{"id":29117195,"url":"https://github.com/chainifynet/aws-encryption-sdk-go","last_synced_at":"2025-12-30T01:03:09.328Z","repository":{"id":206556823,"uuid":"706213607","full_name":"chainifynet/aws-encryption-sdk-go","owner":"chainifynet","description":"AWS Encryption SDK for Go","archived":false,"fork":false,"pushed_at":"2025-06-19T14:57:30.000Z","size":3211,"stargazers_count":21,"open_issues_count":19,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-06-26T21:54:24.813Z","etag":null,"topics":["aws","aws-encryption-sdk","aws-kms","aws-sdk-go","encryption","go","kms"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chainifynet.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-10-17T14:14:44.000Z","updated_at":"2025-06-18T15:05:25.000Z","dependencies_parsed_at":"2025-01-15T16:42:10.164Z","dependency_job_id":"e92f5a51-ea8e-4bae-800a-d3e53bbe3667","html_url":"https://github.com/chainifynet/aws-encryption-sdk-go","commit_stats":null,"previous_names":["chainifynet/aws-encryption-sdk-go"],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/chainifynet/aws-encryption-sdk-go","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainifynet%2Faws-encryption-sdk-go","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainifynet%2Faws-encryption-sdk-go/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainifynet%2Faws-encryption-sdk-go/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainifynet%2Faws-encryption-sdk-go/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chainifynet","download_url":"https://codeload.github.com/chainifynet/aws-encryption-sdk-go/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainifynet%2Faws-encryption-sdk-go/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262581514,"owners_count":23331925,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-encryption-sdk","aws-kms","aws-sdk-go","encryption","go","kms"],"created_at":"2025-06-29T11:14:11.662Z","updated_at":"2025-12-30T01:03:09.300Z","avatar_url":"https://github.com/chainifynet.png","language":"Go","funding_links":[],"categories":["Third-party APIs","第三方api"],"sub_categories":["Utility/Miscellaneous","实用程序/Miscellaneous"],"readme":"# AWS Encryption SDK for Go\n\n[![Mentioned in Awesome Go](https://awesome.re/mentioned-badge.svg)](https://github.com/avelino/awesome-go)\n[![Go Unit](https://github.com/chainifynet/aws-encryption-sdk-go/actions/workflows/go-unit.yml/badge.svg?branch=main)](https://github.com/chainifynet/aws-encryption-sdk-go/actions/workflows/go-unit.yml)\n[![Go E2E](https://github.com/chainifynet/aws-encryption-sdk-go/actions/workflows/go-e2e.yml/badge.svg?branch=main)](https://github.com/chainifynet/aws-encryption-sdk-go/actions/workflows/go-e2e.yml)\n[![Go Report Card](https://goreportcard.com/badge/github.com/chainifynet/aws-encryption-sdk-go)](https://goreportcard.com/report/github.com/chainifynet/aws-encryption-sdk-go)\n[![codecov](https://codecov.io/gh/chainifynet/aws-encryption-sdk-go/graph/badge.svg?token=YPZT7IOJMM)](https://codecov.io/gh/chainifynet/aws-encryption-sdk-go)\n![Code style: gofmt](https://img.shields.io/badge/code_style-gofmt-00ADD8.svg)\n[![Go Reference](https://pkg.go.dev/badge/github.com/chainifynet/aws-encryption-sdk-go.svg)](https://pkg.go.dev/github.com/chainifynet/aws-encryption-sdk-go)\n\nThis project is an implementation of the [AWS Encryption SDK](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/reference.html) for the Go programming language, providing a set of libraries for developers to easily add encryption and decryption functionality to their Go applications. This implementation is inspired by the [aws-encryption-sdk-python](https://github.com/aws/aws-encryption-sdk-python) and follows the [AWS Encryption SDK specification](https://github.com/awslabs/aws-encryption-sdk-specification/tree/c35fbd91b28303d69813119088c44b5006395eb4) closely.\n\n## Motivation\n\nThe motivation behind this project was the absence of a Go implementation of the AWS Encryption SDK.\nThis SDK aims to fill that gap, offering Go developers the tools to implement encryption according to AWS standards.\n\n## Features\n\n- Support for Message Format Version 1 and 2 and related [algorithms](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/algorithms-reference.html).\n- AWS KMS Master Key Provider with a discovery filter.\n- AWS KMS Multi-Region Keys using [MRK-aware provider](example/mrkAwareKmsProvider) in Discovery or Strict mode.\n- Raw Master Key provider using static keys.\n- Comprehensive [end-to-end tests](test/e2e/enc_dec_test.go) ensuring compatibility with `aws-encryption-sdk-cli`.\n- [100% code coverage](https://codecov.io/gh/chainifynet/aws-encryption-sdk-go) with tests.\n\n### Current Limitations\n\n- Does not support KMS aliases at this stage.\n- Raw Master Key provider does not support RSA encryption.\n- Only framed content type is supported.\n\n## Requirements\n\n- Go v1.21 or later.\n- AWS SDK for Go v2\n\n## Installation\n\nTo install the AWS Encryption SDK for Go, use the following command:\n\n```bash\n$ go get github.com/chainifynet/aws-encryption-sdk-go@latest\n```\n\n## Usage\n\nThis SDK provides a straightforward interface for encrypting and decrypting data.\n\n#### For advanced use cases, check [examples](example).