Documentation ¶
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var AllocTimer = metrics.GetOrRegisterTimer("secret.protectedmemory.alloctimer", nil)
AllocTimer is used to record the time taken to allocate a secret.
Functions ¶
This section is empty.
Types ¶
type Secret ¶
type Secret struct {
// contains filtered or unexported fields
}
Secret contains sensitive memory and stores data in protected page(s) in memory. Always call close after use to avoid memory leaks.
func (*Secret) IsClosed ¶
IsClosed returns true if the underlying data container has already been closed
func (*Secret) WithBytes ¶
WithBytes makes the underlying bytes readable and passes them to the function provided. A reference MUST not be kept to the bytes passed to the function as the underlying array will no longer be readable after the function exits. WithBytes panics if it is not able to update the access protection of the data region's memory pages as needed.
Example ¶
package main import ( "fmt" "github.com/nikoo28/test-go/languages/go/securememory/protectedmemory" ) func main() { factory := new(protectedmemory.SecretFactory) secret, err := factory.CreateRandom(32) if err != nil { panic("unexpected error!") } defer secret.Close() err = secret.WithBytes(func(bytes []byte) error { // You obviously shouldn't ever print a secret but this is just an example fmt.Printf("my original secret: %s", string(bytes)) return nil }) if err != nil { panic("unexpected error!") } }
Output:
func (*Secret) WithBytesFunc ¶
WithBytesFunc makes the underlying bytes readable and passes them to the function provided. A reference MUST not be kept to the bytes passed to the function as the underlying array will no longer be readable after the function exits. WithBytesFunc panics if it is not able to update the access protection of the data region's memory pages as needed.
Example ¶
package main import ( "encoding/base64" "fmt" "github.com/nikoo28/test-go/languages/go/securememory/protectedmemory" ) func main() { factory := new(protectedmemory.SecretFactory) secret, err := factory.CreateRandom(32) if err != nil { panic("unexpected error!") } defer secret.Close() // In this example we're encoding our underlying secret data using base64 encryptedBytes, err := secret.WithBytesFunc(func(bytes []byte) ([]byte, error) { return []byte(base64.StdEncoding.EncodeToString(bytes)), nil }) if err != nil { panic("unexpected error!") } fmt.Printf("my encrypted payload is: %s", string(encryptedBytes)) }
Output:
type SecretFactory ¶
type SecretFactory struct { }
SecretFactory is used to create protected memory based Secret implementations.
func (SecretFactory) CreateRandom ¶
func (s SecretFactory) CreateRandom(size int) (securememory.Secret, error)
CreateRandom returns a protected memory backed Secret that contains a random byte slice of the specified size.
Example ¶
package main import ( "github.com/nikoo28/test-go/languages/go/securememory/protectedmemory" ) func main() { factory := new(protectedmemory.SecretFactory) secret, err := factory.CreateRandom(32) if err != nil { panic("unexpected error!") } defer secret.Close() // do something with the secret... }
Output:
func (SecretFactory) New ¶
func (s SecretFactory) New(b []byte) (securememory.Secret, error)
New takes in a byte slice and returns a protected memory backed Secret containing that data. The underlying array will be wiped after the function exits.
Example ¶
package main import ( "github.com/nikoo28/test-go/languages/go/securememory/protectedmemory" ) func main() { factory := new(protectedmemory.SecretFactory) secret, err := factory.New([]byte("some really secret value")) if err != nil { panic("unexpected error!") } defer secret.Close() // do something with the secret... }
Output: