keystore

package
v6.2.1+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 7, 2018 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrAlreadyExists is returned when the file already exist at the location.
	ErrAlreadyExists = errors.New("cannot create a new keystore a valid keystore already exist at the location")

	// ErrKeyDoesntExists is returned when the key doesn't exist in the store
	ErrKeyDoesntExists = errors.New("cannot retrieve the key")
)

Functions

func ConfigOpts 

func ConfigOpts(keystore Keystore) []ucfg.Option

ConfigOpts returns ucfg config options with a resolver linked to the current keystore. TODO: Refactor to allow insert into the config option array without having to redefine everything

func ResolverFromConfig 

func ResolverFromConfig(cfg *common.Config, dataPath string) (func(string) (string, error), error)

ResolverFromConfig create a resolver from a configuration.

func ResolverWrap 

func ResolverWrap(keystore Keystore) func(string) (string, error)

ResolverWrap wrap a config resolver around an existing keystore.

Types

type Config 

type Config struct {
	Path string `config:"path"`
}

Config Define keystore configurable options

type FileKeystore 

type FileKeystore struct {
	sync.RWMutex
	Path string
	// contains filtered or unexported fields
}

FileKeystore Allows to store key / secrets pair securely into an encrypted local file.

func (*FileKeystore) Create 

func (k *FileKeystore) Create(override bool) error

Create create an empty keystore, if the store already exist we will return an error.

func (*FileKeystore) Delete 

func (k *FileKeystore) Delete(key string) error

Delete an existing key from the store and mark the store as dirty.

func (*FileKeystore) GetConfig 

func (k *FileKeystore) GetConfig() (*common.Config, error)

GetConfig returns common.Config representation of the key / secret pair to be merged with other loaded configuration.

func (*FileKeystore) IsPersisted 

func (k *FileKeystore) IsPersisted() bool

IsPersisted return if the keystore is physically persisted on disk.

func (*FileKeystore) List 

func (k *FileKeystore) List() ([]string, error)

List return the availables keys.

func (*FileKeystore) Retrieve 

func (k *FileKeystore) Retrieve(key string) (*SecureString, error)

Retrieve return a SecureString instance that will contains both the key and the secret.

func (*FileKeystore) Save 

func (k *FileKeystore) Save() error

Save persists the in memory data to disk if needed.

func (*FileKeystore) Store 

func (k *FileKeystore) Store(key string, value []byte) error

Store add the key pair to the secret store and mark the store as dirty.

type Keystore 

type Keystore interface {
	// Store add keys to the keystore, wont be persisted until we save.
	Store(key string, secret []byte) error

	// Retrieve returns a SecureString instance of the searched key or an error.
	Retrieve(key string) (*SecureString, error)

	// Delete removes a specific key from the keystore.
	Delete(key string) error

	// List returns the list of keys in the keystore, return an empty list if none is found.
	List() ([]string, error)

	// GetConfig returns the key value pair in the config format to be merged with other configuration.
	GetConfig() (*common.Config, error)

	// Create Allow to create an empty keystore.
	Create(override bool) error

	// IsPersisted check if the current keystore is persisted.
	IsPersisted() bool

	// Save persist the changes to the keystore.
	Save() error
}

Keystore implement a way to securely saves and retrieves secrets to be used in the configuration Currently all credentials are loaded upfront and are not lazy retrieved, we will eventually move to that concept, so we can deal with tokens that has a limited duration or can be revoked by a remote keystore.

func Factory 

func Factory(cfg *common.Config, defaultPath string) (Keystore, error)

Factory Create the right keystore with the configured options.

func NewFileKeystore 

func NewFileKeystore(keystoreFile string) (Keystore, error)

NewFileKeystore returns an new File based keystore or an error, currently users cannot set their own password on the keystore, the default password will be an empty string. When the keystore is initialied the secrets are automatically loaded into memory.

func NewFileKeystoreWithPassword 

func NewFileKeystoreWithPassword(keystoreFile string, password *SecureString) (Keystore, error)

NewFileKeystoreWithPassword return a new File based keystore or an error, allow to define what password to use to create the keystore.

type SecureString 

type SecureString struct {
	// contains filtered or unexported fields
}

SecureString Initial implementation for a SecureString representation in beats, currently we keep the password into a Bytes array, we need to implement a way to safely clean that array.

Investigate memguard: https://github.com/awnumar/memguard

func NewSecureString 

func NewSecureString(value []byte) *SecureString

NewSecureString return a struct representing a secrets string.

func (*SecureString) Get 

func (s *SecureString) Get() ([]byte, error)

Get returns the byte value of the secret, or an error if we cannot return it.

func (SecureString) GoString 

func (s SecureString) GoString() string

GoString implements the GoStringer interface to hide the secret value.

func (SecureString) String 

func (s SecureString) String() string

String custom string implementation to make sure we don't bleed this struct into a string.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.