local

package

v0.0.11 Latest Latest Go to latest Published: Dec 28, 2025 License: MIT Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/bignyap/go-utilities

Links

Open Source Insights

Documentation ¶

Overview ¶

Package local provides a local in-memory KMS provider for development WARNING: This should NOT be used in production as keys are stored in memory and will be lost on restart

Index ¶

Constants
type LocalKMSProvider
- func NewLocalKMSProvider(cfg config.LocalConfig) (*LocalKMSProvider, error)

Constants ¶

View Source

const (
	// KeySize is the size of AES-256 keys in bytes
	KeySize = 32
	// NonceSize is the size of GCM nonce in bytes
	NonceSize = 12
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type LocalKMSProvider ¶

type LocalKMSProvider struct {
	// contains filtered or unexported fields
}

LocalKMSProvider implements KMSProvider for local development Keys are stored in memory and will be lost on restart

func NewLocalKMSProvider ¶

func NewLocalKMSProvider(cfg config.LocalConfig) (*LocalKMSProvider, error)

NewLocalKMSProvider creates a new local KMS provider A new KEK is generated on each instantiation

func (*LocalKMSProvider) Close ¶

func (p *LocalKMSProvider) Close() error

Close releases any resources held by the provider

func (*LocalKMSProvider) GenerateDEK ¶

func (p *LocalKMSProvider) GenerateDEK(ctx context.Context) (plaintext []byte, wrapped []byte, err error)

GenerateDEK generates a new Data Encryption Key Returns both the plaintext DEK and the wrapped (encrypted) DEK

func (*LocalKMSProvider) GetKeyID ¶

func (p *LocalKMSProvider) GetKeyID() string

GetKeyID returns the current key identifier

func (*LocalKMSProvider) RotateKey ¶

func (p *LocalKMSProvider) RotateKey(ctx context.Context) error

RotateKey generates a new KEK version Note: This is simplified for development; real key rotation would need to handle re-encryption of existing wrapped DEKs

func (*LocalKMSProvider) UnwrapDEK ¶

func (p *LocalKMSProvider) UnwrapDEK(ctx context.Context, wrapped []byte) ([]byte, error)

UnwrapDEK unwraps (decrypts) a wrapped DEK using the KEK

func (*LocalKMSProvider) WrapDEK ¶

func (p *LocalKMSProvider) WrapDEK(ctx context.Context, plaintext []byte) ([]byte, error)

WrapDEK wraps (encrypts) a DEK using the KEK with AES-256-GCM

Source Files ¶

View all Source files

local.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL