πΉ @encrypt Operator in TuskLang - Go Guide
@encrypt Operator in TuskLang - Go Guide
π Crypto Power: @encrypt Operator Unleashed
TuskLang's @encrypt operator is your security superweapon. We don't bow to any kingβespecially not to plaintext secrets. Here's how to use @encrypt in Go projects to secure sensitive data with military-grade encryption.
π Table of Contents
- What is @encrypt? - Basic Usage - Encryption Algorithms - Key Management - Go Integration - Best Practicesπ‘οΈ What is @encrypt?
The @encrypt operator encrypts and decrypts sensitive data directly in your config. No more plaintext secretsβjust pure, encrypted security.
π οΈ Basic Usage
[secrets]
api_key: @encrypt("supersecret", "AES-256-GCM")
password: @encrypt("mypassword", "ChaCha20-Poly1305")
token: @encrypt("jwt_token", "AES-256-CBC")π Encryption Algorithms
AES-256-GCM
[secure]
sensitive_data: @encrypt("secret_value", "AES-256-GCM")ChaCha20-Poly1305
[modern]
password: @encrypt("user_password", "ChaCha20-Poly1305")AES-256-CBC
[legacy]
token: @encrypt("api_token", "AES-256-CBC")π Key Management
[keys]
encryption_key: @env.secure("ENCRYPTION_KEY")
master_key: @file.secure("keys/master.key")π Go Integration
apiKey := config.GetString("api_key") // Automatically decrypted
password := config.GetString("password") // Automatically decryptedManual Encryption
import "crypto/aes"
import "crypto/cipher"key := []byte("32-byte-key-for-aes-256")
plaintext := []byte("secret data")
block, err := aes.NewCipher(key)
if err != nil {
log.Fatal(err)
}
gcm, err := cipher.NewGCM(block)
if err != nil {
log.Fatal(err)
}
nonce := make([]byte, gcm.NonceSize())
ciphertext := gcm.Seal(nonce, nonce, plaintext, nil)
π₯ Best Practices
- Use AES-256-GCM for new applications - Store encryption keys securely - Rotate keys regularly - Never log encrypted data - Use hardware security modules when possible---
TuskLang: Military-grade encryption with @encrypt.