Documentation
¶
Overview ¶
Package protectedmemory implements protected memory backed secrets.
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var AllocTimer = metrics.GetOrRegisterTimer("secret.protectedmemory.alloctimer", nil)
AllocTimer is used to record the time taken to allocate a secret.
Functions ¶
This section is empty.
Types ¶
type SecretFactory ¶
type SecretFactory struct {
// contains filtered or unexported fields
}
SecretFactory is used to create protected memory based Secret implementations.
Example (NewReader) ¶
ExampleNewReader demonstrates working with a secret using the standard io.Reader interface.
package main
import (
"fmt"
"io"
"os"
"github.com/godaddy/asherah/go/securememory/protectedmemory"
)
func main() {
factory := new(protectedmemory.SecretFactory)
// ignoring errors for simplicity
s1, _ := factory.New([]byte("first "))
s2, _ := factory.New([]byte("second "))
s3, _ := factory.New([]byte("third"))
defer s1.Close()
defer s2.Close()
defer s3.Close()
r := io.MultiReader(s1.NewReader(), s2.NewReader(), s3.NewReader())
if _, err := io.Copy(os.Stdout, r); err != nil {
fmt.Println(err)
}
}
Output: first second third
Example (WithBytes) ¶
ExampleWithBytes demonstrates the use of WithBytes to access a secret's protected byte slice.
package main
import (
"fmt"
"github.com/godaddy/asherah/go/securememory/protectedmemory"
)
func main() {
factory := new(protectedmemory.SecretFactory)
secret, err := factory.CreateRandom(32)
if err != nil {
panic("unexpected error!")
}
defer secret.Close()
err = secret.WithBytes(func(bytes []byte) error {
fmt.Printf("my original secret is %d bytes long", len(bytes))
return nil
})
if err != nil {
panic("unexpected error!")
}
}
Output: my original secret is 32 bytes long
Example (WithBytesFunc) ¶
ExampleWithBytesFunc demonstrates the use of WithBytesFunc to access a secret's protected byte slice.
package main
import (
"encoding/base64"
"fmt"
"github.com/godaddy/asherah/go/securememory/protectedmemory"
)
func main() {
factory := new(protectedmemory.SecretFactory)
secret, err := factory.CreateRandom(32)
if err != nil {
panic("unexpected error!")
}
defer secret.Close()
// In this example we're encoding our underlying secret data using base64
encodedBytes, err := secret.WithBytesFunc(func(bytes []byte) ([]byte, error) {
return []byte(base64.StdEncoding.EncodeToString(bytes)), nil
})
if err != nil {
panic("unexpected error!")
}
decodedBytes, err := base64.StdEncoding.DecodeString(string(encodedBytes))
if err != nil {
panic("unexpected error!")
}
fmt.Printf("my decoded payload is %d bytes long", len(decodedBytes))
}
Output: my decoded payload is 32 bytes long
func (*SecretFactory) CreateRandom ¶
func (f *SecretFactory) CreateRandom(size int) (securememory.Secret, error)
CreateRandom returns a protected memory backed Secret that contains a random byte slice of the specified size.
Example ¶
package main
import (
"fmt"
"github.com/godaddy/asherah/go/securememory/protectedmemory"
)
func main() {
factory := new(protectedmemory.SecretFactory)
secret, err := factory.CreateRandom(32)
if err != nil {
panic("unexpected error!")
}
defer secret.Close()
// do something with the secret...
fmt.Println(secret.IsClosed())
}
Output: false
func (*SecretFactory) New ¶
func (f *SecretFactory) New(b []byte) (securememory.Secret, error)
New takes in a byte slice and returns a protected memory backed Secret containing that data. The underlying array will be wiped after the function exits.
Example ¶
package main
import (
"fmt"
"github.com/godaddy/asherah/go/securememory/protectedmemory"
)
func main() {
factory := new(protectedmemory.SecretFactory)
secret, err := factory.New([]byte("some really secret value"))
if err != nil {
panic("unexpected error!")
}
defer secret.Close()
// do something with the secret...
fmt.Println(secret.IsClosed())
}
Output: false
Source Files