keyring

package module

v0.0.0-...-cf01233 Latest Latest Go to latest Published: May 10, 2021 License: MIT Imports: 14 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/getchill-app/keyring

Links

Open Source Insights

README ¶

Vault

Vault is an encrypted syncable sql database for storing keys and secrets.

The goal of this package is to provide a cross platform open source syncable secure database for keys and secrets.

It is meant to be an alternative to platform specific APIs such as the Keychain (MacOS), Wincred (Windows) or SecretService dbus (Linux).

☢ This project is in development and has not been audited or reviewed. Use at your own risk. ☢

Documentation ¶

Index ¶

Variables
func SetLogger(l Logger) func()
func Transact(db *sqlx.DB, txFn func(*sqlx.Tx) error) (err error)
type Config
type Keyring
- func New(path string, auth *auth.DB) *Keyring
type LogLevel
- func (l LogLevel) String() string
type Logger
- func NewLogger(lev LogLevel) Logger
type Status

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrInvalidAuth = auth.ErrInvalidAuth

ErrInvalidAuth if auth is invalid.

View Source

var ErrLocked = errors.New("keyring is locked")

ErrLocked if locked.

View Source

var ErrSetupNeeded = errors.New("setup needed")

ErrSetupNeeded if setup if needed.

Functions ¶

func SetLogger ¶

func SetLogger(l Logger) func()

SetLogger sets logger for the package.

func Transact ¶

func Transact(db *sqlx.DB, txFn func(*sqlx.Tx) error) (err error)

Transact creates and executes a transaction.

Types ¶

type Config ¶

type Config struct {
	// contains filtered or unexported fields
}

func (Config) Bytes ¶

func (c Config) Bytes(k string) ([]byte, error)

func (Config) KID ¶

func (c Config) KID(k string) (keys.ID, error)

func (Config) Set ¶

func (c Config) Set(k string, v string) error

func (Config) SetBytes ¶

func (c Config) SetBytes(k string, v []byte) error

func (Config) SetKID ¶

func (c Config) SetKID(k string, v keys.ID) error

func (Config) SetString ¶

func (c Config) SetString(k string, v string) error

func (Config) String ¶

func (c Config) String(k string) (string, error)

type Keyring ¶

type Keyring struct {
	// contains filtered or unexported fields
}

Keyring stores secrets.

func New ¶

func New(path string, auth *auth.DB) *Keyring

New vault.

func (*Keyring) Auth ¶

func (k *Keyring) Auth() *auth.DB

Auth returns auth db.

func (*Keyring) Config ¶

func (k *Keyring) Config() Config

func (*Keyring) DB ¶

func (k *Keyring) DB() *sqlx.DB

DB returns underlying database if vault is open. Returns nil if locked.

func (*Keyring) FIDO2Devices ¶

func (k *Keyring) FIDO2Devices(ctx context.Context) ([]*fido2.Device, error)

FIDO2Devices lists FIDO2 devices.

func (*Keyring) FIDO2Plugin ¶

func (k *Keyring) FIDO2Plugin() fido2.FIDO2Server

FIDO2Plugin if set.

func (*Keyring) GenerateFIDO2HMACSecret ¶

func (k *Keyring) GenerateFIDO2HMACSecret(ctx context.Context, pin string, device string, appName string) (*auth.FIDO2HMACSecret, error)

GenerateFIDO2HMACSecret ...

func (*Keyring) Get ¶

func (k *Keyring) Get(kid keys.ID) (*api.Key, error)

Get key by id. Returns nil if not found.

func (*Keyring) Key ¶

func (k *Keyring) Key(kid keys.ID) (*api.Key, error)

Key by id. If not found, returns keys.ErrNotFound. You can use Get instead.

func (*Keyring) KeyWithLabel ¶

func (k *Keyring) KeyWithLabel(label string) (*api.Key, error)

KeyWithLabel in vault.

func (*Keyring) Keys ¶

func (k *Keyring) Keys() ([]*api.Key, error)

Keys in vault.

func (*Keyring) KeysWithLabel ¶

func (k *Keyring) KeysWithLabel(label string) ([]*api.Key, error)

KeysWithLabel in vault.

func (*Keyring) KeysWithType ¶

func (k *Keyring) KeysWithType(typ string) ([]*api.Key, error)

KeysWithType in vault.

