-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmain.go
More file actions
123 lines (102 loc) · 2.48 KB
/
main.go
File metadata and controls
123 lines (102 loc) · 2.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
package main
import (
"context"
"fmt"
"log"
"net/url"
"os"
"gomodules.xyz/secrets/xkms"
"gocloud.dev/secrets"
"xorm.io/xorm"
"xorm.io/xorm/names"
_ "github.com/lib/pq"
_ "gocloud.dev/secrets/gcpkms"
)
var (
sakeyFile = "/home/tamal/Downloads/ackube-3b7339da1e1e.json"
)
func main() {
if err := demoXormksm(); err != nil {
log.Fatalln(err)
}
}
func demoXormksm() error {
os.Setenv("GOOGLE_APPLICATION_CREDENTIALS", sakeyFile)
driver := "postgres"
ds := fmt.Sprintf("user=%v password=%v host=%v port=%v dbname=%v sslmode=disable",
"gitea", "gitea", "127.0.0.1", 5432, "xorm-demo")
masterKeyURL := fmt.Sprintf("gcpkms://projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s", "ackube", "global", "gitea", "gitea-key")
u := url.URL{
Scheme: xkms.Scheme,
}
q := u.Query()
q.Set("driver", driver)
q.Set("ds", ds)
q.Set("master_key_url", masterKeyURL)
// q.Set("table", driver)
u.RawQuery = q.Encode()
fmt.Println("url", u.String())
x, err := xorm.NewEngine(driver, ds)
if err != nil {
return err
}
x.SetMapper(names.GonicMapper{})
x.ShowSQL(true)
err = x.CreateTables(&xkms.SecretKey{})
if err != nil {
return err
}
err = xkms.Register(u.String(), x)
if err != nil {
return err
}
ctx := context.Background()
u2 := xkms.RotateQuarterly()
keeper, err := secrets.OpenKeeper(ctx, u2)
if err != nil {
return err
}
defer keeper.Close()
err = encdec(keeper, "my name is tamal")
if err != nil {
return err
}
err = encdec(keeper, "my name is xorm")
if err != nil {
return err
}
return nil
}
func encdec(keeper *secrets.Keeper, text string) error {
ctx := context.Background()
cipher, err := keeper.Encrypt(ctx, []byte(text))
if err != nil {
return fmt.Errorf("failed to encrypt: %v", err)
}
pt, err := keeper.Decrypt(ctx, cipher)
if err != nil {
return fmt.Errorf("failed to decrypt: %v", err)
}
fmt.Println(string(pt))
return nil
}
func demoGcpkms() error {
os.Setenv("GOOGLE_APPLICATION_CREDENTIALS", sakeyFile)
ctx := context.Background()
url := fmt.Sprintf("gcpkms://projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s", "ackube", "global", "gitea", "gitea-key")
keeper, err := secrets.OpenKeeper(ctx, url)
if err != nil {
return err
}
defer keeper.Close()
cipher, err := keeper.Encrypt(ctx, []byte("my name is tamal"))
if err != nil {
return fmt.Errorf("failed to encrypt: %v", err)
}
pt, err := keeper.Decrypt(ctx, cipher)
if err != nil {
return fmt.Errorf("failed to decrypt: %v", err)
}
fmt.Println(string(pt))
return nil
}