Go Foundation - API Reference

S

struct •

Implements: Store

CipherStore

CipherStore wraps a Store and encrypts values at rest.

pkg/secrets/extras.go:13-16

type CipherStore struct

Methods

Set

Method

Parameters

key string

value []byte

Returns

error

func (*CipherStore) Set(key string, value []byte) error
{
	block, err := aes.NewCipher(c.key)
	if err != nil {
		return err
	}
	gcm, err := cipher.NewGCM(block)
	if err != nil {
		return err
	}
	nonce := make([]byte, gcm.NonceSize())
	if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
		return err
	}
	ciphertext := gcm.Seal(nil, nonce, value, nil)
	return c.store.Set(key, append(nonce, ciphertext...))
}

Get

Method

Parameters

key string

Returns

[]byte

error

func (*CipherStore) Get(key string) ([]byte, error)
{
	data, err := c.store.Get(key)
	if err != nil {
		return nil, err
	}
	block, err := aes.NewCipher(c.key)
	if err != nil {
		return nil, err
	}
	gcm, err := cipher.NewGCM(block)
	if err != nil {
		return nil, err
	}
	nonceSize := gcm.NonceSize()
	if len(data) < nonceSize {
		return nil, errors.New("secrets: ciphertext too short")
	}
	plaintext, err := gcm.Open(nil, data[:nonceSize], data[nonceSize:], nil)
	if err != nil {
		return nil, fmt.Errorf("secrets: decrypt failed: %w", err)
	}
	return plaintext, nil
}

Delete

Method

Parameters

key string

Returns

error

func (*CipherStore) Delete(key string) error
{
	return c.store.Delete(key)
}

Fields

Name	Type	Description
store	Store
key	[]byte

Uses

Store (secrets)

F

function

NewCipherStore

NewCipherStore creates a store that encrypts values with AES-GCM.

Parameters

store

Store

key

[]byte

Returns

*CipherStore

error

pkg/secrets/extras.go:19-24

func NewCipherStore(store Store, key []byte) (*CipherStore, error)

{
	if len(key) != 32 {
		return nil, errors.New("secrets: cipher key must be 32 bytes")
	}
	return &CipherStore{store: store, key: key}, nil
}

Uses

Store (secrets)

S

struct •

Implements: Store

PrefixStore

PrefixStore adds a namespace prefix to keys.

pkg/secrets/extras.go:72-75

type PrefixStore struct

Methods

Set

Method

Parameters

key string

value []byte

Returns

error

func (*PrefixStore) Set(key string, value []byte) error
{
	return p.store.Set(p.prefix+key, value)
}

Get

Method

Parameters

key string

Returns

[]byte

error

func (*PrefixStore) Get(key string) ([]byte, error)
{
	return p.store.Get(p.prefix + key)
}

Delete

Method

Parameters

key string

Returns

error

func (*PrefixStore) Delete(key string) error
{
	return p.store.Delete(p.prefix + key)
}

Fields

Name	Type	Description
store	Store
prefix	string

Uses

Store (secrets)

F

function

NewPrefixStore

NewPrefixStore wraps a Store and prepends the given prefix to all keys.

Parameters

store

Store

prefix

string

Returns

*PrefixStore

pkg/secrets/extras.go:78-80

func NewPrefixStore(store Store, prefix string) *PrefixStore

{
	return &PrefixStore{store: store, prefix: prefix}
}

Uses

Store (secrets)

S

struct •

Implements: Store

FallbackStore

FallbackStore tries the primary store first, then falls back to secondary.

pkg/secrets/extras.go:95-98

type FallbackStore struct

Methods

Set

Method

Parameters

key string

value []byte

Returns

error

func (*FallbackStore) Set(key string, value []byte) error
{
	err := f.primary.Set(key, value)
	if err != nil {
		return f.secondary.Set(key, value)
	}
	return nil
}

Get

Method

Parameters

key string

Returns

[]byte

error

func (*FallbackStore) Get(key string) ([]byte, error)
{
	v, err := f.primary.Get(key)
	if err == nil {
		return v, nil
	}
	return f.secondary.Get(key)
}

Delete

Method

Parameters

key string

Returns

error

func (*FallbackStore) Delete(key string) error
{
	err1 := f.primary.Delete(key)
	err2 := f.secondary.Delete(key)
	if err1 != nil && err2 != nil {
		return err1
	}
	return nil
}

Fields

Name	Type	Description
primary	Store
secondary	Store

Uses

Store (secrets) Store (secrets)

F

function

NewFallbackStore

NewFallbackStore creates a store that tries primary first, then falls back to secondary.

Parameters

primary

Store

secondary

Store

Returns

*FallbackStore

pkg/secrets/extras.go:101-103

func NewFallbackStore(primary, secondary Store) *FallbackStore

{
	return &FallbackStore{primary: primary, secondary: secondary}
}

Uses

Store (secrets) Store (secrets)

I

interface

Store

Store is the shared contract for secret backends.

pkg/secrets/secrets.go:19-23

type Store interface

Methods

Set

Method

Parameters

key string

value []byte

Returns

error

func Set(...)

Get

Method

Parameters

key string

Returns

[]byte

error

func Get(...)

Delete

Method

Parameters

key string

Returns

error

func Delete(...)

S

struct •

Implements: Store

MemoryStore

MemoryStore is a thread-safe in-memory store intended for tests and ephemeral use.

pkg/secrets/secrets.go:26-29

type MemoryStore struct

Methods

Set

Method

Set stores a copy of the provided secret value.

Parameters

key string

value []byte

Returns

error

func (*MemoryStore) Set(key string, value []byte) error
{
	s.mu.Lock()
	defer s.mu.Unlock()
	s.m[key] = append([]byte(nil), value...)
	return nil
}

Get

Method

Get returns a copy of the stored secret value.

Parameters

key string

Returns

[]byte

error

func (*MemoryStore) Get(key string) ([]byte, error)
{
	s.mu.RLock()
	defer s.mu.RUnlock()

	v, ok := s.m[key]
	if !ok {
		return nil, ErrNotFound
	}

	return append([]byte(nil), v...), nil
}

Delete

Method

Delete removes a secret from the in-memory store.

Parameters

key string

Returns

error

func (*MemoryStore) Delete(key string) error
{
	s.mu.Lock()
	defer s.mu.Unlock()
	delete(s.m, key)
	return nil
}

Fields

Name	Type	Description
mu	sync.RWMutex
m	map[string][]byte

F

function

NewMemoryStore

NewMemoryStore creates a new in-memory store.

Returns

*MemoryStore

pkg/secrets/secrets.go:32-34

func NewMemoryStore() *MemoryStore

{
	return &MemoryStore{m: make(map[string][]byte)}
}

S

struct •

Implements: Store

EnvStore

EnvStore provides read-only access to environment variables.

pkg/secrets/secrets.go:66-66

type EnvStore struct

Methods

Set

Method

Set reports that environment-backed stores are read-only.

Parameters

key string

value []byte

Returns

error

func (*EnvStore) Set(key string, value []byte) error
{
	return ErrReadOnly
}

Get

Method

Get returns the environment variable value for the provided key.

Parameters

key string

Returns

[]byte

error

func (*EnvStore) Get(key string) ([]byte, error)
{
	v, ok := os.LookupEnv(key)
	if !ok {
		return nil, ErrNotFound
	}
	return []byte(v), nil
}

Delete

Method

Delete reports that environment-backed stores are read-only.

Parameters

key string

Returns

error

func (*EnvStore) Delete(key string) error
{
	return ErrReadOnly
}

F

function

NewEnvStore

NewEnvStore creates a new environment-backed secret store.

Returns

*EnvStore

pkg/secrets/secrets.go:69-71

func NewEnvStore() *EnvStore

{
	return &EnvStore{}
}

S

struct •

Implements: Store

VaultStore

VaultStore is a placeholder for an external secret manager implementation.

pkg/secrets/secrets.go:93-93

type VaultStore struct

Methods

Set

Method

Set reports that the placeholder Vault store is not implemented yet.

Parameters

key string

value []byte

Returns

error

func (*VaultStore) Set(key string, value []byte) error
{
	return ErrNotImplemented
}

Get

Method

Get reports that the placeholder Vault store is not implemented yet.

Parameters

key string

Returns

[]byte

error

func (*VaultStore) Get(key string) ([]byte, error)
{
	return nil, ErrNotImplemented
}

Delete

Method

Delete reports that the placeholder Vault store is not implemented yet.

Parameters

key string

Returns

error

func (*VaultStore) Delete(key string) error
{
	return ErrNotImplemented
}

F

function

NewVaultStore

NewVaultStore creates a placeholder Vault-backed store.

Returns

*VaultStore

pkg/secrets/secrets.go:96-98

func NewVaultStore() *VaultStore

{
	return &VaultStore{}
}

extras.go

secrets.go

secrets

Imports

CipherStore

Methods

Parameters

Returns

Parameters

Returns

Parameters

Returns

Fields

Uses

NewCipherStore

Parameters

Returns

Uses

PrefixStore

Methods

Parameters

Returns

Parameters

Returns

Parameters

Returns

Fields

Uses

NewPrefixStore

Parameters

Returns

Uses

FallbackStore

Methods

Parameters

Returns

Parameters

Returns

Parameters

Returns

Fields

Uses

NewFallbackStore

Parameters

Returns

Uses

Store

Methods

Parameters

Returns

Parameters

Returns

Parameters

Returns

MemoryStore

Methods

Parameters

Returns

Parameters

Returns

Parameters

Returns

Fields

NewMemoryStore

Returns

EnvStore

Methods

Parameters

Returns

Parameters

Returns

Parameters

Returns

NewEnvStore

Returns

VaultStore

Methods

Parameters

Returns

Parameters