func (*Keyring) Lock ¶

func (k *Keyring) Lock() error

Lock vault.

func (*Keyring) RegisterFIDO2HMACSecret ¶

func (k *Keyring) RegisterFIDO2HMACSecret(ctx context.Context, mk *[32]byte, hs *auth.FIDO2HMACSecret, pin string) (*auth.Auth, error)

RegisterFIDO2HMACSecret adds vault with a FIDO2 hmac-secret. Requires recent Unlock.

func (*Keyring) RegisterPaperKey ¶

func (k *Keyring) RegisterPaperKey(mk *[32]byte, paperKey string) (*auth.Auth, error)

RegisterPaperKey adds a paper key.

func (*Keyring) RegisterPassword ¶

func (k *Keyring) RegisterPassword(mk *[32]byte, password string) (*auth.Auth, error)

RegisterPassword adds a password.

func (*Keyring) Remove ¶

func (k *Keyring) Remove(kid keys.ID) error

Remove a key. Requires Unlock.

func (*Keyring) Reset ¶

func (k *Keyring) Reset() error

func (*Keyring) Set ¶

func (k *Keyring) Set(key *api.Key) error

Set a key in the Keyring. Requires Unlock.

func (*Keyring) SetFIDO2Plugin ¶

func (k *Keyring) SetFIDO2Plugin(fido2Plugin fido2.FIDO2Server)

SetFIDO2Plugin sets the plugin.

func (*Keyring) Setup ¶

func (k *Keyring) Setup(mk *[32]byte) error

Setup vault. Doesn't unlock.

func (*Keyring) SetupFIDO2HMACSecret ¶

func (k *Keyring) SetupFIDO2HMACSecret(ctx context.Context, hs *auth.FIDO2HMACSecret, pin string) (*[32]byte, error)

SetupFIDO2HMACSecret sets up vault with a FIDO2 hmac-secret.

func (*Keyring) SetupPaperKey ¶

func (k *Keyring) SetupPaperKey(paperKey string) (*[32]byte, error)

SetupPaperKey setup vault with a paper key.

func (*Keyring) SetupPassword ¶

func (k *Keyring) SetupPassword(password string) (*[32]byte, error)

SetupPassword setup vault with a password.

func (*Keyring) Status ¶

func (k *Keyring) Status() Status

Status returns vault status.

func (*Keyring) Unlock ¶

func (k *Keyring) Unlock(mk *[32]byte) error

Unlock vault.

func (*Keyring) UnlockWithFIDO2HMACSecret ¶

func (k *Keyring) UnlockWithFIDO2HMACSecret(ctx context.Context, pin string) (*[32]byte, error)

UnlockWithFIDO2HMACSecret opens vault with a FIDO2 hmac-secret.

func (*Keyring) UnlockWithPaperKey ¶

func (k *Keyring) UnlockWithPaperKey(paperKey string) (*[32]byte, error)

UnlockWithPaperKey opens vault with a paper key.

func (*Keyring) UnlockWithPassword ¶

func (k *Keyring) UnlockWithPassword(password string) (*[32]byte, error)

UnlockWithPassword opens vault with a password.

type LogLevel ¶

type LogLevel int

LogLevel ...

const (
	// DebugLevel ...
	DebugLevel LogLevel = 3
	// InfoLevel ...
	InfoLevel LogLevel = 2
	// WarnLevel ...
	WarnLevel LogLevel = 1
	// ErrLevel ...
	ErrLevel LogLevel = 0
	// NoLevel
	NoLevel LogLevel = -1
)

func (LogLevel) String ¶

func (l LogLevel) String() string

type Logger ¶

type Logger interface {
	Debugf(format string, args ...interface{})
	Infof(format string, args ...interface{})
	Warningf(format string, args ...interface{})
	Errorf(format string, args ...interface{})
	Fatalf(format string, args ...interface{})
}

Logger interface used in this package.

func NewLogger ¶

func NewLogger(lev LogLevel) Logger

NewLogger ...

type Status ¶

type Status string

Status for vault.

const (
	Locked      Status = "locked"
	Unlocked    Status = "unlocked"
	SetupNeeded Status = "setup-needed"
)

Status of vault.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
auth
api
examples
01-setup/fido2
01-setup/password
02-unlock/fido2
02-unlock/password
03-register/fido2
04-keys
testutil

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL