golang-saas-starter-kit/example-project/internal/platform/auth/key_gen.go

package auth

import (
	"bytes"
	"crypto/rand"
	"crypto/rsa"
	"crypto/x509"
	"encoding/pem"
	"github.com/pkg/errors"
)

// Algorithm to be used to for the private key.
const algorithm = "RS256"

// keyGen creates an x509 private key for signing auth tokens.
func keyGen() ([]byte, error) {
	key, err := rsa.GenerateKey(rand.Reader, 2048)
	if err != nil {
		return []byte{}, errors.Wrap(err, "generating keys")
	}

	block := pem.Block{
		Type:  "RSA PRIVATE KEY",
		Bytes: x509.MarshalPKCS1PrivateKey(key),
	}

	buf := new(bytes.Buffer)
	if err := pem.Encode(buf, &block); err != nil {
		return []byte{}, errors.Wrap(err, "encoding to private file")
	}

	return buf.Bytes(), nil
}
authenticator storage engines Created a storage interface used by authenticator to support multiple types of storage types for private keys. Added a new file storage engine which is now the default for web-api. Migrated aws secrets manager to be optional. 2019-06-24 17:36:42 -08:00			`package auth`

			`import (`
			`"bytes"`
			`"crypto/rand"`
			`"crypto/rsa"`
			`"crypto/x509"`
			`"encoding/pem"`
			`"github.com/pkg/errors"`
			`)`

			`// Algorithm to be used to for the private key.`
			`const algorithm = "RS256"`

			`// keyGen creates an x509 private key for signing auth tokens.`
			`func keyGen() ([]byte, error) {`
			`key, err := rsa.GenerateKey(rand.Reader, 2048)`
			`if err != nil {`
			`return []byte{}, errors.Wrap(err, "generating keys")`
			`}`

			`block := pem.Block{`
			`Type: "RSA PRIVATE KEY",`
			`Bytes: x509.MarshalPKCS1PrivateKey(key),`
			`}`

			`buf := new(bytes.Buffer)`
			`if err := pem.Encode(buf, &block); err != nil {`
			`return []byte{}, errors.Wrap(err, "encoding to private file")`
			`}`

			`return buf.Bytes(), nil`
			`}`