Package riversecretbox provides a riverencrypt.Encryptor implementation that uses NaCl Secretbox, a good default encryption choice using widely respected cryptography.
This section is empty.
This section is empty.
This section is empty.
type Encryptor struct {/* contains filtered or unexported fields */}
NewEncryptor returns a new Encryptor, an encryptor making use of NaCl Secretbox for use with riverencrypt.EncryptHook.
Multiple encryption keys may be specified for purposes of key rotation. When encrypting data, the first key is always used. When decrypting, all keys are tried, starting with the first, and an error is only returned if no key is capable of decrypting encrypted data. When rotating keys, initialize the lifecycle with the new key first and old key second. After all jobs that need to the old key be decrypted have rotated out of the database, remove the old key, after which the key rotation is complete.