config

package

v1.8.0 Latest Latest Go to latest Published: Mar 4, 2026 License: MIT Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/envcrypts/envcrypt-cli

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func Load() error
func SaveBackendURL(url string) error
type AddEnvRequest
type AddEnvResponse
type AddUserToProjectRequest
type AddUserToProjectResponse
type Argon2idParams
type AuditEntry
type CreateRequestBody
type CreateResponseBody
type EncryptedPrivateKey
type EnvResponse
type GetEnvForCIRequest
type GetEnvForCIResponse
type GetEnvRequest
type GetEnvResponse
type GetEnvVersionsRequest
type GetEnvVersionsResponse
type GetMemberProjectRequest
type GetMemberProjectResponse
type GetProjectByNameResponse
type GetProjectByRepo
type GetUserProjectRequest
type GetUserProjectResponse
type GithubOIDCLoginRequest
type GithubOIDCLoginResponse
type KeyPair
type ListProjectRequest
type ListProjectResponse
type LoginRequestBody
type LoginResponseBody
type LogoutRequestBody
type LogoutResponseBody
type MemberPublicKey
type Metadata
type NewWrappedDEK
type Project
type ProjectAuditPagination
type ProjectAuditRequest
type ProjectAuditResponse
type ProjectCreateRequest
type ProjectCreateResponse
type ProjectDeleteRequest
type ProjectDeleteResponse
type RecoveryCompleteRequest
type RecoveryCompleteResponse
type RecoveryInitRequest
type RecoveryInitResponse
type RefreshRequestBody
type RefreshResponseBody
type RotateCommitRequest
type RotateCommitResponse
type RotateInitRequest
type RotateInitResponse
type ServiceRole
type ServiceRoleCreateRequest
type ServiceRoleCreateResponse
type ServiceRoleDelegateRequest
type ServiceRoleDelegateResponse
type ServiceRoleDeleteRequest
type ServiceRoleDeleteResponse
type ServiceRoleGetRequest
type ServiceRoleGetResponse
type ServiceRoleKeyPair
type ServiceRoleListRequest
type ServiceRoleListResponse
type ServiceRolePermsRequest
type ServiceRolePermsResponse
type ServiceRollProjectKeyRequest
type ServiceRollProjectKeyResponse
type SessionBody
type SetAccessRequest
type SetAccessResponse
type Snapshot
type SnapshotEnvVersion
type SnapshotExportRequest
type SnapshotExportResponse
type SnapshotImportRequest
type SnapshotImportResponse
type SnapshotMember
type SnapshotProjectMetadata
type UserBody
type UserKeyRequestBody
type UserKeyResponseBody
type WrappedDEK
type WrappedKey

Constants ¶

This section is empty.

Variables ¶

View Source

var DefaultArgon2Params = Argon2idParams{
	Time:        3,
	Memory:      64 * 1024,
	Parallelism: 1,
	KeyLength:   32,
}

Functions ¶

func Load ¶

func Load() error

func SaveBackendURL ¶ added in v1.6.0

func SaveBackendURL(url string) error

Types ¶

type AddEnvRequest ¶

type AddEnvRequest struct {
	ProjectId uuid.UUID `json:"project_id"`
	UserId    uuid.UUID `json:"user_id"`

	EnvName           string `json:"env_name"`
	CipherText        []byte `json:"cipher_text"`
	Nonce             []byte `json:"nonce"`
	WrappedDEK        []byte `json:"wrapped_dek,omitempty"`
	DekNonce          []byte `json:"dek_nonce,omitempty"`
	EncryptionVersion int32  `json:"encryption_version"`

