1package secrets 2 3import ( 4 "errors" 5 "time" 6) 7 8var ErrDataKeyNotFound = errors.New("data key not found") 9 10type DataKey struct { 11 Active bool 12 Name string 13 Scope string 14 Provider string 15 EncryptedData []byte 16 Created time.Time 17 Updated time.Time 18} 19 20type EncryptionOptions func() string 21 22// WithoutScope uses a root level data key for encryption (DEK), 23// in other words this DEK is not bound to any specific scope (not attached to any user, org, etc.). 24func WithoutScope() EncryptionOptions { 25 return func() string { 26 return "root" 27 } 28} 29 30// WithScope uses a data key for encryption bound to some specific scope (i.e., user, org, etc.). 31// Scope should look like "user:10", "org:1". 32func WithScope(scope string) EncryptionOptions { 33 return func() string { 34 return scope 35 } 36} 37