Documentation
¶
Overview ¶
Package store provides encrypted storage for OmniVault.
Index ¶
- func GenerateRandomBytes(n int) ([]byte, error)
- type Argon2Params
- type Crypto
- func (c *Crypto) CreateVerificationBlob() (string, error)
- func (c *Crypto) Decrypt(encoded string) ([]byte, error)
- func (c *Crypto) DecryptString(encoded string) (string, error)
- func (c *Crypto) DeriveKey(password string) []byte
- func (c *Crypto) Encrypt(plaintext []byte) (string, error)
- func (c *Crypto) EncryptString(plaintext string) (string, error)
- func (c *Crypto) IsUnlocked() bool
- func (c *Crypto) Lock()
- func (c *Crypto) Params() Argon2Params
- func (c *Crypto) Salt() []byte
- func (c *Crypto) Unlock(password string)
- func (c *Crypto) VerifyPassword(password string, verificationBlob string) bool
- type EncryptedStore
- func (s *EncryptedStore) Capabilities() vault.Capabilities
- func (s *EncryptedStore) ChangePassword(oldPassword, newPassword string) error
- func (s *EncryptedStore) Close() error
- func (s *EncryptedStore) Delete(ctx context.Context, path string) error
- func (s *EncryptedStore) Exists(ctx context.Context, path string) (bool, error)
- func (s *EncryptedStore) Get(ctx context.Context, path string) (*vault.Secret, error)
- func (s *EncryptedStore) Initialize(password string) error
- func (s *EncryptedStore) IsLocked() bool
- func (s *EncryptedStore) List(ctx context.Context, prefix string) ([]string, error)
- func (s *EncryptedStore) Lock() error
- func (s *EncryptedStore) Name() string
- func (s *EncryptedStore) SecretCount() int
- func (s *EncryptedStore) Set(ctx context.Context, path string, secret *vault.Secret) error
- func (s *EncryptedStore) Unlock(password string) error
- func (s *EncryptedStore) UnlockTime() time.Time
- func (s *EncryptedStore) VaultExists() bool
- type VaultData
- type VaultMeta
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateRandomBytes ¶
GenerateRandomBytes generates cryptographically secure random bytes.
Types ¶
type Argon2Params ¶
type Argon2Params struct {
Time uint32 `json:"time"`
Memory uint32 `json:"memory"`
Threads uint8 `json:"threads"`
KeyLen uint32 `json:"key_len"`
}
Argon2Params contains parameters for Argon2id key derivation.
func DefaultArgon2Params ¶
func DefaultArgon2Params() Argon2Params
DefaultArgon2Params returns secure default parameters for Argon2id. These are based on OWASP recommendations for password hashing.
type Crypto ¶
type Crypto struct {
// contains filtered or unexported fields
}
Crypto handles encryption and key derivation for the vault.
func NewCrypto ¶
func NewCrypto(salt []byte, params Argon2Params) (*Crypto, error)
NewCrypto creates a new Crypto instance with the given salt. If salt is nil, a new random salt will be generated.
func (*Crypto) CreateVerificationBlob ¶
CreateVerificationBlob creates an encrypted blob that can be used to verify passwords.
func (*Crypto) DecryptString ¶
DecryptString decrypts base64-encoded ciphertext and returns a string.
func (*Crypto) Encrypt ¶
Encrypt encrypts plaintext using AES-256-GCM. Returns base64-encoded ciphertext (nonce + ciphertext + tag).
func (*Crypto) EncryptString ¶
EncryptString encrypts a string and returns base64-encoded ciphertext.
func (*Crypto) IsUnlocked ¶
IsUnlocked returns true if the vault is unlocked.
func (*Crypto) Params ¶
func (c *Crypto) Params() Argon2Params
Params returns the Argon2 parameters.
type EncryptedStore ¶
type EncryptedStore struct {
// contains filtered or unexported fields
}
EncryptedStore implements vault.Vault with encrypted file storage.
func NewEncryptedStore ¶
func NewEncryptedStore(vaultPath, metaPath string) *EncryptedStore
NewEncryptedStore creates a new encrypted store.
func (*EncryptedStore) Capabilities ¶
func (s *EncryptedStore) Capabilities() vault.Capabilities
Capabilities returns the provider capabilities.
func (*EncryptedStore) ChangePassword ¶
func (s *EncryptedStore) ChangePassword(oldPassword, newPassword string) error
ChangePassword changes the master password.
func (*EncryptedStore) Close ¶
func (s *EncryptedStore) Close() error
Close releases resources and locks the vault.
func (*EncryptedStore) Delete ¶
func (s *EncryptedStore) Delete(ctx context.Context, path string) error
Delete removes a secret from the vault.
func (*EncryptedStore) Initialize ¶
func (s *EncryptedStore) Initialize(password string) error
Initialize creates a new vault with the given master password.
func (*EncryptedStore) IsLocked ¶
func (s *EncryptedStore) IsLocked() bool
IsLocked returns true if the vault is locked.
func (*EncryptedStore) Name ¶
func (s *EncryptedStore) Name() string
Name returns the provider name.
func (*EncryptedStore) SecretCount ¶
func (s *EncryptedStore) SecretCount() int
SecretCount returns the number of secrets in the vault.
func (*EncryptedStore) Unlock ¶
func (s *EncryptedStore) Unlock(password string) error
Unlock unlocks the vault with the master password.
func (*EncryptedStore) UnlockTime ¶
func (s *EncryptedStore) UnlockTime() time.Time
UnlockTime returns when the vault was unlocked.
func (*EncryptedStore) VaultExists ¶
func (s *EncryptedStore) VaultExists() bool
VaultExists returns true if the vault exists on disk.
type VaultData ¶
type VaultData struct {
Secrets map[string]string `json:"secrets"` // path -> encrypted secret JSON
}
VaultData contains encrypted vault data.
type VaultMeta ¶
type VaultMeta struct {
Version int `json:"version"`
CreatedAt time.Time `json:"created_at"`
Salt []byte `json:"salt"`
Argon2Params Argon2Params `json:"argon2_params"`
Verification string `json:"verification"` // Encrypted verification blob
}
VaultMeta contains unencrypted vault metadata.
Source Files