	Metadata Metadata `json:"metadata"`
}

type AddEnvResponse ¶

type AddEnvResponse struct {
	Message string `json:"message"`
}

type AddUserToProjectRequest ¶

type AddUserToProjectRequest struct {
	ProjectName        string    `json:"project_name"`
	AdminId            uuid.UUID `json:"admin_id"`
	UserId             uuid.UUID `json:"user_id"`
	WrappedPRK         []byte    `json:"wrapped_prk"`
	WrapNonce          []byte    `json:"wrap_nonce"`
	EphemeralPublicKey []byte    `json:"ephemeral_public_key"`
}

type AddUserToProjectResponse ¶

type AddUserToProjectResponse struct {
	Message string `json:"message"`
}

type Argon2idParams ¶

type Argon2idParams struct {
	Time        uint32 `json:"time"`
	Memory      uint32 `json:"memory"`
	Parallelism uint8  `json:"parallelism"`
	KeyLength   uint32 `json:"key_length"`
}

type AuditEntry ¶ added in v1.5.0

type AuditEntry struct {
	CreatedAt    time.Time `json:"timestamp"`
	ActorEmail   string    `json:"actor_email"`
	Action       string    `json:"action"`
	Status       string    `json:"status"`
	Environment  *string   `json:"environment,omitempty"`
	ErrorMessage string    `json:"error_message,omitempty"`
}

type CreateRequestBody ¶

type CreateRequestBody struct {
	Email    string `json:"email"`
	Password string `json:"password"`

	PublicKey               []byte `json:"public_key"`
	EncryptedUserPrivateKey []byte `json:"encrypted_user_private_key"`
	PrivateKeySalt          []byte `json:"private_key_salt"`
	PrivateKeyNonce         []byte `json:"private_key_nonce"`

	RecoveryPrivateKey []byte `json:"recovery_encrypted_private_key"`
	RecoverySalt       []byte `json:"recovery_kdf_salt"`
	RecoveryNonce      []byte `json:"recovery_nonce"`
}

type CreateResponseBody ¶

type CreateResponseBody struct {
	Message string      `json:"message"`
	User    UserBody    `json:"user"`
	Session SessionBody `json:"session"`
}

type EncryptedPrivateKey ¶

type EncryptedPrivateKey struct {
	EncryptedUserPrivateKey []byte `json:"encrypted_user_private_key"`
	PrivateKeySalt          []byte `json:"private_key_salt"`
	PrivateKeyNonce         []byte `json:"private_key_nonce"`
}

type EnvResponse ¶

type EnvResponse struct {
	CipherText        []byte   `json:"cipher_text"`
	Nonce             []byte   `json:"nonce"`
	WrappedDEK        []byte   `json:"wrapped_dek,omitempty"`
	DekNonce          []byte   `json:"dek_nonce,omitempty"`
	EncryptionVersion int32    `json:"encryption_version"`
	Version           int32    `json:"version"`
	Metadata          Metadata `json:"metadata"`
}

type GetEnvForCIRequest ¶

type GetEnvForCIRequest struct {
	ProjectId uuid.UUID `json:"project_id"`
	EnvName   string    `json:"env_name"`
}

type GetEnvForCIResponse ¶

type GetEnvForCIResponse struct {
	CipherText        []byte `json:"cipher_text"`
	Nonce             []byte `json:"nonce"`
	WrappedDEK        []byte `json:"wrapped_dek,omitempty"`
	DekNonce          []byte `json:"dek_nonce,omitempty"`
	EncryptionVersion int32  `json:"encryption_version"`
}

type GetEnvRequest ¶

type GetEnvRequest struct {
	ProjectId uuid.UUID `json:"project_id"`
	Email     string    `json:"user_email"`

	EnvName string `json:"env_name"`
	Version *int32 `json:"version"`
}

type GetEnvResponse ¶

type GetEnvResponse struct {
	CipherText        []byte `json:"cipher_text"`
	Nonce             []byte `json:"nonce"`
	WrappedDEK        []byte `json:"wrapped_dek,omitempty"`
	DekNonce          []byte `json:"dek_nonce,omitempty"`
	EncryptionVersion int32  `json:"encryption_version"`
}

type GetEnvVersionsRequest ¶

type GetEnvVersionsRequest struct {
	ProjectId uuid.UUID `json:"project_id"`
	Email     string    `json:"user_email"`

