dyno

package module
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 13, 2024 License: MIT Imports: 13 Imported by: 0

README

Dyno

Go Reference

Encrypt and decrypt DynamoDB primary key attribute values. You can either use AWS KMS (don't manage keys; expensive) or AES with your choice of password.

Use it to send encrypted last evaluated key values that clients can use as cursors to paginate through DynamoDB results.

License

Dyno is available under the terms of the MIT license.

Qube Cinema © 2023

Documentation

Overview

Package dyno provides a simple way to encrypt and decrypt dynamodb items with a KMS key. It is useful for passing sensitive information to a client. For example, the LastEvaluatedKey returned by a dynamodb query can be encrypted and passed to a client. The client can then pass the encrypted LastEvaluatedKey back to the server, which can decrypt it and use it to continue the query.

Example: 

// Create a new AesCrypter
crypter := dyno.NewAesCrypter([]byte("encryption-password"), []byte("salt"))

// Encrypt the lastEvaluatedKey
encryptedLastEvaluatedKey, err := crypter.Encrypt(ctx, map[string]string{
	"clientID": "1234",
}, lastEvaluatedKey)

// Pass the encryptedLastEvaluatedKey to the client in the response

// Client passes the encryptedLastEvaluatedKey back to the server in the next request

// Decrypt the encryptedLastEvaluatedKey
lastEvaluatedKey, err := crypter.Decrypt(ctx, map[string]string{
	"clientID": "1234",
}, encryptedLastEvaluatedKey)

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func WithEncryptionContext 

func WithEncryptionContext(ctx context.Context, ec map[string]string) context.Context

WithEncryptionContext returns a new context with the given AWS KMS encryption context.

Types

type Base64Bytes added in v1.0.1 

type Base64Bytes []byte

Base64Bytes reads a base64 encoded string and decodes it into a byte slice. Use it with the envconfig package to read bytes from an environment variable.

func (*Base64Bytes) Decode added in v1.0.1 

func (b *Base64Bytes) Decode(value string) (err error)

type KeyCrypter added in v1.2.0 

type KeyCrypter interface {
	Encrypt(ctx context.Context, item map[string]types.AttributeValue) (string, error)
	Decrypt(ctx context.Context, item string) (map[string]types.AttributeValue, error)
}

KeyCrypter is an interface that encrypts and decrypts DynamoDB primary key attribute values.

func NewAesCrypter added in v1.2.0 

func NewAesCrypter(password, salt []byte) (KeyCrypter, error)

NewAesCrypter creates a new KeyCrypter that encrypts DynamoDB primary key attributes with AES GCM encryption.

func NewKmsCrypter added in v1.2.0 

func NewKmsCrypter(kmsKeyID string, kmsClient *kms.Client) KeyCrypter

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.