Library designed for symmetric encryption using AWS, GCP or Azure services.
It is recommended to use the DualEncryptor which encrypts the given input using NativeEncryptor and then the secret
key using the given encryptor. You may also want to use CachedEncryptor to avoid decrypting the same value repeatedly.
package main
import (
"context"
"os"
"time"
"github.com/dgraph-io/ristretto/v2"
"github.com/keboola/go-cloud-encrypt/pkg/cloudencrypt"
)
func CreateEncryptor(ctx context.Context) (*cloudencrypt.Encryptor, error) {
config := &ristretto.Config[[]byte, []byte]{
NumCounters: 1e6,
MaxCost: 1 << 20,
BufferItems: 64,
}
cache, err := ristretto.NewCache(config)
if err != nil {
return nil, err
}
var encryptor cloudencrypt.Encryptor
encryptor, err = cloudencrypt.NewGCPEncryptor(ctx, os.Getenv("GCP_KMS_KEY_ID"))
if err != nil {
return nil, err
}
encryptor, err = cloudencrypt.NewDualEncryptor(ctx, encryptor)
if err != nil {
return nil, err
}
encryptor, err = cloudencrypt.NewCachedEncryptor(ctx, encryptor, time.Hour, cache)
if err != nil {
return nil, err
}
return encryptor, nil
}Prerequisites:
- configured access to cloud providers
- installed Azure CLI
az(and runaz login) - installed AWS CLI
aws(and runaws configure --profile YOUR_AWS_PROFILE_NAME) - installed GCP CLI
gcloud(and rungcloud auth loginorgcloud auth application-default login)
- installed Azure CLI
- installed
terraform(https://www.terraform.io) andjq(https://stedolan.github.io/jq) to setup local env - installed
dockerto run & develop the app
export NAME_PREFIX= # your name/nickname to make your resource unique & recognizable
export AWS_PROFILE= # your AWS profile name e.g. Keboola-Dev-KAC-Team-AWSAdministratorAccess
cat <<EOF > ./provisioning/local/terraform.tfvars
name_prefix = "${NAME_PREFIX}"
EOF
terraform -chdir=./provisioning/local init -backend-config="key=go-cloud-encrypt/${NAME_PREFIX}.tfstate"
terraform -chdir=./provisioning/local apply
./provisioning/local/update-env.sh
docker compose run --rm devMIT licensed, see LICENSE file.