base: github.com/grailbio/base/security/keycrypt Index | Files | Directories

package keycrypt

import "github.com/grailbio/base/security/keycrypt"

Package keycrypt implements an API for storing and retrieving opaque blobs of data stored in a secure fashion. Keycrypt multiplexes several backends, both local (e.g., macOS Keychain) and remote (e.g., AWS's KMS and S3).

Index

Package Files

keycrypt.go lookup.go

Variables

var ErrNoSuchSecret = errors.New("no such secret")

func Get Uses

func Get(rawurl string) ([]byte, error)

Get data from a keycrypt URL.

func GetJSON Uses

func GetJSON(s Secret, v interface{}) error

Retrieve the content from a secret and unmarshal it into a value.

func Put Uses

func Put(rawurl string, data []byte) error

Put writes data to a keycrypt URL.

func PutJSON Uses

func PutJSON(s Secret, v interface{}) error

Marshal a value and write it into a secret.

func Register Uses

func Register(scheme string, resolver Resolver)

Register associates a Resolver with a scheme.

func RegisterFunc Uses

func RegisterFunc(scheme string, f func(string) Keycrypt)

RegisterFunc associates a Resolver (given by a func) with a scheme.

type Keycrypt Uses

type Keycrypt interface {
    // Look up the named secret. A secret is returned even if it does
    // not yet exist. In this case, Secret.Get will return
    // ErrNoSuchSecret.
    Lookup(name string) Secret
}

Interface Keycrypt represents a secure secret storage.

type Resolver Uses

type Resolver interface {
    Resolve(host string) Keycrypt
}

func ResolverFunc Uses

func ResolverFunc(f func(string) Keycrypt) Resolver

type Secret Uses

type Secret interface {
    // Retrieve the current value of this secret. If the secret does not
    // exist, Get returns ErrNoSuchSecret.
    Get() ([]byte, error)
    // Write a new value for this secret.
    Put([]byte) error
}

Secret represents a single object. Secret objects are uninterpreted bytes that are stored securely.

func Lookup Uses

func Lookup(rawurl string) (Secret, error)

Lookup retrieves a secret based on a URL, in the standard form: scheme://host/path. The URL is interpreted according to the Resolver registered with the given scheme. The scheme "local" is a special scheme that attempts known local storage schemes: first "keychain", and then "file".

func Nonexistent Uses

func Nonexistent() Secret

func Static Uses

func Static(b []byte) Secret

Directories

PathSynopsis
filePackage file implements a file-based keycrypt.
keychain
kmsPackage kms implements a Keycrypt using AWS's KMS service and S3.

Package keycrypt imports 6 packages (graph) and is imported by 4 packages. Updated 2018-09-28. Refresh now. Tools for package owners.