How to Encrypt Data with AES in Go (GCM Mode)

Use the crypto/cipher package to create an AES-GCM cipher and call Seal to encrypt data with a nonce.

package main

import (
	"crypto/aes"
	"crypto/cipher"
	"crypto/rand"
)

func encrypt(key, plaintext []byte) ([]byte, error) {
	block, err := aes.NewCipher(key)
	if err != nil {
		return nil, err
	}
	gcm, err := cipher.NewGCM(block)
	if err != nil {
		return nil, err
	}
	nonce := make([]byte, gcm.NonceSize())
	if _, err := rand.Read(nonce); err != nil {
		return nil, err
	}
	return gcm.Seal(nonce, nonce, plaintext, nil), nil
}

AES-GCM is a secure way to lock your data so only someone with the right key can read it. Think of it like putting a letter in a tamper-proof envelope that also proves it hasn't been opened. You use this whenever you need to store or send sensitive information safely.