctx context.Context,
	opts DecryptOpts,
) (string, error)

Decrypt perfroms a local decryption of data that was previously encrypted with Vault.

func EncodeU32 

func EncodeU32(num uint32) []byte

EncodeU64 converts num to a leb128 encoded array of bytes

func Encrypt 

func Encrypt(
	ctx context.Context,
	opts EncryptOpts,
) (string, error)

Encrypt performs a local encryption using keys from Vault.

func LocalDecrypt 

func LocalDecrypt(
	decoded Decoded,
	dataKey DataKey,
	associatedData string,
) (string, error)

LocalDecrypt perfroms a local decryption of data that was previously encrypted with Vault.

func LocalEncrypt 

func LocalEncrypt(
	data string,
	keyPair DataKeyPair,
	associatedData string,
) (string, error)

LocalEncrypt performs a local encryption option.

func SetAPIKey 

func SetAPIKey(apiKey string)

SetAPIKey sets the WorkOS API key for Vault requests.

func TestCrudObjects 

func TestCrudObjects(t *testing.T)

func TestDataKeys 

func TestDataKeys(t *testing.T)

func TestEncryption 

func TestEncryption(t *testing.T)

Types

type Client 

type Client struct {
	// The WorkOS API Key. It can be found in https://dashboard.workos.com/api-keys.
	APIKey string

	// The http.Client that is used to get Vault records from WorkOS.
	// Defaults to http.Client.
	HTTPClient *retryablehttp.HttpClient

	// The endpoint to WorkOS API. Defaults to https://api.workos.com.
	Endpoint string

	// The function used to encode in JSON. Defaults to json.Marshal.
	JSONEncode func(v interface{}) ([]byte, error)
	// contains filtered or unexported fields
}

Client represents a client that performs Vault requests to the WorkOS API.

func (*Client) CreateDataKey 

func (c *Client) CreateDataKey(ctx context.Context, opts CreateDataKeyOpts) (DataKeyPair, error)

CreateDataKey generates a data key for local encryption.

func (*Client) CreateObject 

func (c *Client) CreateObject(ctx context.Context, opts CreateObjectOpts) (ObjectMetadata, error)

CreateObject creates a new encrypted Object in Vault.

func (*Client) DecryptDataKey 

func (c *Client) DecryptDataKey(ctx context.Context, opts DecryptDataKeyOpts) (DataKey, error)

DecryptDataKey decrypt a data key that was previously encrypted using Vault.

func (*Client) DeleteObject 

func (c *Client) DeleteObject(ctx context.Context, opts DeleteObjectOpts) (DeleteObjectResponse, error)

DeleteObject deletes an stored Object.

func (*Client) DescribeObject 

func (c *Client) DescribeObject(ctx context.Context, opts ReadObjectOpts) (Object, error)

DescribeObject gets metadata about an object, withthout the value.

func (*Client) ListObjectVersions 

func (c *Client) ListObjectVersions(ctx context.Context, opts ReadObjectOpts) (ListObjectVersionsResponse, error)

ListObjectVersions gets a list of versions for a single Vault Object.

func (*Client) ListObjects 

func (c *Client) ListObjects(ctx context.Context, opts ListObjectsOpts) (ListObjectsResponse, error)

ListObjects gets a list of Vault Objects.

func (*Client) ReadObject 

func (c *Client) ReadObject(ctx context.Context, opts ReadObjectOpts) (Object, error)

ReadObject gets an Object with its decrypted value.

func (*Client) UpdateObject 

func (c *Client) UpdateObject(ctx context.Context, opts UpdateObjectOpts) (Object, error)

UpdateObject write a new value for an existing Object.

type CreateDataKeyOpts 

type CreateDataKeyOpts struct {
	// Map of values used to determine the encryption key used.
	KeyContext KeyContext `json:"context"`
}

type CreateObjectOpts 

type CreateObjectOpts struct {
	// Unique name of the object, used as the KV store key.
	Name string `json:"name"`

	// Plaintext data that will be stored in an encrypted format.
	Value string `json:"value"`

	// Map of values used to determine the encryption key used.
	KeyContext KeyContext `json:"key_context"`
}

type DataKey 

type DataKey struct {
	// Unique ID of the data key.
	Id string `json:"id"`

	// Base64 encoded data key that can be used for encryption operations.
	Key string `json:"data_key"`
}

func DecryptDataKey 

func DecryptDataKey(
	ctx context.Context,
	opts DecryptDataKeyOpts,
) (DataKey, error)

DecryptDataKey decrypt a data key that was previously encrypted using Vault.

type DataKeyPair 

type DataKeyPair struct {
	// Map of values used to determine the encryption key used.
	KeyContext KeyContext `json:"context"`

	// Unique ID of the data key.
	Id string `json:"id"`

	// Base64 encoded data key that can be used for encryption operations.
	DataKey string `json:"data_key"`

	// An encrypted, Base64 encoded data key.
	EncryptedKeys string `json:"encrypted_keys"`
}

func CreateDataKey 

func CreateDataKey(
	ctx context.Context,
	opts CreateDataKeyOpts,
) (DataKeyPair, error)

CreateDataKey generates a data key for local encryption.

type Decoded 

type Decoded struct {
	Iv         []byte
	Tag        []byte
	Keys       string
	Ciphertext []byte
}

func Decode 

func Decode(data string, nonceSize int) (Decoded, error)

Decode parses an encrypted blob into its parts without attempting to decrypt it.