\n\n### Setting Up the Client\n\nFirst, set up the client with the necessary configuration.\n\n#### Default Client Configuration\n\n```go\nimport (\n\t\"github.com/chainifynet/aws-encryption-sdk-go/client\"\n\t\"github.com/chainifynet/aws-encryption-sdk-go/clientconfig\"\n\t\"github.com/chainifynet/aws-encryption-sdk-go/materials\"\n\t\"github.com/chainifynet/aws-encryption-sdk-go/providers/kmsprovider\"\n\t\"github.com/chainifynet/aws-encryption-sdk-go/providers/rawprovider\"\n\t\"github.com/chainifynet/aws-encryption-sdk-go/suite\"\n)\n\n// setup Encryption SDK client with default config\nsdkClient := client.NewClient()\n```\n\n#### Custom Client Configuration (advanced)\n\nYou can specify the commitment policy and the limit of maximum encrypted data keys.\n\n```go\n// setup Encryption SDK client with custom client config\ncfg, err := clientconfig.NewConfigWithOpts(\n\tclientconfig.WithCommitmentPolicy(suite.CommitmentPolicyRequireEncryptRequireDecrypt),\n\tclientconfig.WithMaxEncryptedDataKeys(3),\n)\nif err != nil {\n\tpanic(err) // handle error\n}\n\n// setup Encryption SDK client with a custom config\nsdkClient := client.NewClientWithConfig(cfg)\n```\n\n### Prepare the Key Provider\n\n#### Raw Key Provider using static keys\n\n```go\nrawKeyProvider, err := rawprovider.NewWithOpts(\n\t\"raw\",\n\tproviders.WithStaticKey(\"static1\", []byte(\"superSecureKeySecureKey32bytes32\")),\n)\nif err != nil {\n\tpanic(\"raw key provider setup failed\") // handle error\n}\n```\n\n#### KMS Key Provider using KMS CMKs\n\nYou can optionally enable [discovery](example/discoveryKmsProvider) or specify a [discovery filter](example/discoveryFilterKmsProvider).\n\n```go\n// KMS key ARN to be used for encryption and decryption\nkmsKeyArn := \"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\"\n\n// setup KMS key provider\nkmsKeyProvider, err := kmsprovider.New(kmsKeyArn)\nif err != nil {\n\tpanic(\"kms key provider setup failed\") // handle error\n}\n```\n\n### Create the Crypto Materials Manager\n\nYou can use either the KMS Key Provider, Raw Key Provider, or [both combining](example/multipleKeyProvider) them.\n\n#### Crypto Materials Manager with the Raw Key Provider\n\n```go\ncmm, err := materials.NewDefault(rawKeyProvider)\nif err != nil {\n\tpanic(\"materials manager setup failed\") // handle error\n}\n```\n\n#### Crypto Materials Manager with KMS Key Provider\n\n```go\ncmm, err := materials.NewDefault(kmsKeyProvider)\nif err != nil {\n\tpanic(\"materials manager setup failed\") // handle error\n}\n```\n\n#### Crypto Materials Manager using both KMS and Raw Key Providers\n\n```go\ncmm, err := materials.NewDefault(kmsKeyProvider, rawKeyProvider)\nif err != nil {\n\tpanic(\"materials manager setup failed\") // handle error\n}\n```\n\n### Encrypting Data\n\nTo encrypt data, call the `Encrypt` method on the client.\n\n```go\n// define the encryption context, which is a set of key-value pairs that represent additional authenticated data\nencryptionContext := map[string]string{\n\t\"purpose\": \"test\",\n}\n\n// data to encrypt\nsecretData := []byte(\"secret data to encrypt\")\n\n// encrypt data\nciphertext, header, err := sdkClient.Encrypt(\n\tcontext.TODO(),\n\tsecretData,\n\tencryptionContext,\n\tcmm,\n)\nif err != nil {\n    panic(\"encryption failed\") // handle error\n}\n```\n\n### Decrypting Data\n\nTo decrypt data, use the `Decrypt` method on the client.\n\n```go\n// decrypt data\nplaintext, header, err := sdkClient.Decrypt(context.TODO(), ciphertext, cmm)\nif err != nil {\n\tpanic(\"decryption failed\") // handle error\n}\n```\n\n## TODO\n\n- [x] Add support for Caching Materials Manager [#559](https://github.com/chainifynet/aws-encryption-sdk-go/pull/559).\n- [x] Add support for Message Format Version 1 [#170](https://github.com/chainifynet/aws-encryption-sdk-go/pull/170).\n- [x] Add support for AWS KMS Multi-Region Keys [#46](https://github.com/chainifynet/aws-encryption-sdk-go/pull/46).\n- [ ] Add support for KMS aliases.\n- [x] Cover `providers` package with tests.\n- [x] Cover `keys` package with tests.\n- [x] Cover `materials` package with tests.\n- [x] GoDoc documentation [#294](https://github.com/chainifynet/aws-encryption-sdk-go/pull/294).\n- [ ] Streamlined encryption and decryption.\n\n## Support and Contributions\n\nIf you encounter any issues or would like to contribute to the project, please submit an issue or pull request on GitHub.\n\n## License\n\nThis SDK is licensed under the Apache License 2.0. See the [LICENSE](LICENSE.txt) file for details.\n\nFor more information on how to use this SDK, please refer to the `example` directory and the detailed API reference in the documentation.\n\n---\n\nStay tuned for further updates and features. Contributions and feedback are welcome!\n\n\n[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fchainifynet%2Faws-encryption-sdk-go.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Fchainifynet%2Faws-encryption-sdk-go?ref=badge_large)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchainifynet%2Faws-encryption-sdk-go","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchainifynet%2Faws-encryption-sdk-go","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchainifynet%2Faws-encryption-sdk-go/lists"}