	EnvName string `json:"env_name"`
}

type GetEnvVersionsResponse ¶

type GetEnvVersionsResponse struct {
	EnvVersions []EnvResponse `json:"env_versions"`
}

type GetMemberProjectRequest ¶

type GetMemberProjectRequest struct {
	ProjectName string    `json:"project_name"`
	UserId      uuid.UUID `json:"user_id"`
}

type GetMemberProjectResponse ¶

type GetMemberProjectResponse struct {
	ProjectId          uuid.UUID `json:"project_id"`
	WrappedPRK         []byte    `json:"wrapped_prk"`
	WrapNonce          []byte    `json:"wrap_nonce"`
	EphemeralPublicKey []byte    `json:"ephemeral_public_key"`
}

type GetProjectByNameResponse ¶

type GetProjectByNameResponse struct {
	ProjectID uuid.UUID `json:"project_id"`
}

type GetProjectByRepo ¶

type GetProjectByRepo struct {
	RepoPrincipal string `json:"repo_principal"`
}

type GetUserProjectRequest ¶

type GetUserProjectRequest struct {
	ProjectName string    `json:"project_name"`
	UserId      uuid.UUID `json:"user_id"`
}

type GetUserProjectResponse ¶

type GetUserProjectResponse struct {
	ProjectId          uuid.UUID `json:"project_id"`
	WrappedPRK         []byte    `json:"wrapped_prk"`
	WrapNonce          []byte    `json:"wrap_nonce"`
	EphemeralPublicKey []byte    `json:"ephemeral_public_key"`
}

type GithubOIDCLoginRequest ¶

type GithubOIDCLoginRequest struct {
	IDToken string `json:"id_token"`
}

GithubOIDCLoginRequest POST /oidc/github

type GithubOIDCLoginResponse ¶

type GithubOIDCLoginResponse struct {
	SessionID uuid.UUID `json:"session_id"`
	ProjectID uuid.UUID `json:"project_id"`
}

type KeyPair ¶

type KeyPair struct {
	PublicKey  []byte              `json:"public_key"`
	PrivateKey []byte              `json:"private_key"`
	EncKey     EncryptedPrivateKey `json:"encrypted_private_key"`

	RecoveryKey    string              `json:"-"`
	RecoveryEncKey EncryptedPrivateKey `json:"recovery_encrypted_private_key"`
}

type ListProjectRequest ¶

type ListProjectRequest struct {
	UserId uuid.UUID `json:"user_id"`
}

type ListProjectResponse ¶

type ListProjectResponse struct {
	Projects []Project `json:"projects"`
}

type LoginRequestBody ¶

type LoginRequestBody struct {
	Email    string `json:"email"`
	Password string `json:"password"`
}

type LoginResponseBody ¶

type LoginResponseBody struct {
	Message string      `json:"message"`
	User    UserBody    `json:"user"`
	Session SessionBody `json:"session"`
}

type LogoutRequestBody ¶

type LogoutRequestBody struct {
	UserID uuid.UUID `json:"user_id"`
}

type LogoutResponseBody ¶

type LogoutResponseBody struct {
	Message string `json:"message"`
}

type MemberPublicKey ¶ added in v1.2.0

type MemberPublicKey struct {
	UserID    uuid.UUID `json:"user_id"`
	PublicKey []byte    `json:"public_key"`
}

type Metadata ¶

type Metadata struct {
	Type string `json:"type"`
}

type NewWrappedDEK ¶ added in v1.2.0

type NewWrappedDEK struct {
	EnvVersionID  uuid.UUID `json:"env_version_id"`
	NewWrappedDEK []byte    `json:"new_wrapped_dek"`
	NewDekNonce   []byte    `json:"new_dek_nonce"`
}

type Project ¶

type Project struct {
	Id        uuid.UUID `json:"project_id"`
	Name      string    `json:"name"`
	Role      string    `json:"role"`
	IsRevoked bool      `json:"is_revoked"`
}

type ProjectAuditPagination ¶ added in v1.5.0

type ProjectAuditPagination struct {
	Limit  int `json:"limit"`
	Offset int `json:"offset"`
	Total  int `json:"total"`
}

type ProjectAuditRequest ¶ added in v1.5.0

type ProjectAuditRequest struct {
	ProjectID  string `json:"project_id"`
	Limit      int    `json:"limit"`
	Offset     int    `json:"offset"`
	ActorEmail string `json:"actor_email,omitempty"`
	Action     string `json:"action,omitempty"`
	Status     string `json:"status,omitempty"`
	From       string `json:"from,omitempty"`
	To         string `json:"to,omitempty"`
}

