feat: Initial implementation

.editorconfig

@@ -0,0 +1,13 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+
+[{*.go,Makefile}]
+indent_style = tab
+
+[*.{yml,yaml,tf,sh}]
+indent_style = space
+indent_size = 2
+trim_trailing_whitespace = true

.github/workflows/push.yml

@@ -0,0 +1,38 @@
+name: GitHub Actions
+on: [ push ]
+concurrency: ci
+
+env:
+  AZURE_TENANT_ID: 9b85ee6f-4fb0-4a46-8cb7-4dcc6b262a89
+  AZURE_CLIENT_ID: 018b2e1a-41f3-48cf-a3b6-dd93f74c6d2f
+  AZURE_CLIENT_SECRET: ${{ secrets.TEST_AZURE_CLIENT_SECRET }}
+  AZURE_KEY_VAULT_URL: https://ci-go-cloud-encrypt.vault.azure.net/
+  AZURE_KEY_NAME: ci-go-cloud-encrypt
+  AWS_REGION: eu-central-1
+  AWS_ACCESS_KEY_ID: AKIA4DHGP53NXOCD6Y6B
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.TEST_AWS_SECRET_ACCESS_KEY }}
+  AWS_KMS_KEY_ID: f14ac86a-dc61-4544-b1f7-6312773765f0
+  AWS_ROLE_ID: arn:aws:iam::831559560923:role/ci-go-cloud-encrypt-role
+  GCP_KMS_KEY_ID: projects/go-team-ci/locations/global/keyRings/ci-go-cloud-encrypt/cryptoKeys/ci-go-cloud-encrypt
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+
+      - name: Google Login
+        uses: google-github-actions/auth@v2
+        with:
+          credentials_json: ${{ secrets.TEST_GCP_SERVICE_ACCOUNT_KEY }}
+          export_environment_variables: true
+          create_credentials_file: true
+
+      - name: Build image
+        run: |
+          docker login --username "$DOCKERHUB_USER" --password "$DOCKERHUB_TOKEN"
+          docker compose -f docker-compose.ci.yml build
+
+      - name: Run tests
+        run: |          
+          docker compose -f docker-compose.ci.yml run ci go test ./...

.gitignore

@@ -0,0 +1,6 @@
+!.gitkeep
+
+var/*
+vendor/*
+
+.env.local

Dockerfile

@@ -0,0 +1,30 @@
+FROM golang:1.23
+
+ENV HOME=/my-home
+ENV GOCACHE=/tmp/cache/go
+ENV GOMODCACHE=/tmp/cache/go-mod
+ENV GOFLAGS="-mod=mod"
+ENV PATH="$PATH:$GOPATH/bin"
+
+# Install editor
+RUN apt-get update && apt-get install -y nano
+ENV EDITOR=nano
+
+# Install tools
+RUN mkdir -p /tmp/build
+COPY Makefile /tmp/build/Makefile
+COPY scripts  /tmp/build/scripts
+RUN cd /tmp/build && make tools && rm -rf /tmp/build
+
+# Set prompt
+RUN mkdir -p ~ && \
+    echo 'PS1="\w > "' > ~/.bashrc
+
+# Fix permissions
+RUN mkdir -p $GOPATH && chmod -R 777 $GOPATH && \
+    mkdir -p $GOCACHE && chmod -R 777 $GOCACHE && \
+    mkdir -p $GOMODCACHE && chmod -R 777 $GOMODCACHE && \
+    mkdir -p $HOME && chmod -R 777 $HOME
+
+WORKDIR /code/
+CMD ["/bin/bash"]

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) Keboola :(){:|:&};: s.r.o.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -0,0 +1,14 @@
+tools:
+	bash ./scripts/tools.sh
+
+lint:
+	bash ./scripts/lint.sh
+
+fix:
+	bash ./scripts/fix.sh
+
+tests:
+	gotestsum --no-color=false --format testname -- -timeout 600s -p 8 -parallel 8 -v -race -coverprofile=/tmp/profile.out ./pkg/...
+
+godoc:
+	godoc -http=0.0.0.0:6060

