37 lines
1.7 KiB
Markdown
37 lines
1.7 KiB
Markdown
# :secret: Go secret
|
|
|
|
Package secret provides a simple interface for fetching secrets from a secrets provider.
|
|
|
|
The basic interface is:
|
|
|
|
```go
|
|
type Provider interface {
|
|
GetSecret(key string) (value []byte, err error)
|
|
}
|
|
```
|
|
|
|
## :book: Providers
|
|
|
|
This package is targeting the following secrets providers:
|
|
* [x] Environment variables
|
|
* [x] Environment variables files
|
|
* [x] AWS [Key Management Service (KMS)](https://aws.amazon.com/kms/)
|
|
* [x] AWS [Session Manager Parameter Store](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html)
|
|
* [ ] Azure [Key Vault](https://azure.microsoft.com/nl-nl/products/key-vault)
|
|
* [ ] GCP [Secret Manager](https://cloud.google.com/security/products/secret-manager)
|
|
* [x] Hashicorp [Vault ](https://www.hashicorp.com/en/products/vault)
|
|
* [x] Keyring: Linux
|
|
* [x] Keyring: macOS [Keychain Access](https://support.apple.com/en-gb/guide/keychain-access/kyca1083/mac)
|
|
* [x] Keyring: Windows [SecretStore](https://learn.microsoft.com/en-us/powershell/utility-modules/secretmanagement/get-started/using-secretstore)
|
|
|
|
## :unlock: Decryption
|
|
|
|
The secret provider may return encrypted values, which can be transparently descrypted
|
|
by this package.
|
|
|
|
Supported decryption methods:
|
|
* [x] `AES-GCM` (`AES-128-GCM`, `AES-256-GCM`) Authenticated Encryption with Associated Data
|
|
* [x] `RSA-OAEP` Optimal Asymmetric Encryption Padding ([RFC8017](https://www.rfc-editor.org/rfc/rfc8017.html))
|
|
* [x] `RSA-PKCS#1` version 1.5 ([RFC2313](https://www.rfc-editor.org/rfc/rfc2313.html))
|
|
* [x] `ChaCha20-Poly1305` and `XChaCha20-Poly1305` Authenticated Encryption with Associated Data ([RFC8439](https://datatracker.ietf.org/doc/html/rfc8439))
|
|
* [x] `NaCL Secretbox` Secret-key authenticated encryption |