first commit
This commit is contained in:
87
framework/configstore/tables/encryption.go
Normal file
87
framework/configstore/tables/encryption.go
Normal file
@@ -0,0 +1,87 @@
|
||||
package tables
|
||||
|
||||
import (
|
||||
"github.com/maximhq/bifrost/core/schemas"
|
||||
"github.com/maximhq/bifrost/framework/encrypt"
|
||||
)
|
||||
|
||||
const (
|
||||
// EncryptionStatusPlainText indicates the row's sensitive fields are stored as plaintext.
|
||||
EncryptionStatusPlainText = "plain_text"
|
||||
// EncryptionStatusEncrypted indicates the row's sensitive fields have been encrypted.
|
||||
EncryptionStatusEncrypted = "encrypted"
|
||||
)
|
||||
|
||||
// encryptEnvVar encrypts the Val field of an EnvVar in place using AES-256-GCM.
|
||||
// It is a no-op if the field is nil, references an environment variable, or has an empty value.
|
||||
func encryptEnvVar(field *schemas.EnvVar) error {
|
||||
if field == nil || field.IsFromEnv() || field.GetValue() == "" {
|
||||
return nil
|
||||
}
|
||||
encrypted, err := encrypt.Encrypt(field.Val)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
field.Val = encrypted
|
||||
return nil
|
||||
}
|
||||
|
||||
// decryptEnvVar decrypts the Val field of an EnvVar in place using AES-256-GCM.
|
||||
// It is a no-op if the field is nil, references an environment variable, or has an empty value.
|
||||
func decryptEnvVar(field *schemas.EnvVar) error {
|
||||
if field == nil || field.IsFromEnv() || field.GetValue() == "" {
|
||||
return nil
|
||||
}
|
||||
decrypted, err := encrypt.Decrypt(field.Val)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
field.Val = decrypted
|
||||
return nil
|
||||
}
|
||||
|
||||
// encryptEnvVarPtr encrypts the Val field of a pointer-to-EnvVar in place.
|
||||
// It is a no-op if the pointer or the EnvVar it points to is nil.
|
||||
func encryptEnvVarPtr(field **schemas.EnvVar) error {
|
||||
if field == nil || *field == nil {
|
||||
return nil
|
||||
}
|
||||
return encryptEnvVar(*field)
|
||||
}
|
||||
|
||||
// decryptEnvVarPtr decrypts the Val field of a pointer-to-EnvVar in place.
|
||||
// It is a no-op if the pointer or the EnvVar it points to is nil.
|
||||
func decryptEnvVarPtr(field **schemas.EnvVar) error {
|
||||
if field == nil || *field == nil {
|
||||
return nil
|
||||
}
|
||||
return decryptEnvVar(*field)
|
||||
}
|
||||
|
||||
// encryptString encrypts the string pointed to by value in place using AES-256-GCM.
|
||||
// It is a no-op if the pointer is nil or the string is empty.
|
||||
func encryptString(value *string) error {
|
||||
if value == nil || *value == "" {
|
||||
return nil
|
||||
}
|
||||
encrypted, err := encrypt.Encrypt(*value)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
*value = encrypted
|
||||
return nil
|
||||
}
|
||||
|
||||
// decryptString decrypts the string pointed to by value in place using AES-256-GCM.
|
||||
// It is a no-op if the pointer is nil or the string is empty.
|
||||
func decryptString(value *string) error {
|
||||
if value == nil || *value == "" {
|
||||
return nil
|
||||
}
|
||||
decrypted, err := encrypt.Decrypt(*value)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
*value = decrypted
|
||||
return nil
|
||||
}
|
||||
Reference in New Issue
Block a user