Documentation ¶
Index ¶
- Variables
- func GenerateEncodedNACLKeyPair() (marshaledEncryptorKey []byte, marshaledDecryptorKey []byte, err error)
- func GenerateKeyPair(r io.Reader) (encryptorKey *NACLKey, decryptorKey *NACLKey, err error)
- func MarshalNACLKey(key *NACLKey) []byte
- type Config
- type Keyring
- type NACLKey
- type Service
- type Stub
Constants ¶
This section is empty.
Variables ¶
var (
ErrFieldRequired = errors.New("field required")
)
Functions ¶
func GenerateEncodedNACLKeyPair ¶
func GenerateEncodedNACLKeyPair() (marshaledEncryptorKey []byte, marshaledDecryptorKey []byte, err error)
GenerateEncodedNACLKeyPair returns to byte slice containing the encoded values of the couple of keypairs freshly generated.
func GenerateKeyPair ¶
GenerateKeyPair returns a couple keypairs that can be used for asymmetric encryption/decryption using nacl crypto box API.
func MarshalNACLKey ¶
MarshalNACLKey takes a key and returns its encoded version.
Types ¶
type Config ¶
type Config struct { EncryptorKeyPath string `mapstructure:"credentials_encryptor_key"` DecryptorKeyPath string `mapstructure:"credentials_decryptor_key"` }
Config used to setup a Keyring service.
type Keyring ¶
type Keyring interface { // CredentialsEncryptorKey returns the key used to encrypt credentials values, // stored in accounts. CredentialsEncryptorKey() *NACLKey // CredentialsDecryptorKey returns the key used to decrypt credentials values, // stored in accounts. CredentialsDecryptorKey() *NACLKey }
Keyring handle the encryption/decryption keys
func NewFromConfig ¶
type NACLKey ¶
type NACLKey struct {
// contains filtered or unexported fields
}
NACLKey contains a NACL crypto box keypair.
func UnmarshalNACLKey ¶
UnmarshalNACLKey takes and encoded value of a keypair and unmarshal its value, returning the associated key.
func (*NACLKey) PrivateKey ¶
PrivateKey returns the private part of the keypair.
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
Service contains security keys used for various encryption or signing of critical assets.
func NewService ¶
NewService instantiate a new Keyring.
func (*Service) CredentialsDecryptorKey ¶
func (*Service) CredentialsEncryptorKey ¶
type Stub ¶
type Stub struct {
// contains filtered or unexported fields
}
Stub is a minimal *UNSECURE* implementation of Keyring.
As the credentials should remain the same between several executions of the stack, we are using some credentials generated with a seed defined at build time. It is obviously not a good idea from a security point of view, and it should not be used to store sensible data. This implem is not safe and should never be used in production.