type DecryptDataKeyOpts 

type DecryptDataKeyOpts struct {
	// An encrypted, Base64 encoded data key.
	Keys string `json:"keys"`
}

type DecryptOpts 

type DecryptOpts struct {
	Data           string
	AssociatedData string
	NonceSize      int
}

type DeleteObjectOpts 

type DeleteObjectOpts struct {
	// Unique string ID of the object.
	Id string `json:"id"`

	// ID of the expected version of the object.
	VersionCheck string `json:"version_check,omitempty"`
}

type DeleteObjectResponse 

type DeleteObjectResponse struct {
	// Indicator of whether the operation succeeded.
	Success bool `json:"success"`

	// Unique name of the object, used as the KV store key.
	Name string `json:"name"`
}

func DeleteObject 

func DeleteObject(
	ctx context.Context,
	opts DeleteObjectOpts,
) (DeleteObjectResponse, error)

DeleteObject deletes an stored Object.

type EncryptOpts 

type EncryptOpts struct {
	Data           string
	KeyContext     KeyContext
	AssociatedData string
}

type KeyContext 

type KeyContext map[string]interface{}

type ListObjectVersionsResponse 

type ListObjectVersionsResponse struct {
	// List of verions for an encrypted Object.
	Data []ObjectVersion `json:"data"`
}

func ListObjectVersions 

func ListObjectVersions(
	ctx context.Context,
	opts ReadObjectOpts,
) (ListObjectVersionsResponse, error)

ListObjectVersions gets a list of versions for an Object.

type ListObjectsOpts 

type ListObjectsOpts struct {
	// Maximum number of records to return.
	Limit int `url:"limit,omitempty"`

	// The order in which to paginate records.
	Order Order `url:"order,omitempty"`

	// Pagination cursor to receive records before a provided Object ID.
	Before string `url:"before,omitempty"`

	// Pagination cursor to receive records after a provided Object ID.
	After string `url:"after,omitempty"`
}

type ListObjectsResponse 

type ListObjectsResponse struct {
	// List of stored Objects.
	Data []ObjectDigest `json:"data"`

	// Cursor pagination options.
	ListMetadata common.ListMetadata `json:"list_metadata"`
}

func ListObjects 

func ListObjects(
	ctx context.Context,
	opts ListObjectsOpts,
) (ListObjectsResponse, error)

ListObjects gets a list of Objects.

type Object 

type Object struct {
	// Unique string ID of the object.
	Id string `json:"id"`

	// Unique name of the object, used as the KV store key.
	Name string `json:"name"`

	// Plaintext data that will be stored in an encrypted format.
	Value string `json:"value"`

	// Extra information about the object.
	Metadata ObjectMetadata `json:"metadata"`
}

func DescribeObject 

func DescribeObject(
	ctx context.Context,
	opts ReadObjectOpts,
) (Object, error)

DescribeObject gets metadata about an object, withthout the value.

func ReadObject 

func ReadObject(
	ctx context.Context,
	opts ReadObjectOpts,
) (Object, error)

ReadObject gets an Object with its decrypted value.

func UpdateObject 

func UpdateObject(
	ctx context.Context,
	opts UpdateObjectOpts,
) (Object, error)

UpdateObject write a new value for an existing Object.

type ObjectDigest 

type ObjectDigest struct {
	// Unique string ID of the object.
	Id string `json:"id"`

	// Unique name of the object, used as the KV store key.
	Name string `json:"name"`

	// ISO 8601 timestamp of the last modification to the object.
	UpdatedAt time.Time `json:"updated_at"`
}

type ObjectMetadata 

type ObjectMetadata struct {
	// Unique string ID of the object.
	Id string `json:"id"`

	// ID of the WorkOS environment where the object was created.
	EnvironmentId string `json:"environment_id"`

	// ID of the key used to encrypt the object.
	KeyId string `json:"key_id"`

	// ID of the specific version of the object.
	VersionId string `json:"version_id"`

	// Map of values used to determine the encryption key used.
	Context KeyContext `json:"context"`

	// ISO 8601 timestamp of the last modification to the object.
	UpdatedAt time.Time `json:"updated_at"`

	UpdatedBy struct {
		// ID of the user or API key that last wrote to the object.
		Id string `json:"id"`

		// Name of the user or API key that last wrote to the object.
		Name string `json:"name"`
	} `json:"updated_by"`
}

Objects

func CreateObject 

func CreateObject(
	ctx context.Context,
	opts CreateObjectOpts,
) (ObjectMetadata, error)

CreateObject create a new encrypted Object.

type ObjectVersion 

type ObjectVersion struct {
	// ID of the specific version of the object.
	Id string `json:"id"`

	// ISO 8601 timestamp of when the version was created.
	CreatedAt time.Time `json:"created_at"`

	// Indicator of whether this is the active, default version.
	CurrentVersion bool `json:"current_version"`

	// A hash of the value of the object.
	Etag string `json:"etag"`

	/// Number of bytes of data stored in the object.
	Size int `json:"size"`
}

type Order 

type Order string

Order represents the order of records. 

const (
	Asc  Order = "asc"
	Desc Order = "desc"
)

Constants that enumerate the available orders.

type ReadObjectOpts 

type ReadObjectOpts struct {
	// Unique string ID of the object.
	Id string `json:"id"`
}

type UpdateObjectOpts 

type UpdateObjectOpts struct {
	// Unique string ID of the object.
	Id string `json:"id"`

	// Plaintext data that will be stored in an encrypted format.
	Value string `json:"value"`

	// ID of the expected version of the object.
	VersionCheck string `json:"version_check,omitempty"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.