type ProjectAuditResponse ¶ added in v1.5.0

type ProjectAuditResponse struct {
	Logs       []AuditEntry           `json:"logs"`
	Pagination ProjectAuditPagination `json:"pagination"`
}

type ProjectCreateRequest ¶

type ProjectCreateRequest struct {
	Name               string    `json:"name"`
	UserId             uuid.UUID `json:"user_id"`
	WrappedPRK         []byte    `json:"wrapped_prk"`
	WrapNonce          []byte    `json:"wrap_nonce"`
	EphemeralPublicKey []byte    `json:"ephemeral_public_key"`
}

type ProjectCreateResponse ¶

type ProjectCreateResponse struct {
	Message string `json:"message"`
}

type ProjectDeleteRequest ¶

type ProjectDeleteRequest struct {
	ProjectName string    `json:"project_name"`
	UserId      uuid.UUID `json:"user_id"`
}

type ProjectDeleteResponse ¶

type ProjectDeleteResponse struct {
	Message string `json:"message"`
}

type RecoveryCompleteRequest ¶ added in v1.8.0

type RecoveryCompleteRequest struct {
	Email                   string `json:"email"`
	Password                string `json:"password"` // The new password for authentication
	EncryptedUserPrivateKey []byte `json:"encrypted_user_private_key"`
	PrivateKeySalt          []byte `json:"private_key_salt"`
	PrivateKeyNonce         []byte `json:"private_key_nonce"`
}

type RecoveryCompleteResponse ¶ added in v1.8.0

type RecoveryCompleteResponse struct {
	Message string `json:"message"`
}

type RecoveryInitRequest ¶ added in v1.8.0

type RecoveryInitRequest struct {
	Email string `json:"email"`
}

type RecoveryInitResponse ¶ added in v1.8.0

type RecoveryInitResponse struct {
	RecoveryPrivateKey []byte `json:"recovery_encrypted_private_key"`
	RecoverySalt       []byte `json:"recovery_kdf_salt"`
	RecoveryNonce      []byte `json:"recovery_nonce"`
}

type RefreshRequestBody ¶

type RefreshRequestBody struct {
	UserID uuid.UUID `json:"user_id"`
}

type RefreshResponseBody ¶

type RefreshResponseBody struct {
	Message string      `json:"message"`
	Session SessionBody `json:"session"`
}

type RotateCommitRequest ¶ added in v1.2.0

type RotateCommitRequest struct {
	ProjectID          uuid.UUID       `json:"project_id"`
	UserID             uuid.UUID       `json:"user_id"`
	ExpectedPRKVersion int32           `json:"expected_prk_version"`
	NewWrappedPRKs     []WrappedKey    `json:"new_wrapped_prks"`
	NewWrappedDEKs     []NewWrappedDEK `json:"new_wrapped_deks"`
}

type RotateCommitResponse ¶ added in v1.2.0

type RotateCommitResponse struct {
	NewPRKVersion int32 `json:"new_prk_version"`
}

type RotateInitRequest ¶ added in v1.2.0

type RotateInitRequest struct {
	ProjectID uuid.UUID `json:"project_id"`
	UserID    uuid.UUID `json:"user_id"`
}

type RotateInitResponse ¶ added in v1.2.0

type RotateInitResponse struct {
	WrappedPRKs      []WrappedKey      `json:"wrapped_prks"`
	WrappedDEKs      []WrappedDEK      `json:"wrapped_deks"`
	MemberPublicKeys []MemberPublicKey `json:"member_public_keys"`
	PRKVersion       int32             `json:"prk_version"`
}

type ServiceRole ¶

type ServiceRole struct {
	ID   uuid.UUID `json:"id"`
	Name string    `json:"name"`

	ServiceRolePublicKey []byte `json:"service_role_public_key"`
	RepoPrincipal        string `json:"repo_principal"`

