Documentation ¶
Index ¶
Constants ¶
const ( // ColumnKeyEnv the environment name of the variable used to specify the private encryption key used // on columns of type ColumnSecret ColumnKeyEnv = "DB_COL_KEY" )
Variables ¶
This section is empty.
Functions ¶
Types ¶
type ColumnSecret ¶
type ColumnSecret string
ColumnSecret a type for a gorm model column whose value is encrypted before persisting to the database and is unencrypted in the struct.
Provides a column type to database/sql/driver whose value is encrypted when persisting to the database. The encryption is AES256 with a nonce. The variable DefaultColumnSecretKey is used for encryption and decryption and must be supplied by the calling function which could originate from a k8s secret, for instance.
func (*ColumnSecret) Scan ¶
func (sec *ColumnSecret) Scan(src interface{}) error
when the DB driver reads from the DB
type SecretColumnKeyT ¶
type SecretColumnKeyT func() string
SecretColumnKeyT the type of function that acquires the secret column key
var SecretColumnKeyFunc SecretColumnKeyT
SecretColumnKeyFunc callers using the functionality will specify this as a function to be called to acquire the secrey key to encrypt/decrypt the column.
type YubiUser ¶
type YubiUser struct { ID uint `json:"-" gorm:"primary_key"` CreatedAt time.Time `json:"created_at,omitempty"` UpdatedAt time.Time `json:"updated_at,omitempty"` // Email the email address of the owner Email string `json:"email"` // Is the user enabled? IsEnabled bool `json:"is_enabled"` // An admin user has additional capabilities. It can register other users, for instance. IsAdmin bool `json:"is_admin"` // Counter the token usage counter. It represents the last counter provided by the Yubi token from a OTP. Counter int64 `json:"counter"` // Session the session usage counter provided by the Yubi token from a OTP. Used to protect against token reuse. Session int64 `json:"session"` // Public the Yubikey ID assigned to the physical token Public string `json:"public" gorm:"unique;not null"` // Secret the user's secret AES key associated with the Yubi token slot Secret ColumnSecret `json:"secret,omitempty"` // Description info about the owner; email, name, et.al Description string `json:"description"` }
YubiUser the database model to store a Yubi device
func (YubiUser) Editable ¶
func (u YubiUser) Editable() *YubiUserEditable
Editable convert a YubiUser to a struct of values we allow to be edited
type YubiUserEditable ¶
type YubiUserEditable struct { CreatedAt time.Time `json:"created_at,omitempty"` UpdatedAt time.Time `json:"updated_at,omitempty"` // Email the email address of the owner Email *string `json:"email,omitempty"` // Is the user enabled? IsEnabled *bool `json:"is_enabled,omitempty"` // An admin user has additional capabilities. It can register other users, for instance. IsAdmin *bool `json:"is_admin,omitempty"` // Public the Yubikey ID assigned to the physical token Public string `json:"public"` // Description info about the owner; email, name, et.al Description *string `json:"description,omitempty"` }
YubiUserEditable are the editable fields of a registered user