Operations

Operations describe mutations to be performed on data like encrypting, decrypting or dropping certain fields. Only a single operation can be performed at a time and they're applied in the order they're supplied.

Operation
Description
Code Example
Converting confidential data from a plaintext value to an encrypted version
Turning an encrypted envelope field back to its original plaintext form
Removing certain envelope fields depending on specified conditions

All operations have a required Data Location field which provides a mapping for operations to the envelope data. Operations accept one of the type inputs (e.g. Encrypt, Decrypt or Drop) to define that kind of operation.

type Operation struct {
    DataLocation

    Encrypt *Encrypt `json:"encrypt,omitempty"`
    Decrypt *Decrypt `json:"decrypt,omitempty"`
    Drop    *Drop    `json:"drop,omitempty"`

    // Errors from executing an operation.
    Errors []OperationError `json:"errors,omitempty"`
}

type DataLocation struct {
    // Source is the field name for input data.
    Source string `json:"src"`
    // Destination is the field name where mutated data is persisted.
    // (defaults to `Source` field value if empty)
    Destination string `json:"dest"`
}