Documentation ¶
Overview ¶
Package astcrypt has functions for encrypting and decrypting confidential information in the configuration file AST.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Decrypt ¶
Decrypt decrypts the HCL or JSON document in the abstract syntax tree. It does this by walking the tree looking for ciphertext values of the form
key { ciphertext = "<encrypted-data>" }
or the equivalent JSON
"key": { "ciphertext": "<encrypted-data>" }
These encrypted values are decrypted using the encryption data key information in the configuration file and converted into values of the form
key = "<decrypted-data>"
The decrypter is used to decrypt ciphertext. If the decrypter is nil this function will return success only if there is nothing in the AST to decrypt.
func Encrypt ¶
Encrypt searches the AST for keys that match any of the keywords and values that match any of the values. Any key in the configuration file matches a keyword if it contains that keyword. Any value in the configuration file matches a valueword if it contains that valueword. Tests are case insensitive.
When a match is detected it converts the form
key = "<unencrypted-data>"
into the form
key { ciphertext = "<encrypted-data>" }
The encrypter is used to encrypt cleartext. If the encrypter is nil this function will return success only if there is nothing in the AST to encrypt.