{"id":40331496,"url":"https://github.com/ibm-hyper-protect/contract-go","last_synced_at":"2026-03-04T20:12:26.314Z","repository":{"id":212484865,"uuid":"697806655","full_name":"ibm-hyper-protect/contract-go","owner":"ibm-hyper-protect","description":"Go library to work with hyper protect contracts","archived":false,"fork":false,"pushed_at":"2026-02-03T10:35:51.000Z","size":625,"stargazers_count":1,"open_issues_count":8,"forks_count":8,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-02-03T23:18:58.226Z","etag":null,"topics":["hpcc-peerpod","hpcr","hpcr4rhvs","hpvs","hyper-protect","hyper-protect-services","ibm"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ibm-hyper-protect.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":"MAINTAINERS.md","copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-09-28T14:11:40.000Z","updated_at":"2026-02-03T10:35:53.000Z","dependencies_parsed_at":"2025-11-27T10:07:43.849Z","dependency_job_id":null,"html_url":"https://github.com/ibm-hyper-protect/contract-go","commit_stats":null,"previous_names":["ibm-hyper-protect/contract-go","ibm-hyper-protect/contract-schema-go"],"tags_count":89,"template":false,"template_full_name":null,"purl":"pkg:github/ibm-hyper-protect/contract-go","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ibm-hyper-protect%2Fcontract-go","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ibm-hyper-protect%2Fcontract-go/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ibm-hyper-protect%2Fcontract-go/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ibm-hyper-protect%2Fcontract-go/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ibm-hyper-protect","download_url":"https://codeload.github.com/ibm-hyper-protect/contract-go/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ibm-hyper-protect%2Fcontract-go/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29537267,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-17T05:00:25.817Z","status":"ssl_error","status_checked_at":"2026-02-17T04:57:16.126Z","response_time":100,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hpcc-peerpod","hpcr","hpcr4rhvs","hpvs","hyper-protect","hyper-protect-services","ibm"],"created_at":"2026-01-20T08:06:12.888Z","updated_at":"2026-03-04T20:12:26.295Z","avatar_url":"https://github.com/ibm-hyper-protect.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Contract Go\n\n[![contract-go CI](https://github.com/ibm-hyper-protect/contract-go/actions/workflows/build.yml/badge.svg)](https://github.com/ibm-hyper-protect/contract-go/actions/workflows/build.yml)\n[![Latest Release](https://img.shields.io/github/v/release/ibm-hyper-protect/contract-go?include_prereleases)](https://github.com/ibm-hyper-protect/contract-go/releases/latest)\n[![Go Report Card](https://goreportcard.com/badge/github.com/ibm-hyper-protect/contract-go)](https://goreportcard.com/report/ibm-hyper-protect/contract-go)\n[![Go Reference](https://pkg.go.dev/badge/github.com/ibm-hyper-protect/contract-go.svg)](https://pkg.go.dev/github.com/ibm-hyper-protect/contract-go/v2)\n[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n\nA Go library for automating the provisioning and management of IBM Hyper Protect confidential computing workloads.\n\n## Table of Contents\n\n- [Overview](#overview)\n- [Features](#features)\n- [Installation](#installation)\n- [Quick Start](#quick-start)\n- [Documentation](#documentation)\n- [Supported Platforms](#supported-platforms)\n- [Examples](#examples)\n- [Related Projects](#related-projects)\n- [Contributing](#contributing)\n- [License](#license)\n- [Support](#support)\n\n## Overview\n\nThe `contract-go` library automates the provisioning of IBM Hyper Protect confidential computing solutions:\n\n- **Hyper Protect Virtual Servers (HPVS)** - Secure virtual servers on IBM Cloud\n- **Hyper Protect Container Runtime (HPCR)** for RedHat Virtualization (RHVS)\n- **Hyper Protect Confidential Container (HPCC)** for Red Hat OpenShift Peer Pods\n\nThis library provides cryptographic operations, contract generation, validation, and management capabilities for deploying workloads in secure enclaves on IBM LinuxONE.\n\n### What are Hyper Protect Services?