1. Docs

Tenant Security Client Go

The SDK is published to pkg.go.dev. Refer to their docs on how to add this library as a dependency to your existing Go application. The minimum Go version supported by this library is Go 1.17.


This is a minimal example of round tripping a document.

ctx := context.Background() // Initialize the client with a Tenant Security Proxy domain and API key. // Typically this would be done once when the application or service initializes tenantSecurityClient := tsc.NewTenantSecurityClient(apiKey, proxyAddress, 0) // Create metadata used to associate this document to a tenant and identify the service or user making the call metadata := tsc.RequestMetadata{TenantID: tenantID, IclFields: tsc.IclFields{RequestingID: "serviceOrUserId", DataLabel: "PII"}, CustomFields: nil} // Create a map containing your data custRecord := tsc.PlaintextDocument{ "ssn": []byte("000-12-2345"), "address": []byte("2825-519 Stone Creek Rd, Bozeman, MT 59715"), "name": []byte("Jim Bridger"), } // Request a key from the KMS and use it to encrypt the document encryptedResults, err := tenantSecurityClient.Encrypt(ctx, custRecord, &metadata) if err != nil { log.Fatalf("Failed to encrypt document: %v", err) } // persist the EDEK and encryptedDocument to your persistence layer edek := encryptedResults.Edek encryptedDocument := encryptedResults.EncryptedFields // later, retrieve the EDEK and encryptedDocument from your persistence layer retrievedEncryptedDocument := tsc.EncryptedDocument{EncryptedFields: encryptedDocument, Edek: edek} // Decrypt the document back to plaintext decryptedPlaintext, err := tenantSecurityClient.Decrypt(ctx, &retrievedEncryptedDocument, &metadata) if err != nil { log.Fatalf("Failed to decrypt document: %v", err) } decryptedValues := decryptedPlaintext.DecryptedFields

There is also a batch API that may be useful if you’re operating on many documents at once.


Examples of using the Tenant Security Client SDK to protect sensitive data can be found on GitHub.


See the docs for a more complete register of all exposed classes and methods.


The changelog can be viewed in the library repository.

Was this page helpful?