secret

package

v0.0.0-...-46baba5 Latest Latest Go to latest Published: Apr 30, 2024 License: AGPL-3.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/theduckcompany/duckcloud

Links

Open Source Insights

Documentation ¶

Overview ¶

Package secret provides types to guard your secret values from leaking into logs, std* etc.

The objective is to disallow writing/serializing of secret values to std*, logs, JSON string etc. but provide access to the secret when requested explicitly.

Constants ¶

View Source

const KeyLength = 32

View Source

const RedactText string = "*****"

RedactText is used by default if no other redact hint is given.

View Source

const (
	SealedKeyLength = nonceLength + KeyLength + secretbox.Overhead
)

Variables ¶

View Source

var Empty = NewText("")

View Source

var ErrInvalidKeySize = errors.New("invalid key size")

Functions ¶

This section is empty.

Types ¶

type Key ¶

type Key struct {
	// contains filtered or unexported fields
}

func KeyFromBase64 ¶

func KeyFromBase64(str string) (*Key, error)

func KeyFromRaw ¶

func KeyFromRaw(in []byte) (*Key, error)

func NewKey ¶

func NewKey() (*Key, error)

func (*Key) Base64 ¶

func (k *Key) Base64() string

Raw gives you access to the actual secret value stored inside Key.

func (*Key) Equals ¶

func (k *Key) Equals(s2 *Key) bool

Equals checks whether s2 has same secret string or not.

func (Key) LogValue ¶

func (s Key) LogValue() slog.Value

func (Key) MarshalJSON ¶

func (k Key) MarshalJSON() ([]byte, error)

MarshalJSON allows Key to be serialized into a JSON string. Only the redact hint is part of the the JSON string.

func (*Key) MarshalText ¶

func (k *Key) MarshalText() ([]byte, error)

MarshalKey implements encoding.KeyMarshaler. It marshals redact string into bytes rather than the actual secret value.

func (*Key) Raw ¶

func (k *Key) Raw() []byte

func (*Key) Scan ¶

func (s *Key) Scan(src any) error

func (*Key) String ¶

func (k *Key) String() string

String implements the fmt.Stringer interface and returns only the redact hint. This prevents the secret value from being printed to std*, logs etc.

func (*Key) UnmarshalJSON ¶

func (k *Key) UnmarshalJSON(b []byte) error

UnmarshalJSON allows a JSON string to be deserialized into a Key value. DefaultRedact is set as the redact hint.

func (*Key) UnmarshalText ¶

func (k *Key) UnmarshalText(b []byte) error

UnmarshalKey implements encoding.KeyUnmarshaler. It unmarshals b into receiver's new secret value. If redact string is present then it is reused otherwise [DefaultRedact] is used.

func (Key) Value ¶

func (k Key) Value() (driver.Value, error)

type SealedKey ¶

type SealedKey struct {
	// contains filtered or unexported fields
}

func SealKey ¶

func SealKey(encryptionKey, input *Key) (*SealedKey, error)

func SealKeyWithEnclave ¶

func SealKeyWithEnclave(enclave *memguard.Enclave, input *Key) (*SealedKey, error)

func SealedKeyFromBase64 ¶

func SealedKeyFromBase64(str string) (*SealedKey, error)

func (*SealedKey) Base64 ¶

func (k *SealedKey) Base64() string

Raw gives you access to the actual secret value stored inside Key.

func (*SealedKey) Equals ¶

func (k *SealedKey) Equals(s2 *SealedKey) bool

Equals checks whether s2 has same secret string or not.

func (SealedKey) LogValue ¶

func (s SealedKey) LogValue() slog.Value

func (SealedKey) MarshalJSON ¶

func (k SealedKey) MarshalJSON() ([]byte, error)

MarshalJSON allows Key to be serialized into a JSON string. Only the redact hint is part of the the JSON string.

func (*SealedKey) MarshalText ¶

func (k *SealedKey) MarshalText() ([]byte, error)

MarshalKey implements encoding.KeyMarshaler. It marshals redact string into bytes rather than the actual secret value.

func (*SealedKey) Open ¶

func (k *SealedKey) Open(encryptionKey *Key) (*Key, error)

func (*SealedKey) OpenWithEnclave ¶

func (k *SealedKey) OpenWithEnclave(enclave *memguard.Enclave) (*Key, error)

func (*SealedKey) Raw ¶

func (k *SealedKey) Raw() []byte

func (*SealedKey) Scan ¶

func (s *SealedKey) Scan(src any) error

func (*SealedKey) String ¶

func (k *SealedKey) String() string

String implements the fmt.Stringer interface and returns only the redact hint. This prevents the secret value from being printed to std*, logs etc.

func (*SealedKey) UnmarshalJSON ¶

func (k *SealedKey) UnmarshalJSON(b []byte) error

UnmarshalJSON allows a JSON string to be deserialized into a Key value. DefaultRedact is set as the redact hint.

func (*SealedKey) UnmarshalText ¶

func (k *SealedKey) UnmarshalText(b []byte) error

UnmarshalKey implements encoding.KeyUnmarshaler. It unmarshals b into receiver's new secret value. If redact string is present then it is reused otherwise [DefaultRedact] is used.

func (SealedKey) Value ¶

func (k SealedKey) Value() (driver.Value, error)

type Text ¶

type Text struct {
	// contains filtered or unexported fields
}

Text provides a way to safely store your secret value and a corresponding redact hint. This redact hint what is used in operations like printing and serializing. The default value of Text is usable.

func NewText ¶

func NewText(s string) Text

NewText creates a new Text instance with s as the secret value. Multiple option functions can be passed to alter default behavior.

func (*Text) Equals ¶

func (s *Text) Equals(s2 Text) bool

Equals checks whether s2 has same secret string or not.

func (Text) LogValue ¶

func (s Text) LogValue() slog.Value

func (Text) MarshalJSON ¶

func (s Text) MarshalJSON() ([]byte, error)

MarshalJSON allows Text to be serialized into a JSON string. Only the redact hint is part of the the JSON string.

func (Text) MarshalText ¶

func (s Text) MarshalText() ([]byte, error)

MarshalText implements encoding.TextMarshaler. It marshals redact string into bytes rather than the actual secret value.

func (Text) Raw ¶

func (s Text) Raw() string

Raw gives you access to the actual secret value stored inside Text.

func (*Text) Scan ¶

func (s *Text) Scan(src any) error

func (Text) String ¶

func (s Text) String() string

String implements the fmt.Stringer interface and returns only the redact hint. This prevents the secret value from being printed to std*, logs etc.

func (*Text) UnmarshalJSON ¶

func (s *Text) UnmarshalJSON(b []byte) error

UnmarshalJSON allows a JSON string to be deserialized into a Text value. RedactText is set as the redact hint.

func (*Text) UnmarshalText ¶

func (s *Text) UnmarshalText(b []byte) error

UnmarshalText implements encoding.TextUnmarshaler. It unmarshals b into receiver's new secret value. If redact string is present then it is reused otherwise RedactText is used.

func (Text) Value ¶

func (s Text) Value() (driver.Value, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL