search

bincyber / go-sqlcrypter

custom Go data type to facilitate column-level encryption
MIT License
12 stars 2 forks source link

readme

go-sqlcrypter

License GoDoc Go Report Card test

go-sqlcrypter is a Go package that enables sensitive data to be encrypted at rest within a relational database. A custom type _EncryptedBytes_ is provided which implements the sql.Scanner and driver.Valuer interfaces allowing data to be encrypted and decrypted when writing to and reading from a SQL database. Column-level encryption provides an additional layer of security.

The following encryption providers are supported:

Refer to each provider for documentation and examples.

Install

go get -u github.com/bincyber/go-sqlcrypter

Usage

Configure the encryption provider of your choice:

key := []byte("abcdef01234567899876543210fedcba")
provider, err := aescrypter.New(key, nil)
if err != nil {
    log.Fatalf("failed to initialize AES crypter. Error: %s", err)
}

Initialize the sqlcrypter with the encryption provider:

sqlcrypter.Init(provider)

Use the custom type _EncryptedBytes_ for any sensitive data:

type Employee struct {
    Name  string
    SSN   sqlcrypter.EncryptedBytes
    Email string
    Title string
}

func main() {
    e := &Employee{
        Name:  "Tony Stark",
        SSN:   sqlcrypter.NewEncryptedBytes("999-00-1234"),
        Email: "tony@starkindustries.com",
        Title: "Genius, Billionaire, Playboy, Philanthropist",
    }
}

For a full example, see example/main.go.

Development

docker-compose is used to help with local development and testing. See testing/docker-compose.yml

To bring up the development environment:

make dev/up
make terraform/apply

To run the test suite:

make go/test

Contributing

Contributions of new encryption providers (eg, Azure Key Vault, GCP KMS, etc.) are more than welcome!

License

The source code for this library is licensed under the MIT license, which you can find in the LICENSE file.