You can use our Go SDK to:
- Encrypt data server-side including files
- Decrypt data server-side
- Invoke Functions
- Invoke Enclaves
- Proxy requests through Outbound Relay
Encrypting/Decrypting data with our backend SDKs instead of Inbound Relay may expose you to greater compliance burden because because your server handles plaintext data.
Instead you can:
Now, let's initialize the SDK using our App's ID and API key. If you don't have one yet, you can get one by creating an App in the Evervault Dashboard.
Now that the SDK is initialized, we can encrypt a string.
Decrypt data previously encrypted using the
Encrypt() function or through Relay.
An API key with the
decrypt permission must be used to perform this operation.
Client Side Decrypt Tokens are versatile and short-lived tokens that frontend applications can utilise to decrypt data previously encrypted through Evervault. Client Side Decrypt Tokens are restricted to specific payloads.
By default, a Client Side Decrypt Token will live for 5 minutes into the future. The maximum time to live of the token is 10 minutes into the future.
Invoke an Evervault Function with a given payload.
The returned client is configured to proxy requests through Outbound Relay, enabling decryption of data before it reaches the requests destination.
Successful Function runs will return a
FunctionRunResponse containing a Function Run ID and the result from your Function.
The returned client will be configured to connect to the Enclave and attest the connection on each request with the pcrs provided.
To keep your clients in sync with your Enclave across deployments, you can use the
EnclaveClientWithProvider. This allows you to define a callback function which returns a list of PCRs. This can be used to load the latest set of PCRs for your Deployed Enclave from a trusted source without a redeploy of your client.
Pulling all of this together leaves us with the following working example. You can copy and paste the code below (using a sandbox API key), run it in your own environment and run the encryption for yourself.
The full reference is available on Go pkg