\n\nIBM Hyper Protect services provide confidential computing capabilities that protect data in use by leveraging Secure Execution feature of Z. \n\nLearn more:\n\n- [Confidential computing with LinuxONE](https://cloud.ibm.com/docs/vpc?topic=vpc-about-se)\n- [IBM Hyper Protect Virtual Servers](https://www.ibm.com/docs/en/hpvs/2.2.x)\n- [IBM Hyper Protect Confidential Container for Red Hat OpenShift](https://www.ibm.com/docs/en/hpcc/1.1.x)\n\n## Features\n\n- **Attestation Management**\n  - Decrypt encrypted attestation records\n  - Verify signature of attestation records against IBM certificates\n\n- **Certificate Operations**\n  - Download HPVS encryption certificates from IBM Cloud\n  - Extract specific encryption certificates by version\n  - Validate expiry of encryption certificate\n\n- **Contract Generation**\n  - Generate Base64-encoded data from text, JSON, initdata annotation and docker compose / podman play archives\n  - Create signed and encrypted \u0026 signed contracts\n  - Support contract expiry with CSR (Certificate Signing Request)\n  - Validate contract schemas\n  - Decrypt encrypted text in Hyper Protect format\n\n- **Archive Management**\n  - Generate Base64 tar archives of `docker-compose.yaml` or `pods.yaml`\n  - Support encrypted base64 tar generation\n\n- **Image Selection**\n  - Retrieve latest HPVS image details from IBM Cloud API\n  - Filter images by semantic versioning\n\n- **Network Validation**\n  - Validate network-config schemas for on-premise deployments\n  - Support HPVS, HPCR RHVS, and HPCC Peer Pod configurations\n\n## Installation\n\n```bash\ngo get github.com/ibm-hyper-protect/contract-go/v2\n```\n\n### Prerequisites\n\n- **Go 1.24.7 or later**\n- **OpenSSL** - Required for encryption operations\n  - On Linux: `apt-get install openssl` or `yum install openssl`\n  - On macOS: `brew install openssl`\n  - On Windows: [Download OpenSSL](https://slproweb.com/products/Win32OpenSSL.html)\n\n#### Optional: Custom OpenSSL Path\n\nIf OpenSSL is not in your system PATH, set the `OPENSSL_BIN` environment variable:\n\n```bash\n# Linux/macOS\nexport OPENSSL_BIN=/usr/bin/openssl\n\n# Windows (PowerShell)\n$env:OPENSSL_BIN=\"C:\\Program Files\\OpenSSL-Win64\\bin\\openssl.exe\"\n```\n\n## Quick Start\n\n### Generate a Signed and Encrypted Contract\n\n```go\npackage main\n\nimport (\n    \"fmt\"\n    \"log\"\n\n    \"github.com/ibm-hyper-protect/contract-go/v2/contract\"\n)\n\nfunc main() {\n    // Your contract YAML\n    contractYAML := `\nenv: |\n  type: env\n  logging:\n    logRouter:\n      hostname: 5c2d6b69-c7f0-41bd-b69b-240695369d6e.ingress.us-south.logs.cloud.ibm.com\n      iamApiKey: ab00e3c09p1d4ff7fff9f04c12183413\nworkload: |\n  type: workload\n  compose:\n    archive: your-archive\nattestationPublicKey: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUF4cklNT3RvSktWRTZQbGhvVlJ1dgorb3YxaW1jOEZRZUdQZ3VoVFBpQUFrNDVqRStJSnVKTHZtVHFkOE8yVlZwT05iZEhiN3ZpWGEydUwxeFBOcUp2ClVpVmZNTDUyN1B4V25TU3drcitKNDYwamZvZCtaMkJOQ0k1eVV6dVYxQVhvNHV3YmVLVzNYbVM2b2FIT1YrNmsKU1YwWCt3cFE5a3J5QnJ2NWVJc2tsSTBtS3JnaXBOc2N4b3hvNG4rRDlPMWRDVU5XRzZ4MmlpVnVLeXp4VzZZTgordW9wNHZxb3VMM2pGQ1crVkRGVHgycGViNzNqL2V6WnRUVVhEbStPZTc1V21zVkxjUUg4RXZYbVFsRVAvbEduCnZZMWQ1RXI1ZjlBSU5yOEdRWjM1OHNrWENvdCtseDZiMmQveTZwWEFOTFpBR2ZoRmZLSUMxSVdHOTQrRVdqMG4KUFB6Y1NpeHhHUk53bHZjV3BDY3hKTHFEb1VCaDF0NVA4OGJTVVJUVnpuZUVydDVYbUtjRVdDd3JsSGRrSWdGYgp1azFpbWlEOHl4S2RtZmNKdzZzRm5NeDlTb3FxSFFqNk9FUFZrV3E3Y1VYQUVMN05PSzlWTnZzZUxlNnEwRkRVClNLOSt5Ty9PdEdtSEFMcFJtY2dzNGlKOVJmRTlZQUt0a1JQRlRETUdYR0lFUGdnQkIyMHRlblk0ZTRyaXE1UWgKYWp1Y2txd3psRkhjbEZLWk9jMXNMR3NCRmhHSERIZm1taWNnWkhBdVN5YVpaM29QM3czbmhNK2IwT2grSjFSMwpWQUVWWUlDMzArVUZVR1dyTU40Q3ZDLzZaVk5YVkZ4ZkZMcU8raGFnNnI4Q3VqVEtLQ3NiaE5kaVNoNlRvdWhUCjZNY2N3OVg2bkpPdFBhK0E3L0ZVV3BVQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo=\n`\n\n    // Generate signed and encrypted contract\n    signedContract, inputHash, outputHash, err := contract.HpcrContractSignedEncrypted(\n        contractYAML,\n        \"hpvs\",              // Hyper Protect OS type\n        \"\",                  // Use default encryption certificate\n        privateKey,          // Your RSA private key\n    )\n    if err != nil {\n        log.Fatal(err)\n    }\n\n    fmt.Printf(\"Signed Contract: %s\\n\", signedContract)\n    fmt.Printf(\"Input SHA256: %s\\n\", inputHash)\n    fmt.Printf(\"Output SHA256: %s\\n\", outputHash)\n}\n```\n\n### Select Latest HPCR Image\n\n```go\npackage main\n\nimport (\n    \"fmt\"\n    \"log\"\n\n    \"github.com/ibm-hyper-protect/contract-go/v2/image\"\n)\n\nfunc main() {\n    // Image JSON from IBM Cloud\n    imageJSON := `[...]