Add AES GCM encryption provider

2025-10-27 17:38:25 +00:00 · 2021-01-07 11:31:54 +02:00
parent d4e84c0433
commit 4af45f7bc9
5 changed files with 180 additions and 4 deletions
--- a/services/secrets/secrets.go
+++ b/services/secrets/secrets.go
@@ -20,7 +20,8 @@ const (
 )

 var (
-	masterKey MasterKeyProvider
+	masterKey   MasterKeyProvider
+	encProvider EncryptionProvider
 )

 // Init initializes master key provider based on settings
@@ -33,6 +34,9 @@ func Init() error {
 	default:
 		return fmt.Errorf("invalid master key provider %v", setting.MasterKeyProvider)
 	}
+
+	encProvider = NewAesEncryptionProvider()
+
 	return nil
 }

@@ -40,3 +44,55 @@ func Init() error {
 func GenerateMasterKey() ([][]byte, error) {
 	return masterKey.GenerateMasterKey()
 }
+
+func Encrypt(secret []byte) ([]byte, error) {
+	key, err := masterKey.GetMasterKey()
+	if err != nil {
+		return nil, err
+	}
+
+	if len(key) == 0 {
+		return secret, nil
+	}
+
+	return encProvider.Encrypt(secret, key)
+}
+
+func EncryptString(secret string) (string, error) {
+	key, err := masterKey.GetMasterKey()
+	if err != nil {
+		return "", err
+	}
+
+	if len(key) == 0 {
+		return secret, nil
+	}
+
+	return encProvider.EncryptString(secret, key)
+}
+
+func Decrypt(enc []byte) ([]byte, error) {
+	key, err := masterKey.GetMasterKey()
+	if err != nil {
+		return nil, err
+	}
+
+	if len(key) == 0 {
+		return enc, nil
+	}
+
+	return encProvider.Decrypt(enc, key)
+}
+
+func DecryptString(enc string) (string, error) {
+	key, err := masterKey.GetMasterKey()
+	if err != nil {
+		return "", err
+	}
+
+	if len(key) == 0 {
+		return enc, nil
+	}
+
+	return encProvider.DecryptString(enc, key)
+}