Documentation ¶
Index ¶
- Constants
- func CredulousDecodeAES(ciphertext string, privkey *rsa.PrivateKey) (plaintext string, err error)
- func CredulousDecodePureRSA(ciphertext string, privkey *rsa.PrivateKey) (plaintext string, err error)
- func CredulousDecodeWithSalt(ciphertext string, salt string, privkey *rsa.PrivateKey) (plaintext string, err error)
- func CredulousEncode(plaintext string, pubkey ssh.PublicKey) (ciphertext string, err error)
- func Ensure_directory(path string)
- func GetAWSUsername(instance Instancer) (string, error)
- func GetAWSUsernameAndAlias(cred Credential) (username, alias string, err error)
- func GetCredentials(username string, account string) (string, string, error)
- func GetKeyCreateDate(instance Instancer) (string, error)
- func GetPrivateKey(filename string) string
- func GetRootPath() string
- func ListAvailableCredentials(rootDir FileLister) ([]string, error)
- func MakePath(path string) string
- func Panic_the_err(err error)
- func ParseRepoArgs(repo string) (string, error)
- func SSHFingerprint(pubkey ssh.PublicKey) (fingerprint string)
- func SSHPrivateFingerprint(privkey rsa.PrivateKey) (fingerprint string, err error)
- func SaveCredentials(data SaveData) (err error)
- type AESEncryption
- type Account
- type Credential
- type Credentials
- type CredulousConfig
- type Encryption
- type FileLister
- type Instancer
- type OldCredential
- type RandomSaltGenerator
- type Salter
- type SaveData
- type StaticSaltGenerator
Constants ¶
const ENV_PATTERN string = "^[A-Za-z_][A-Za-z0-9_]*=.*"
const FORMAT_LINUX_ENV_VARS string = `export %s="%s"\n`
const FORMAT_VERSION string = "2014-06-12"
const FORMAT_WINDOWS_ENV_VARS string = `$env:%s="%s"\n`
Setup defaults
const ROTATE_TIMEOUT int = 30
How long to retry after rotating credentials for new credentials to become active (in seconds)
Variables ¶
This section is empty.
Functions ¶
func CredulousDecodeAES ¶
func CredulousDecodeAES(ciphertext string, privkey *rsa.PrivateKey) (plaintext string, err error)
func CredulousDecodePureRSA ¶
func CredulousDecodePureRSA(ciphertext string, privkey *rsa.PrivateKey) (plaintext string, err error)
func CredulousDecodeWithSalt ¶
func CredulousEncode ¶
returns a base64 encoded ciphertext. OAEP can only encrypt plaintexts that are smaller than the key length; for a 1024-bit key, about 117 bytes. So instead, this function: * generates a random 32-byte symmetric key (randKey) * encrypts the plaintext with AES256 using that random symmetric key -> cipherText * encrypts the random symmetric key with the ssh PublicKey -> cipherKey * returns the base64-encoded marshalled JSON for the ciphertext and key
func Ensure_directory ¶
func Ensure_directory(path string)
func GetAWSUsername ¶
func GetAWSUsernameAndAlias ¶
func GetAWSUsernameAndAlias(cred Credential) (username, alias string, err error)
func GetKeyCreateDate ¶
func GetPrivateKey ¶
func GetRootPath ¶
func GetRootPath() string
func ListAvailableCredentials ¶
func ListAvailableCredentials(rootDir FileLister) ([]string, error)
func Panic_the_err ¶
func Panic_the_err(err error)
func ParseRepoArgs ¶
func SSHFingerprint ¶
func SSHPrivateFingerprint ¶
func SSHPrivateFingerprint(privkey rsa.PrivateKey) (fingerprint string, err error)
func SaveCredentials ¶
Types ¶
type AESEncryption ¶
type Account ¶
func GetAccounts ¶
func GetAccounts() []Account
type Credential ¶
func (*Credential) CreateNewAccessKey ¶
func (cred *Credential) CreateNewAccessKey(username string) (err error)
func (*Credential) DeleteOneKey ¶
func (cred *Credential) DeleteOneKey(username string) (err error)
Only delete the oldest key *if* the new key is valid; otherwise, delete the newest key
func (*Credential) RotateCredentials ¶
func (cred *Credential) RotateCredentials(username string) (err error)
Potential conditions to handle here: * AWS has one key
- only generate a new key, do not delete the old one
* AWS has two keys
- both are active and valid
- new one is inactive
- old one is inactive
* We successfully delete the oldest key, but fail in creating the new key (eg network, permission issues)
type Credentials ¶
type Credentials struct { Version string IamUsername string AccountAliasOrId string CreateTime string LifeTime int Encryptions []Encryption }
func RetrieveCredentials ¶
func (Credentials) Display ¶
func (cred Credentials) Display(output io.Writer)
func (Credentials) ValidateCredentials ¶
func (cred Credentials) ValidateCredentials(alias string, username string) error
func (Credentials) VerifyUserAndAccount ¶
func (creds Credentials) VerifyUserAndAccount() error
func (Credentials) WriteToDisk ¶
func (cred Credentials) WriteToDisk(repo, filename string) (err error)
type CredulousConfig ¶
var Config CredulousConfig
type Encryption ¶
type Instancer ¶
type Instancer interface { GetUser(string) (*iam.GetUserResp, error) AccessKeys(string) (*iam.AccessKeysResp, error) ListAccountAliases() (*iam.AccountAliasesResp, error) }
type OldCredential ¶
type OldCredential struct { CreateTime string LifeTime int KeyId string SecretKey string Salt string AccountAliasOrId string IamUsername string FingerPrint string }
func (OldCredential) Display ¶
func (cred OldCredential) Display(output io.Writer)
type RandomSaltGenerator ¶
type RandomSaltGenerator struct { }
func (*RandomSaltGenerator) GenerateSalt ¶
func (sg *RandomSaltGenerator) GenerateSalt() (string, error)
type StaticSaltGenerator ¶
type StaticSaltGenerator struct {
// contains filtered or unexported fields
}
func (*StaticSaltGenerator) GenerateSalt ¶
func (ssg *StaticSaltGenerator) GenerateSalt() (string, error)