` // Your IBM Cloud images JSON\n\n    // Get latest image matching version constraint\n    imageID, imageName, checksum, version, err := image.HpcrSelectImage(\n        imageJSON,\n        \"\u003e=1.1.0\", // Optional version constraint\n    )\n    if err != nil {\n        log.Fatal(err)\n    }\n\n    fmt.Printf(\"Image ID: %s\\n\", imageID)\n    fmt.Printf(\"Image Name: %s\\n\", imageName)\n    fmt.Printf(\"Checksum: %s\\n\", checksum)\n    fmt.Printf(\"Version: %s\\n\", version)\n}\n```\n\n## Documentation\n\nComprehensive documentation is available at:\n\n- **[User Documentation](https://ibm-hyper-protect.github.io/contract-go)** - Detailed API reference and usage examples\n- **[Go Package Documentation](https://pkg.go.dev/github.com/ibm-hyper-protect/contract-go/v2)** - Generated Go docs\n- **[Examples](samples/)** - Sample contracts and configurations\n\n## Supported Platforms\n\n| Platform | Description | Support Status |\n|----------|-------------|----------------|\n| HPVS | Hyper Protect Virtual Servers | Supported |\n| HPCR-RHVS | Hyper Protect Container Runtime for Red Hat Virtualization | Supported |\n| HPCC-PeerPod | Hyper Protect Confidential Container Peer Pods | Supported |\n\n## Examples\n\nThe [`samples/`](samples/) directory contains example configurations:\n\n- [Simple Contract](samples/simple_contract.yaml)\n- [Workload Configuration](samples/workload.yaml)\n- [Network Configuration](samples/network/network_config.yaml)\n- [Docker Compose](samples/tgz/docker-compose.yaml)\n\n## Related Projects\n\nThis library is used by several tools in the IBM Hyper Protect ecosystem:\n\n| Project | Description |\n|---------|-------------|\n| [contract-cli](https://github.com/ibm-hyper-protect/contract-cli) | CLI tool for generating Hyper Protect contracts |\n| [terraform-provider-hpcr](https://github.com/ibm-hyper-protect/terraform-provider-hpcr) | Terraform provider for Hyper Protect contracts |\n| [k8s-operator-hpcr](https://github.com/ibm-hyper-protect/k8s-operator-hpcr) | Kubernetes operator for contract management |\n| [linuxone-vsi-automation-samples](https://github.com/ibm-hyper-protect/linuxone-vsi-automation-samples) | Terraform examples for HPVS and HPCR RHVS |\n| [hyper-protect-virtual-server-samples](https://github.com/ibm-hyper-protect/hyper-protect-virtual-server-samples) | HPVS feature samples and scripts |\n\n## Contributing\n\nWe welcome contributions! Please see our [Contributing Guidelines](CONTRIBUTING.md) for details on:\n\n- Opening issues\n- Submitting pull requests\n- Code style and conventions\n- Testing requirements\n\nPlease also read our [Code of Conduct](CODE_OF_CONDUCT.md) before contributing.\n\n## License\n\nThis project is licensed under the Apache License 2.0 - see the [LICENSE](LICENSE) file for details.\n\n## Support\n\n### Reporting Issues\n\nWe use GitHub issue templates to help us understand and address your concerns efficiently:\n\n- **[Report a Bug](https://github.com/ibm-hyper-protect/contract-go/issues/new?template=bug_report.yml)** - Found a bug? Let us know!\n- **[Request a Feature](https://github.com/ibm-hyper-protect/contract-go/issues/new?template=feature_request.yml)** - Have an idea for improvement?\n- **[Ask a Question](https://github.com/ibm-hyper-protect/contract-go/issues/new?template=question.yml)** - Need help using the library?\n\n### Security\n\n- **Security Vulnerabilities**: Report via [GitHub Security Advisories](https://github.com/ibm-hyper-protect/contract-go/security/advisories/new) - **DO NOT** create public issues\n- See our complete [Security Policy](SECURITY.md) for details\n\n### Community\n\n- **[Discussions](https://github.com/ibm-hyper-protect/contract-go/discussions)** - General questions and community discussion\n- **[Documentation](https://ibm-hyper-protect.github.io/contract-go)** - Comprehensive API documentation\n- **[Maintainers](MAINTAINERS.md)** - Current maintainer list and contact info\n\n## Contributors\n\n![Contributors](https://contrib.rocks/image?repo=ibm-hyper-protect/contract-go)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fibm-hyper-protect%2Fcontract-go","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fibm-hyper-protect%2Fcontract-go","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fibm-hyper-protect%2Fcontract-go/lists"}