	CreatedBy uuid.UUID `json:"created_by"`
	CreatedAt time.Time `json:"created_at"`
}

type ServiceRoleCreateRequest ¶

type ServiceRoleCreateRequest struct {
	ServiceRoleName string `json:"service_role_name"`

	ServiceRolePublicKey []byte `json:"service_role_public_key"`

	RepoPrincipal string    `json:"repo_principal"`
	CreatedBy     uuid.UUID `json:"created_by"`
}

ServiceRoleCreateRequest POST /service_role/create

type ServiceRoleCreateResponse ¶

type ServiceRoleCreateResponse struct {
	Message     string      `json:"message"`
	ServiceRole ServiceRole `json:"service_role"`
}

type ServiceRoleDelegateRequest ¶

type ServiceRoleDelegateRequest struct {
	RepoPrincipal string `json:"repo_principal"`

	ProjectId uuid.UUID `json:"project_id"`
	EnvName   string    `json:"env_name"`

	WrappedPRK         []byte `json:"wrapped_prk"`
	WrapNonce          []byte `json:"wrap_nonce"`
	EphemeralPublicKey []byte `json:"ephemeral_public_key"`

	DelegatedBy uuid.UUID `json:"delegated_by"`
}

ServiceRoleDelegateRequest POST /service_role/delegate

type ServiceRoleDelegateResponse ¶

type ServiceRoleDelegateResponse struct {
	Message string `json:"message"`
}

type ServiceRoleDeleteRequest ¶

type ServiceRoleDeleteRequest struct {
	ServiceRoleId uuid.UUID `json:"service_role_id"`
	CreatedBy     uuid.UUID `json:"created_by"`
}

ServiceRoleDeleteRequest POST /service_role/delete

type ServiceRoleDeleteResponse ¶

type ServiceRoleDeleteResponse struct {
	Message string `json:"message"`
}

type ServiceRoleGetRequest ¶

type ServiceRoleGetRequest struct {
	RepoPrincipal string `json:"repo_principal"`
}

ServiceRoleGetRequest POST /service_role/get

type ServiceRoleGetResponse ¶

type ServiceRoleGetResponse struct {
	ServiceRole ServiceRole `json:"service_role"`
	Message     string      `json:"message"`
}

type ServiceRoleKeyPair ¶

type ServiceRoleKeyPair struct {
	PublicKey  []byte `json:"public_key"`
	PrivateKey []byte `json:"private_key"`
}

type ServiceRoleListRequest ¶

type ServiceRoleListRequest struct {
	CreatedBy uuid.UUID `json:"created_by"`
}

type ServiceRoleListResponse ¶

type ServiceRoleListResponse struct {
	ServiceRoles []ServiceRole `json:"services"`
}

type ServiceRolePermsRequest ¶

type ServiceRolePermsRequest struct {
	RepoPrincipal string `json:"repo_principal"`
}

ServiceRolePermsRequest POST /service_role/perms

type ServiceRolePermsResponse ¶

type ServiceRolePermsResponse struct {
	ProjectID   uuid.UUID `json:"project_id"`
	ProjectName string    `json:"project_name"`
	Env         string    `json:"env"`
}

type ServiceRollProjectKeyRequest ¶

type ServiceRollProjectKeyRequest struct {
	ProjectID uuid.UUID `json:"project_id"`
	SessionID uuid.UUID `json:"session_id"`
	Env       string    `json:"env"`
}

ServiceRollProjectKeyRequest POST /service_role/project-key

type ServiceRollProjectKeyResponse ¶

type ServiceRollProjectKeyResponse struct {
	ProjectId          uuid.UUID `json:"project_id"`
	WrappedPRK         []byte    `json:"wrapped_prk"`
	WrapNonce          []byte    `json:"wrap_nonce"`
	EphemeralPublicKey []byte    `json:"ephemeral_public_key"`
}

type SessionBody ¶

type SessionBody struct {
	AccessToken  uuid.UUID `json:"access_token"`
	RefreshToken uuid.UUID `json:"refresh_token"`
	ExpiresIn    int       `json:"expires_in"`
}

type SetAccessRequest ¶

type SetAccessRequest struct {
	ProjectName string    `json:"project_name"`
	UserEmail   string    `json:"user_email"`
	AdminId     uuid.UUID `json:"admin_id"`
	IsRevoked   bool      `json:"is_revoked"`
}

