hen

package module

v0.0.0-...-3ece076 Latest Latest Go to latest Published: Jan 13, 2023 License: MIT Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/drewart/hen

Links

Open Source Insights

README ¶

HEN encyption service and cli

Overview

web encryption service to provide a way to store encypted secrets in config files in the repo.

Features

allows configs checked into repo kind to provide KISS approch to secrets

Diagram

TODO

goals and future features

check in secure config values
have a ui html form to generate egg(s) from string
allow developers with token ability to check in a one way secure values
allow admin and gitlab ci decrypt aka "hatch eggs"
make it easy to update config values
make it easy to change configs
make code integrations
if integrated into key, enviroment configs could be built into container image at /config/foo.(dev|stage|prod).json
configs could be processed in ci and pushed as secrets to k8s and our container could read the secret
future allow cli admin edit vi mode with temp file and egg(...) replaced with cracked-egg(string)
settings in one location the repo vs gitlab var, terraform, parameter store
settings not dependent on infra setup
future for auth / token
future would like to use jwt for tokens
proposed server url https://hen.gomonger.io
tokens database, use existing jwt token, maybe use token service?
maybe values files or direct config edits
md5 check sum, why to validate x sent = x encrypted
simplify config
Can still use if moving away from json
could build into kit and env vars
part of ci process could remove parameter store
could use k8s secrets to store json
can track settings CI changes
CON: doesn't allow for dynamic changes without CI
configs/settings files can put shipped with image kit
could call hen service to decrypt for hen/egg('values')

TODO

read up on jwt and how it works
read up on tokens, token a service
read up on mysql storage
setup a service like go-gin

server

export ENCRYPTION_KEY="32-bit-string" 
./hen server

client

./hen protect -m "hello world"
{"egg":"egg(97b2fe93cccdfbb794ca2a5131ee7afe9bac07758797705df2008234b7aa9966652a4f802e9d0c,5eb63bbbe01eeed093cb22bb8f5acdc3)"}

Decrypt curl example with Token

curl -X POST http://localhost:3000/hatch \
     -H 'Content-Type: application/json' \
     -H 'Token: foobar' \
     -d '{"egg":"231d4adc3e9f6a62640e49b882747a376a5a5127401b1d1cdc05c7e2a39ece1ef63e8c58"}'                                      
# {"secret":"test abc"}%

Encryption Ref

https://tutorialedge.net/golang/go-encrypt-decrypt-aes-tutorial/ https://www.melvinvivas.com/how-to-encrypt-and-decrypt-data-using-aes

Documentation ¶

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Hatch ¶

func Hatch(filepath string) error

Types ¶

type Egg ¶

type Egg struct {
	Encrypted string
	// contains filtered or unexported fields
}

func (*Egg) ToString ¶

func (e *Egg) ToString() string

type Hen ¶

type Hen struct {
	Host     string
	FilePath string
	Token    string
	Eggs     []Egg
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cli
cmd
hen
internal
server

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL