2021-10-01 07:39:57 -05:00
|
|
|
package secrets
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
|
2021-10-12 09:08:07 -05:00
|
|
|
"xorm.io/xorm"
|
2021-10-01 07:39:57 -05:00
|
|
|
)
|
|
|
|
|
|
2021-11-04 11:47:21 -05:00
|
|
|
// Service is an envelope encryption service in charge of encrypting/decrypting secrets.
|
|
|
|
|
// It is a replacement for encryption.Service
|
2021-10-12 09:08:07 -05:00
|
|
|
type Service interface {
|
|
|
|
|
Encrypt(ctx context.Context, payload []byte, opt EncryptionOptions) ([]byte, error)
|
|
|
|
|
Decrypt(ctx context.Context, payload []byte) ([]byte, error)
|
|
|
|
|
EncryptJsonData(ctx context.Context, kv map[string]string, opt EncryptionOptions) (map[string][]byte, error)
|
|
|
|
|
DecryptJsonData(ctx context.Context, sjd map[string][]byte) (map[string]string, error)
|
|
|
|
|
GetDecryptedValue(ctx context.Context, sjd map[string][]byte, key, fallback string) string
|
2021-10-01 07:39:57 -05:00
|
|
|
}
|
|
|
|
|
|
2021-11-04 12:25:01 -05:00
|
|
|
type ProvidersRegistrar interface {
|
|
|
|
|
CurrentProviderID() string
|
|
|
|
|
GetProviders() map[string]Provider
|
|
|
|
|
RegisterProvider(providerID string, provider Provider)
|
|
|
|
|
}
|
|
|
|
|
|
2021-11-04 11:47:21 -05:00
|
|
|
// Store defines methods to interact with secrets storage
|
2021-10-12 09:08:07 -05:00
|
|
|
type Store interface {
|
|
|
|
|
GetDataKey(ctx context.Context, name string) (*DataKey, error)
|
|
|
|
|
GetAllDataKeys(ctx context.Context) ([]*DataKey, error)
|
|
|
|
|
CreateDataKey(ctx context.Context, dataKey DataKey) error
|
|
|
|
|
CreateDataKeyWithDBSession(ctx context.Context, dataKey DataKey, sess *xorm.Session) error
|
|
|
|
|
DeleteDataKey(ctx context.Context, name string) error
|
2021-10-01 07:39:57 -05:00
|
|
|
}
|
|
|
|
|
|
2021-11-04 11:47:21 -05:00
|
|
|
// Provider is a key encryption key provider for envelope encryption
|
2021-10-01 07:39:57 -05:00
|
|
|
type Provider interface {
|
2021-10-07 09:33:50 -05:00
|
|
|
Encrypt(ctx context.Context, blob []byte) ([]byte, error)
|
|
|
|
|
Decrypt(ctx context.Context, blob []byte) ([]byte, error)
|
2021-10-01 07:39:57 -05:00
|
|
|
}
|
