Generate Secure 16 byte/32 byte Golang Keys | Golang's Gorilla CSRF Keygen

⚠️ DISCLAIMER: Use with caution in your Go/Gorilla applications. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

HOW TO USE IN YOUR CODE

                
//Somewhere in your .env file
SESSION_AUTH_KEY=8dUn+goQBgq2WBf5R159JaJfiJDOXKb0LM/5dGnXwiX+mjMNrSghP2r9CEKLyD3URBN4S5+8rfe9RgvIZQ73Ww==
SESSION_ENCRYPT_KEY=/vjigW/z7iL5wy/od7/+iRo/IAfuAUvZvtw2SeyGXVE=

/*=== NOTE: Keys are generated as Base64 Encoded. Use the following function to decode and use in your Go code ===*/

//Go code start
import (
    "os"
    "github.com/gorilla/sessions"
    "github.com/joho/godotenv"
    "encoding/base64"
)

func getKeyFromEnv(name string) []byte {
    raw, err := base64.StdEncoding.DecodeString(os.Getenv(name))
    if err != nil {
        panic("Invalid base64 for " + name)
    }
    return raw
}

func init() {
    _ = godotenv.Load() // loads from .env file
}

var store = sessions.NewCookieStore(
    getKeyFromEnv("SESSION_AUTH_KEY"),
    getKeyFromEnv("SESSION_ENCRYPT_KEY"),
)

Golang's Keygen

32 BYTE AUTH KEY (HMAC signing key)

16 BYTE ENCRYPT KEY (AES-256 encryption key)

HOW TO USE IN YOUR CODE