build/ci/golangci.yml

@@ -0,0 +1,135 @@
+run:
+  timeout: 15m
+  concurrency: 8
+  max-issues-per-linter: 0
+  # Maximum count of issues with the same text.
+  max-same-issues: 0
+  tests: true # check test files
+  modules-download-mode: mod
+
+output:
+  sort-results: true
+
+linters-settings:
+  # Prevent updating goa generated code due to linter update
+  misspell:
+    ignore-words:
+      - Statuser
+  # Errors from the project can be returned without wrapping
+  wrapcheck:
+    ignorePackageGlobs:
+      - github.com/keboola/go-cloud-encrypt/*
+  # Gci - improved version of goimports
+  gci:
+    sections:
+      - standard # Captures all standard packages if they do not match another section.
+      - default # Contains all imports that could not be matched to another section type.
+      - prefix(github.com/keboola/go-cloud-encrypt)
+
+  gocyclo:
+    # minimal code complexity to report, 30 by default (but we recommend 10-20)
+    min-complexity: 10
+
+  dupl:
+    threshold: 500
+
+  # Forbidden constructions
+  forbidigo:
+    # Instead of matching the literal source code, use real package name.
+    analyze-types: true
+    forbid:
+      # No debug statements
+      - p: ^(fmt\.Print.*|print|println)$
+        msg: Debug statements are forbidden, use a logger, not debug statements.
+
+  stylecheck:
+    checks:
+      - all
+
+  exhaustive:
+    check-generated: true
+    default-signifies-exhaustive: true
+
+# https://golangci-lint.run/usage/linters
+linters:
+  disable-all: true
+  enable:
+    - asciicheck
+    - bodyclose
+    - contextcheck
+    - dogsled
+    - dupl
+    - durationcheck
+    - errcheck
+    - errname
+    - errorlint
+    - exhaustive
+    - copyloopvar
+    - forbidigo
+    - gci
+    - gochecknoglobals
+    - gochecknoinits
+    - goconst
+    - gocritic
+    - godot
+    - godox
+    - gofumpt
+    - goheader
+    - gomodguard
+    - goprintffuncname
+    - gosec
+    - gosimple
+    - govet
+    - importas
+    - ineffassign
+    - makezero
+    - nakedret
+    - nilerr
+    - noctx
+    - predeclared
+    - promlinter
+    - rowserrcheck
+    - sqlclosecheck
+    - staticcheck
+    - stylecheck
+    - tagliatelle
+    - thelper
+    - tparallel
+    - paralleltest
+    - unconvert
+    - unparam
+    - unused
+    - wastedassign
+    - whitespace
+    # DISABLED
+    #- goimports # replaced with gci
+    #- gofmt # replaced with gofumpt
+    #- nolintlint # strange behavior
+    #- gomoddirectives # allow replace directive in go.mod
+    #- misspell - broken, rewrites code
+    # TODO
+    - funlen
+    #- gocyclo
+    - gocognit
+    - cyclop
+    - nestif
+    #- lll
+    #- gomnd
+
+issues:
+  max-same-issues: 25
+
+  # Excluding configuration per-path, per-linter, per-text and per-source
+  exclude-rules:
+    # Exclude some linters from running on tests files.
+    - path: _test\.go
+      linters:
+        - gocyclo
+        - goconst
+        - gosec
+        - gochecknoglobals
+        - errcheck
+        - errorlint
+        - dupl
+        - dogsled
+        - bodyclose

docker-compose.ci.yml

@@ -0,0 +1,19 @@
+services:
+  ci:
+    build: .
+    environment:
+      AZURE_TENANT_ID:
+      AZURE_CLIENT_ID:
+      AZURE_CLIENT_SECRET:
+      AZURE_KEY_VAULT_URL:
+      AZURE_KEY_NAME:
+      AWS_REGION:
+      AWS_ACCESS_KEY_ID:
+      AWS_SECRET_ACCESS_KEY:
+      AWS_KMS_KEY_ID:
+      AWS_ROLE_ID:
+      GCP_KMS_KEY_ID:
+      GOOGLE_APPLICATION_CREDENTIALS: /code/var/gcp-private-key.json
+    volumes:
+      - ./:/code:z
+      - $GOOGLE_APPLICATION_CREDENTIALS:/code/var/gcp-private-key.json

docker-compose.yml

@@ -0,0 +1,10 @@
+services:
+  dev:
+    build: .
+    volumes:
+      - ./:/code:z
+      - cache:/tmp/cache
+    env_file: .env.local
+
+volumes:
+  cache:

go.mod

@@ -0,0 +1,75 @@
+module github.com/keboola/go-cloud-encrypt
+
+go 1.23.2
+
+require (
+	cloud.google.com/go/kms v1.20.0
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0
+	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.0
+	github.com/aws/aws-sdk-go-v2/config v1.28.1
+	github.com/aws/aws-sdk-go-v2/service/kms v1.37.2
+	github.com/dgraph-io/ristretto/v2 v2.0.0-alpha
+	github.com/keboola/go-utils v1.2.0
+	github.com/pkg/errors v0.9.1
+	github.com/stretchr/testify v1.9.0
+)
+
+require (
+	cloud.google.com/go v0.115.1 // indirect
+	cloud.google.com/go/auth v0.9.3 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
+	cloud.google.com/go/compute/metadata v0.5.0 // indirect
+	cloud.google.com/go/iam v1.2.1 // indirect
+	cloud.google.com/go/longrunning v0.6.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.0 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.3.1 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.32.3 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.42 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.18 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.22 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.22 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.24.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.32.3 // indirect
+	github.com/aws/smithy-go v1.22.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/google/s2a-go v0.1.8 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
+	github.com/googleapis/gax-go/v2 v2.13.0 // indirect
+	github.com/kylelemons/godebug v1.1.0 // indirect
+	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect
+	go.opentelemetry.io/otel v1.29.0 // indirect
+	go.opentelemetry.io/otel/metric v1.29.0 // indirect
+	go.opentelemetry.io/otel/trace v1.29.0 // indirect
+	golang.org/x/crypto v0.28.0 // indirect
+	golang.org/x/net v0.30.0 // indirect
+	golang.org/x/oauth2 v0.23.0 // indirect
+	golang.org/x/sync v0.8.0 // indirect
+	golang.org/x/sys v0.26.0 // indirect
+	golang.org/x/text v0.19.0 // indirect
+	golang.org/x/time v0.6.0 // indirect
+	google.golang.org/api v0.197.0 // indirect
+	google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect
+	google.golang.org/grpc v1.66.2 // indirect
+	google.golang.org/protobuf v1.34.2 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)