github.com/opentofu/opentofu@v1.7.1/internal/encryption/method/aesgcm/example_test.go

github.com/opentofu/opentofu@v1.7.1/internal/encryption/method/aesgcm/example_test.go (about)

     1  package aesgcm_test
     2  
     3  import (
     4  	"encoding/json"
     5  	"fmt"
     6  
     7  	"github.com/hashicorp/hcl/v2"
     8  	"github.com/hashicorp/hcl/v2/gohcl"
     9  	"github.com/hashicorp/hcl/v2/hclsyntax"
    10  	"github.com/opentofu/opentofu/internal/encryption/keyprovider"
    11  	"github.com/opentofu/opentofu/internal/encryption/method/aesgcm"
    12  )
    13  
    14  func Example() {
    15  	descriptor := aesgcm.New()
    16  
    17  	// Get the config struct. You can fill it manually by type-asserting it to aesgcm.Config, but you could also use
    18  	// it as JSON.
    19  	config := descriptor.ConfigStruct()
    20  
    21  	if err := json.Unmarshal(
    22  		// Set up a randomly generated 32-byte key. In JSON, you can base64-encode the value.
    23  		[]byte(`{
    24      "keys": {
    25  		"encryption_key": "Y29veTRhaXZ1NWFpeW9vMWlhMG9vR29vVGFlM1BhaTQ=",
    26  		"decryption_key": "Y29veTRhaXZ1NWFpeW9vMWlhMG9vR29vVGFlM1BhaTQ="
    27  	}
    28  }`), &config); err != nil {
    29  		panic(err)
    30  	}
    31  
    32  	method, err := config.Build()
    33  	if err != nil {
    34  		panic(err)
    35  	}
    36  
    37  	// Encrypt some data:
    38  	encrypted, err := method.Encrypt([]byte("Hello world!"))
    39  	if err != nil {
    40  		panic(err)
    41  	}
    42  
    43  	// Now decrypt it:
    44  	decrypted, err := method.Decrypt(encrypted)
    45  	if err != nil {
    46  		panic(err)
    47  	}
    48  
    49  	fmt.Printf("%s", decrypted)
    50  	// Output: Hello world!
    51  }
    52  
    53  func Example_config() {
    54  	// First, get the descriptor to make sure we always have the default values.
    55  	descriptor := aesgcm.New()
    56  
    57  	// Obtain a modifiable, buildable config. Alternatively, you can also use ConfigStruct() method to obtain a
    58  	// struct you can fill with HCL or JSON tags.
    59  	config := descriptor.TypedConfig()
    60  
    61  	// Set up an encryption key:
    62  	config.Keys = keyprovider.Output{
    63  		EncryptionKey: []byte("AiphoogheuwohShal8Aefohy7ooLeeyu"),
    64  		DecryptionKey: []byte("AiphoogheuwohShal8Aefohy7ooLeeyu"),
    65  	}
    66  
    67  	// Now you can build a method:
    68  	method, err := config.Build()
    69  	if err != nil {
    70  		panic(err)
    71  	}
    72  
    73  	// Encrypt something:
    74  	encrypted, err := method.Encrypt([]byte("Hello world!"))
    75  	if err != nil {
    76  		panic(err)
    77  	}
    78  
    79  	// Decrypt it:
    80  	decrypted, err := method.Decrypt(encrypted)
    81  	if err != nil {
    82  		panic(err)
    83  	}
    84  
    85  	fmt.Printf("%s", decrypted)
    86  	// Output: Hello world!
    87  }
    88  
    89  func Example_config_json() {
    90  	// First, get the descriptor to make sure we always have the default values.
    91  	descriptor := aesgcm.New()
    92  
    93  	// Get an untyped config struct you can use for JSON unmarshalling:
    94  	config := descriptor.ConfigStruct()
    95  
    96  	// Unmarshal JSON into the config struct:
    97  	if err := json.Unmarshal(
    98  		// Set up a randomly generated 32-byte key. In JSON, you can base64-encode the value.
    99  		[]byte(`{
   100      "keys": {
   101  		"encryption_key": "Y29veTRhaXZ1NWFpeW9vMWlhMG9vR29vVGFlM1BhaTQ=",
   102  		"decryption_key": "Y29veTRhaXZ1NWFpeW9vMWlhMG9vR29vVGFlM1BhaTQ="
   103  	}
   104  }`), &config); err != nil {
   105  		panic(err)
   106  	}
   107  
   108  	// Now you can build a method:
   109  	method, err := config.Build()
   110  	if err != nil {
   111  		panic(err)
   112  	}
   113  
   114  	// Encrypt something:
   115  	encrypted, err := method.Encrypt([]byte("Hello world!"))
   116  	if err != nil {
   117  		panic(err)
   118  	}
   119  
   120  	// Decrypt it:
   121  	decrypted, err := method.Decrypt(encrypted)
   122  	if err != nil {
   123  		panic(err)
   124  	}
   125  
   126  	fmt.Printf("%s", decrypted)
   127  	// Output: Hello world!
   128  }
   129  
   130  func Example_config_hcl() {
   131  	// First, get the descriptor to make sure we always have the default values.
   132  	descriptor := aesgcm.New()
   133  
   134  	// Get an untyped config struct you can use for HCL unmarshalling:
   135  	config := descriptor.ConfigStruct()
   136  
   137  	// Unmarshal HCL code into the config struct. The input must be a list of bytes, so in a real world scenario
   138  	// you may want to put in a hex-decoding function:
   139  	rawHCLInput := `keys = {
   140  	encryption_key = [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32],
   141  	decryption_key = [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32]
   142  }`
   143  	file, diags := hclsyntax.ParseConfig(
   144  		[]byte(rawHCLInput),
   145  		"example.hcl",
   146  		hcl.Pos{Byte: 0, Line: 1, Column: 1},
   147  	)
   148  	if diags.HasErrors() {
   149  		panic(diags)
   150  	}
   151  	if diags := gohcl.DecodeBody(file.Body, nil, config); diags.HasErrors() {
   152  		panic(diags)
   153  	}
   154  
   155  	// Now you can build a method:
   156  	method, err := config.Build()
   157  	if err != nil {
   158  		panic(err)
   159  	}
   160  
   161  	// Encrypt something:
   162  	encrypted, err := method.Encrypt([]byte("Hello world!"))
   163  	if err != nil {
   164  		panic(err)
   165  	}
   166  
   167  	// Decrypt it:
   168  	decrypted, err := method.Decrypt(encrypted)
   169  	if err != nil {
   170  		panic(err)
   171  	}
   172  
   173  	fmt.Printf("%s", decrypted)
   174  	// Output: Hello world!
   175  }