astcrypt

func Decrypt ¶

func Decrypt(node ast.Node, decrypter Decrypter) error

Decrypt decrypts the HCL or JSON document in the abstract syntax tree. It does this by walking the tree looking for ciphertext values of the form

key {
	ciphertext = "<encrypted-data>"
}

or the equivalent JSON

"key": { "ciphertext": "<encrypted-data>" }

These encrypted values are decrypted using the encryption data key information in the configuration file and converted into values of the form

key = "<decrypted-data>"

The decrypter is used to decrypt ciphertext. If the decrypter is nil this function will return success only if there is nothing in the AST to decrypt.

func Encrypt ¶

func Encrypt(node ast.Node, encrypter Encrypter, keywords []string, valuewords []string) error

Encrypt searches the AST for keys that match any of the keywords and values that match any of the values. Any key in the configuration file matches a keyword if it contains that keyword. Any value in the configuration file matches a valueword if it contains that valueword. Tests are case insensitive.

When a match is detected it converts the form

key = "<unencrypted-data>"

into the form

key {
	ciphertext = "<encrypted-data>"
}

The encrypter is used to encrypt cleartext. If the encrypter is nil this function will return success only if there is nothing in the AST to encrypt.