README
¶
go-sqlcrypter
go-sqlcrypter is a Go package that enables sensitive data to be encrypted at rest within a relational database. A custom type EncryptedBytes is provided which implements the sql.Scanner and driver.Valuer interfaces allowing data to be encrypted and decrypted when writing to and reading from a SQL database. Column-level encryption provides an additional layer of security.
The following encryption providers are supported:
Refer to each provider for documentation and examples.
Install
go get -u github.com/bincyber/go-sqlcrypter
Usage
Configure the encryption provider of your choice:
key := []byte("abcdef01234567899876543210fedcba")
provider, err := aescrypter.New(key, nil)
if err != nil {
log.Fatalf("failed to initialize AES crypter. Error: %s", err)
}
Initialize the sqlcrypter with the encryption provider:
sqlcrypter.Init(provider)
Use the custom type EncryptedBytes for any sensitive data:
type Employee struct {
Name string
SSN sqlcrypter.EncryptedBytes
Email string
Title string
}
func main() {
e := &Employee{
Name: "Tony Stark",
SSN: sqlcrypter.NewEncryptedBytes("999-00-1234"),
Email: "tony@starkindustries.com",
Title: "Genius, Billionaire, Playboy, Philanthropist",
}
}
For a full example, see example/main.go.
Development
docker-compose is used to help with local development and testing. See testing/docker-compose.yml
To bring up the development environment:
make dev/up
make terraform/apply
To run the test suite:
make go/test
Contributing
Contributions of new encryption providers (eg, Azure Key Vault, GCP KMS, etc.) are more than welcome!
License
The source code for this library is licensed under the MIT license, which you can find in the LICENSE file.
Documentation
¶
Index ¶
- func Decrypt(w io.Writer, r io.Reader) error
- func Encrypt(w io.Writer, r io.Reader) error
- func GenerateBytes(n int) ([]byte, error)
- func Init(c Crypterer)
- type Crypterer
- type EncryptedBytes
- func (e EncryptedBytes) Bytes() []byte
- func (e *EncryptedBytes) GormDBDataType(db *gorm.DB, field *schema.Field) string
- func (e *EncryptedBytes) GormDataType() string
- func (e EncryptedBytes) MarshalJSON() ([]byte, error)
- func (e *EncryptedBytes) Scan(value interface{}) error
- func (e EncryptedBytes) String() string
- func (e *EncryptedBytes) UnmarshalJSON(data []byte) error
- func (e EncryptedBytes) Value() (driver.Value, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateBytes ¶
GenerateBytes generates random bytes of n length.
Types ¶
type EncryptedBytes ¶
type EncryptedBytes []byte
func NewEncryptedBytes ¶
func NewEncryptedBytes(s string) EncryptedBytes
func (EncryptedBytes) Bytes ¶
func (e EncryptedBytes) Bytes() []byte
func (*EncryptedBytes) GormDBDataType ¶
func (*EncryptedBytes) GormDataType ¶
func (e *EncryptedBytes) GormDataType() string
func (EncryptedBytes) MarshalJSON ¶
func (e EncryptedBytes) MarshalJSON() ([]byte, error)
MarshalJSON implements json.Marshaler interface
func (*EncryptedBytes) Scan ¶
func (e *EncryptedBytes) Scan(value interface{}) error
Scan implements the scanner interface
func (EncryptedBytes) String ¶
func (e EncryptedBytes) String() string
func (*EncryptedBytes) UnmarshalJSON ¶
func (e *EncryptedBytes) UnmarshalJSON(data []byte) error
UnmarshalJSON implements json.Unmarshaler interface
Source Files
Directories