secret_storage

command
v0.0.0-...-1bdf50c Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 13, 2023 License: BSD-3-Clause Imports: 13 Imported by: 0

Documentation

Overview

WHAT IS IN THIS EXAMPLE?

Keybase has added an encrypted key-value store intended to support security-conscious bot development with persistent state. It is a place to store small bits of data that are

(1) encrypted for a team or user (via the user's implicit self-team: e.g.

alice,alice),

(2) persistent across logins
(3) fast and durable.

It supports putting, getting, listing, and deleting. A team has many namespaces, a namespace has many entryKeys, and an entryKey has one current entryValue. Namespaces and entryKeys are in cleartext, and the Keybase client service will encrypt and sign the entryValue on the way in (as well as decrypt and verify on the way out) so keybase servers cannot see it or forge it.

-----------

This example implements a simple bot to manage hackerspace tool rentals. It shows one way you can obfuscate entryKeys (which are not encrypted) by storing their HMACs, so that no one but your team (not even Keybase) can know about the names of all the cool tools you have; you can do something similar to hide namespaces.

Additionally this example handles concurrent writes by using explicit revision numbers to prevent one user from unintentionally clobbering another user's rental updates.

Here we've stored the HMAC secret and other entries in the team's kvstore; you could also store the entries in the bot's own kvstore (the default team).

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL