Decrypt

A Decrypt operation is the process of turning an encrypted value back to its original form. A decrypted value is referred to as plaintext. This operation can only be executed in trusted environments like customer-managed servers or compliance-approved third parties.

type Decrypt struct {
    KeySpec *KeySpec `json:"key_spec,omitempty"`
}

type KeySpec struct {
    // Example = arn:aws:kms:us-west-2:436578702069:key/f5208fa1-13f1-4d9c-90e8-802609342d07
    Selector string `json:"selector"`
    // Example = low
    SensivityLevel string `json:"sensitivity_level"
}
import (
    "reflect"
    "github.com/ume/api/pkg/mirror"
)

func HandleLoadEvent(event *Event) {
    // event = {name: 8J-c902frj3vm2sicz}
    eventData := event.ToMap()
    envelope := mirror.Envelope{
        Data: eventData,
        Operations: []mirror.Operation{
            {
                DataLocation: mirror.DataLocation{
                    Source: "name",
                },
                Decrypt: &mirror.Decrypt{},
            },
        },
    }

    envelope.Execute()

    encryptedName := form.Get("name")

    if assertNotEqual(encryptedName, envelope.Data["name"]) {
        // Name was successfully decrypted
    }
}

func assertNotEqual(expected, actual interface{}) bool {
    isEqual := reflect.DeepEqual(expected, actual)

    return !isEqual
}

Before

{
  "data": { "name": "8J-c902frj3vm2sicz" },
  "ops": [{ "src": "name", "decrypt": {} }]
}

After

{
  "data": { "name": "Ada" },
  "ops": []
}