diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..f468d59 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,7 @@ +# Checklist +- [ ] I adhere the [trunk-based workflow](https://www.atlassian.com/continuous-delivery/continuous-integration/trunk-based-development) +- [ ] I verify that the `CHANGELOG.md` includes comprehensive documentation for the implemented features or fixed bugs. Increment the minor version such as `from 0.1.0 to 0.2.0` for implemented features and increment the patch version `from 0.1.0 to 0.1.1` for bug fixes. If any breaking changes occur, increment the major version, like `from 0.1.0 to 1.0.0`. Also see [Semantic Versioning 2.0.0](https://semver.org/lang/de/) +- [ ] I ensure that all merge conflicts are resolved before asking for a PR reviewer +- [ ] To ensure the success of all pull request workflows, I run [the auto-formatting and linting script](../scripts/format-and-lint.sh). + +# Reference/Link to the issue solved with this PR (if any) \ No newline at end of file diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml new file mode 100644 index 0000000..97802b5 --- /dev/null +++ b/.github/workflows/pr.yml @@ -0,0 +1,16 @@ +name: Pull request + +on: + pull_request: + branches: [main] + +jobs: + test-build-push: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Echo + run: echo "TBD" + \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..f646c0c --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,28 @@ +name: Pull request + +on: + push: + branches: [main] + +jobs: + test-build-push: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Echo + run: echo "TBD" + + # create-git-tags-from-version-file: + # runs-on: ubuntu-latest + # needs: [test-build-push] + # steps: + + # - name: Checkout code + # uses: actions/checkout@v3 + + # - name: Create git tag from version file + # uses: MGTheTrain/public-github-actions/.github/actions/create-git-tag-from-version-file@main + # with: + # GH_TOKEN: ${{ secrets.GH_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml new file mode 100644 index 0000000..e3ed72f --- /dev/null +++ b/.github/workflows/validate.yml @@ -0,0 +1,25 @@ +name: Check Git diffs + +on: + pull_request: + branches: [main] + +jobs: + check-diffs: + runs-on: ubuntu-latest + + steps: + + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Echo + run: echo "TBD" + + # - name: Check diffs + # run: | + # status=$(git status --porcelain=v1) + # if [[ -n "$status" ]]; then + # git diff + # exit 1 + # fi \ No newline at end of file diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..e69de29 diff --git a/README.md b/README.md index 986b9e5..7bddc9e 100644 --- a/README.md +++ b/README.md @@ -19,15 +19,14 @@ TBD ### Functional -- [ ] **Provide RESTful API for cryptographic operations**: Expose endpoints for generating, encrypting, decrypting and verifying cryptographic material. +- [ ] **Provide RESTful API for cryptographic operations**: Expose endpoints for managing cryptographic material and securing files at rest. - [ ] **Asymmetric encryption and decryption**: Support RSA, ECC and other asymmetric encryption algorithms for data protection. -- [ ] **Symmetric encryption**: Implement support for symmetric key encryption (e.g. AES) for file-level security. +- [ ] **Symmetric encryption**: Support for symmetric key encryption (e.g. AES) for data protection. - [ ] **Manage cryptographic material**: Enable management of X.509 certificates, private/public key pairs and symmetric keys (generation, import/export, rotation, etc.). - [ ] **Hashing and signature verification**: Support hashing algorithms (e.g. SHA-256, SHA-512) and verify signatures using asymmetric keys (RSA, ECDSA, etc.). -- [ ] **File encryption and decryption**: Provide endpoints to encrypt and decrypt files using the supported cryptographic algorithms, with support for large file handling. - [ ] **Key management lifecycle**: Implement key lifecycle management (generation, rotation, revocation, expiration). - [ ] **Secure file storage integration**: Provide mechanisms to securely store encrypted files in BLOB storage (e.g. AWS S3, Azure Blob Storage, Google Cloud Storage). -- [ ] **Access control**: Implement role-based access control (RBAC) for APIs and encrypted files, ensuring that only authorized users can perform operations on cryptographic material. +- [ ] **Access control**: Implement role-based access control (RBAC) for APIs ensuring that only authorized users can perform operations on cryptographic material. ### Non-functional @@ -39,7 +38,6 @@ TBD - [ ] **Security**: Ensure all cryptographic material is securely stored and encrypted, protect APIs with authentication (e.g. OAuth2, JWT) and follow best practices for handling sensitive data. - [ ] **Documentation**: Provide clear API documentation (e.g. Swagger/OpenAPI) for ease of integration by other developers. - [ ] **Versioning**: Implement proper API versioning to maintain backward compatibility as the API evolves. -- [ ] **Internationalization and localization**: Support multiple languages or regional settings for global use (optional). - [ ] **Audit logging**: Maintain logs of all cryptographic operations and key management activities for compliance and auditing purposes. diff --git a/api/v1/.gitkeep b/api/v1/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/cmd/.gitkeep b/cmd/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/docs/.gitkeep b/docs/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..654567c --- /dev/null +++ b/go.mod @@ -0,0 +1,3 @@ +module crypto_vault_service + +go 1.21.6 diff --git a/internal/app/.gitkeep b/internal/app/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/internal/pkg/cryptography/decrypt.go b/internal/pkg/cryptography/decrypt.go new file mode 100644 index 0000000..e69de29 diff --git a/internal/pkg/cryptography/decrypt_test.go b/internal/pkg/cryptography/decrypt_test.go new file mode 100644 index 0000000..e69de29 diff --git a/internal/pkg/cryptography/encrypt.go b/internal/pkg/cryptography/encrypt.go new file mode 100644 index 0000000..e69de29 diff --git a/internal/pkg/cryptography/encrypt_test.go b/internal/pkg/cryptography/encrypt_test.go new file mode 100644 index 0000000..e69de29 diff --git a/internal/pkg/cryptography/hash.go b/internal/pkg/cryptography/hash.go new file mode 100644 index 0000000..e69de29 diff --git a/internal/pkg/cryptography/hash_test.go b/internal/pkg/cryptography/hash_test.go new file mode 100644 index 0000000..e69de29 diff --git a/internal/pkg/cryptography/verify_signature.go b/internal/pkg/cryptography/verify_signature.go new file mode 100644 index 0000000..e69de29 diff --git a/internal/pkg/cryptography/verify_signature_test.go b/internal/pkg/cryptography/verify_signature_test.go new file mode 100644 index 0000000..e69de29 diff --git a/internal/pkg/storage/az_blob.go b/internal/pkg/storage/az_blob.go new file mode 100644 index 0000000..e69de29 diff --git a/internal/pkg/storage/az_blob_test.go b/internal/pkg/storage/az_blob_test.go new file mode 100644 index 0000000..e69de29 diff --git a/internal/pkg/storage/az_vault.go b/internal/pkg/storage/az_vault.go new file mode 100644 index 0000000..e69de29 diff --git a/internal/pkg/storage/az_vault_test.go b/internal/pkg/storage/az_vault_test.go new file mode 100644 index 0000000..e69de29 diff --git a/pkg/.gitkeep b/pkg/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/scripts/format-and-lint.sh b/scripts/format-and-lint.sh new file mode 100644 index 0000000..e69de29