type SetAccessResponse ¶

type SetAccessResponse struct {
	Message string `json:"message"`
}

type Snapshot ¶ added in v1.3.0

type Snapshot struct {
	Metadata    SnapshotProjectMetadata `json:"metadata"`
	Members     []SnapshotMember        `json:"members"`
	EnvVersions []SnapshotEnvVersion    `json:"env_versions"`
}

type SnapshotEnvVersion ¶ added in v1.3.0

type SnapshotEnvVersion struct {
	EnvVersionID      uuid.UUID `json:"env_version_id"`
	EnvName           string    `json:"env_name"`
	Version           int32     `json:"version"`
	Ciphertext        []byte    `json:"ciphertext"`
	Nonce             []byte    `json:"nonce"`
	WrappedDEK        []byte    `json:"wrapped_dek"`
	DekNonce          []byte    `json:"dek_nonce"`
	EncryptionVersion int32     `json:"encryption_version"`
	CreatedAt         time.Time `json:"created_at"`
	CreatedBy         uuid.UUID `json:"created_by"`
	Metadata          []byte    `json:"metadata"`
}

type SnapshotExportRequest ¶ added in v1.3.0

type SnapshotExportRequest struct {
	ProjectName string    `json:"project_name"`
	UserID      uuid.UUID `json:"user_id"`
}

type SnapshotExportResponse ¶ added in v1.3.0

type SnapshotExportResponse struct {
	Snapshot Snapshot `json:"snapshot"`
	Checksum string   `json:"checksum"`
}

type SnapshotImportRequest ¶ added in v1.3.0

type SnapshotImportRequest struct {
	NewProjectName string    `json:"new_project_name"`
	UserID         uuid.UUID `json:"user_id"`
	Snapshot       Snapshot  `json:"snapshot"`
	Checksum       string    `json:"checksum"`
}

type SnapshotImportResponse ¶ added in v1.3.0

type SnapshotImportResponse struct {
	NewProjectID uuid.UUID `json:"new_project_id"`
}

type SnapshotMember ¶ added in v1.3.0

type SnapshotMember struct {
	UserID             uuid.UUID `json:"user_id"`
	WrappedPRK         []byte    `json:"wrapped_prk"`
	WrapNonce          []byte    `json:"wrap_nonce"`
	EphemeralPublicKey []byte    `json:"ephemeral_public_key"`
}

type SnapshotProjectMetadata ¶ added in v1.3.0

type SnapshotProjectMetadata struct {
	Name       string `json:"name"`
	PrkVersion int32  `json:"prk_version"`
}

type UserBody ¶

type UserBody struct {
	Id                      uuid.UUID      `json:"id"`
	Email                   string         `json:"email"`
	PublicKey               []byte         `json:"public_key"`
	EncryptedUserPrivateKey []byte         `json:"encrypted_user_private_key"`
	PrivateKeySalt          []byte         `json:"private_key_salt"`
	PrivateKeyNonce         []byte         `json:"private_key_nonce"`
	ArgonParams             Argon2idParams `json:"argon_params"`
}

type UserKeyRequestBody ¶

type UserKeyRequestBody struct {
	Email string `json:"email"`
}

type UserKeyResponseBody ¶

type UserKeyResponseBody struct {
	Message   string    `json:"message"`
	UserId    uuid.UUID `json:"user_id"`
	PublicKey []byte    `json:"public_key"`
}

type WrappedDEK ¶ added in v1.2.0

type WrappedDEK struct {
	EnvVersionID uuid.UUID `json:"env_version_id"`
	WrappedDEK   []byte    `json:"wrapped_dek"`
	DekNonce     []byte    `json:"dek_nonce"`
}

type WrappedKey ¶ added in v1.2.0

type WrappedKey struct {
	UserID             uuid.UUID `json:"user_id"`
	WrappedPRK         []byte    `json:"wrapped_prk"`
	WrapNonce          []byte    `json:"wrap_nonce"`
	EphemeralPublicKey []byte    `json:"ephemeral_public_key"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL