dyno

package module

v1.0.1 Latest Latest Go to latest Published: Jan 2, 2024 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/RealImage/dyno

Links

Open Source Insights

README ¶

Dyno

Encrypt and decrypt DynamoDB table attribute value maps using either AWS KMS or AES with a password. Useful for sending clients the LastEvaluatedKey from the result of a DynamoDB Query or Scan operation, for paginating results without leaking sensitive information.

License

Dyno is available under the terms of the MIT license.

Documentation ¶

Overview ¶

Package dyno provides a simple way to encrypt and decrypt dynamodb items with a KMS key. It is useful for passing sensitive information to a client. For example, the LastEvaluatedKey returned by a dynamodb query can be encrypted and passed to a client. The client can then pass the encrypted LastEvaluatedKey back to the server, which can decrypt it and use it to continue the query.

Example:

// Create a new CryptedItem
cryptedItem := dyno.NewCryptedItem("alias/my-kms-key", kmsClient)

// Encrypt the lastEvaluatedKey
encryptedLastEvaluatedKey, err := cryptedItem.Encrypt(ctx, map[string]string{
	"clientID": "1234",
}, lastEvaluatedKey)

// Pass the encryptedLastEvaluatedKey to the client

// Client passes the encryptedLastEvaluatedKey back to the server

// Decrypt the encryptedLastEvaluatedKey
lastEvaluatedKey, err := cryptedItem.Decrypt(ctx, map[string]string{
	"clientID": "1234",
}, encryptedLastEvaluatedKey)

Index ¶

func WithEncryptionContext(ctx context.Context, ec map[string]string) context.Context
type Base64Bytes
- func (b *Base64Bytes) Decode(value string) (err error)
type ItemCrypter
- func NewAesItemCrypter(password, salt []byte) (ItemCrypter, error)
- func NewKmsItemCrypter(kmsKeyID string, kmsClient *kms.Client) ItemCrypter

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func WithEncryptionContext ¶

func WithEncryptionContext(ctx context.Context, ec map[string]string) context.Context

WithEncryptionContext returns a new context with the given AWS KMS encryption context.

Types ¶

type Base64Bytes ¶ added in v1.0.1

type Base64Bytes []byte

Base64Bytes reads a base64 encoded string and decodes it into a byte slice. Use it with the envconfig package to read bytes from an environment variable.

func (*Base64Bytes) Decode ¶ added in v1.0.1

func (b *Base64Bytes) Decode(value string) (err error)

type ItemCrypter ¶

type ItemCrypter interface {
	Encrypt(ctx context.Context, item map[string]types.AttributeValue) (string, error)
	Decrypt(ctx context.Context, item string) (map[string]types.AttributeValue, error)
}

ItemCrypter is an interface that encrypts and decrypts dynamodb items.

func NewAesItemCrypter ¶

func NewAesItemCrypter(password, salt []byte) (ItemCrypter, error)

NewAesItemCrypter creates a new ItemCrypter that uses AES encryption.

func NewKmsItemCrypter ¶

func NewKmsItemCrypter(kmsKeyID string, kmsClient *kms.Client) ItemCrypter

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL