Documentation ¶
Overview ¶
Package protectedmemory implements protected memory backed secrets.
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var AllocTimer = metrics.GetOrRegisterTimer("secret.protectedmemory.alloctimer", nil)
AllocTimer is used to record the time taken to allocate a secret.
Functions ¶
This section is empty.
Types ¶
type SecretFactory ¶
type SecretFactory struct {
// contains filtered or unexported fields
}
SecretFactory is used to create protected memory based Secret implementations.
Example (NewReader) ¶
ExampleNewReader demonstrates working with a secret using the standard io.Reader interface.
package main import ( "fmt" "io" "os" "github.com/godaddy/asherah/go/securememory/protectedmemory" ) func main() { factory := new(protectedmemory.SecretFactory) // ignoring errors for simplicity s1, _ := factory.New([]byte("first ")) s2, _ := factory.New([]byte("second ")) s3, _ := factory.New([]byte("third")) defer s1.Close() defer s2.Close() defer s3.Close() r := io.MultiReader(s1.NewReader(), s2.NewReader(), s3.NewReader()) if _, err := io.Copy(os.Stdout, r); err != nil { fmt.Println(err) } }
Output: first second third
Example (WithBytes) ¶
ExampleWithBytes demonstrates the use of WithBytes to access a secret's protected byte slice.
package main import ( "fmt" "github.com/godaddy/asherah/go/securememory/protectedmemory" ) func main() { factory := new(protectedmemory.SecretFactory) secret, err := factory.CreateRandom(32) if err != nil { panic("unexpected error!") } defer secret.Close() err = secret.WithBytes(func(bytes []byte) error { fmt.Printf("my original secret is %d bytes long", len(bytes)) return nil }) if err != nil { panic("unexpected error!") } }
Output: my original secret is 32 bytes long
Example (WithBytesFunc) ¶
ExampleWithBytesFunc demonstrates the use of WithBytesFunc to access a secret's protected byte slice.
package main import ( "encoding/base64" "fmt" "github.com/godaddy/asherah/go/securememory/protectedmemory" ) func main() { factory := new(protectedmemory.SecretFactory) secret, err := factory.CreateRandom(32) if err != nil { panic("unexpected error!") } defer secret.Close() // In this example we're encoding our underlying secret data using base64 encodedBytes, err := secret.WithBytesFunc(func(bytes []byte) ([]byte, error) { return []byte(base64.StdEncoding.EncodeToString(bytes)), nil }) if err != nil { panic("unexpected error!") } decodedBytes, err := base64.StdEncoding.DecodeString(string(encodedBytes)) if err != nil { panic("unexpected error!") } fmt.Printf("my decoded payload is %d bytes long", len(decodedBytes)) }
Output: my decoded payload is 32 bytes long
func (*SecretFactory) CreateRandom ¶
func (f *SecretFactory) CreateRandom(size int) (securememory.Secret, error)
CreateRandom returns a protected memory backed Secret that contains a random byte slice of the specified size.
Example ¶
package main import ( "fmt" "github.com/godaddy/asherah/go/securememory/protectedmemory" ) func main() { factory := new(protectedmemory.SecretFactory) secret, err := factory.CreateRandom(32) if err != nil { panic("unexpected error!") } defer secret.Close() // do something with the secret... fmt.Println(secret.IsClosed()) }
Output: false
func (*SecretFactory) New ¶
func (f *SecretFactory) New(b []byte) (securememory.Secret, error)
New takes in a byte slice and returns a protected memory backed Secret containing that data. The underlying array will be wiped after the function exits.
Example ¶
package main import ( "fmt" "github.com/godaddy/asherah/go/securememory/protectedmemory" ) func main() { factory := new(protectedmemory.SecretFactory) secret, err := factory.New([]byte("some really secret value")) if err != nil { panic("unexpected error!") } defer secret.Close() // do something with the secret... fmt.Println(secret.IsClosed()) }
Output: false