如何使用 SOPS(Secrets OPerationS)和 Go 加密从 JSON 文件导入的值?
[英]How to encrypt a value imported from a JSON file using SOPS (Secrets OPerationS) and Go?
问题描述
I have a JSON file as follows.
我有一个 JSON 文件,如下所示。
secret.json:秘密.json:
{
"secret": "strongPassword"
}
I want to print out an encrypted value of the key "secret".我想打印出密钥“秘密”的加密值。
I've so far tried as follows.到目前为止,我已尝试如下。
package main
import (
"encoding/json"
"fmt"
"io/ioutil"
"go.mozilla.org/sops"
)
type secretValue struct {
Value string `json:"secret"`
}
func main() {
file, _ := ioutil.ReadFile("secret.json")
getSecretValue := secretValue{}
_ = json.Unmarshal([]byte(file), &getSecretValue)
encryptedValue, err := sops.Tree.Encrypt([]byte(getSecretValue.Value), file)
if err != nil {
panic(err)
}
fmt.Println(encryptedValue)
}
As you might have guessed, I'm pretty new to Go and the code above doesn't work.您可能已经猜到了,我对 Go 还很陌生,上面的代码不起作用。
How can I improve the code to print out the encrypted value?如何改进代码以打印出加密值?
Please note that I'm writing code like this only to see how SOPS works using Go.请注意,我编写这样的代码只是为了了解 SOPS 如何使用 Go 工作。 I don't print out secret value like this in production.我不会在生产中打印出这样的秘密值。
Edit:编辑:
I think the problem is the arguments for the Encrypt function.我认为问题在于 Encrypt 函数的参数。 According to the documentation, it should take []byte key and Cipher arguments, but I don't know either if I'm setting the []byte key correct or where that Cipher comes from.根据文档,它应该使用 []byte key 和 Cipher 参数,但我不知道我是否正确设置了 []byte 密钥或密码来自哪里。 Is it from crypto/cipher package?它来自加密/密码包吗?
Edit 2:编辑2:
Thank you @HolaYang for the great answer.谢谢@HolaYang 的精彩回答。 I tried to make your answer work with the external JSON file as follows, but it gave me an error message saying cannot use fileContent (type secretValue) as type []byte in argument to (&"go.mozilla.org/sops/stores/json".Store literal).LoadPlainFile .我试图让你的答案与外部 JSON 文件一起工作,如下所示,但它给了我一条错误消息,说cannot use fileContent (type secretValue) as type []byte in argument to (&"go.mozilla.org/sops/stores/json".Store literal).LoadPlainFile .
package main
import (
hey "encoding/json"
"fmt"
"io/ioutil"
"go.mozilla.org/sops"
"go.mozilla.org/sops/aes"
"go.mozilla.org/sops/stores/json"
)
type secretValue struct {
Value string `json:"secret"`
}
func main() {
// fileContent := []byte(`{
// "secret": "strongPassword"
// }`)
file, _ := ioutil.ReadFile("secret.json")
fileContent := secretValue{}
//_ = json.Unmarshal([]byte(file), &fileContent)
_ = hey.Unmarshal([]byte(file), &fileContent)
encryptKey := []byte("0123456789012345") // length 16
branches, _ := (&json.Store{}).LoadPlainFile(fileContent)
tree := sops.Tree{Branches: branches}
r, err := tree.Encrypt(encryptKey, aes.NewCipher())
if err != nil {
panic(err)
}
fmt.Println(r)
}
1 个解决方案
解决方案1
1 已采纳 2019-05-16 10:56:02
Let's see the function declaration of sops.Tree.Encrypt (a typo here in your code) .让我们看看sops.Tree.Encrypt的函数声明(您的代码中的一个错字) 。 By the code, we should do in these steps.通过代码,我们应该在这些步骤中做。
- Construct a
sops.Treeinstance with the json file.使用 json 文件构造一个sops.Tree实例。 - Use a certain
Cipherfor your encrypt.使用特定的Cipher进行加密。
Try yourself in this way please.请以这种方式尝试自己。
Code demo below, with AES as Cipher, and sops can only encrypt the total tree with the source code interface.下面代码demo,以AES为Cipher,sop只能用源码接口加密总树。
package main
import (
"fmt"
"go.mozilla.org/sops"
"go.mozilla.org/sops/aes"
"go.mozilla.org/sops/stores/json"
)
func main() {
/*
fileContent := []byte(`{
"secret": "strongPassword"
}`)
*/
fileContent, _ := ioutil.ReadFile("xxx.json")
encryptKey := []byte("0123456789012345") // length 16
branches, _ := (&json.Store{}).LoadPlainFile(fileContent)
tree := sops.Tree{Branches: branches}
r, err := tree.Encrypt(encryptKey, aes.NewCipher())
if err != nil {
panic(err)
}
fmt.Println(r)
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.