vault

package module
v0.0.0-...-d87a525 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 28, 2021 License: MIT Imports: 20 Imported by: 0

README

Vault

Vault is an encrypted syncable sql database for storing keys and secrets.

The goal of this package is to provide a cross platform open source syncable secure database for keys and secrets.

It is meant to be an alternative to platform specific APIs such as the Keychain (MacOS), Wincred (Windows) or SecretService dbus (Linux).

☢ This project is in development and has not been audited or reviewed. Use at your own risk. ☢

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrInvalidAuth = auth.ErrInvalidAuth

ErrInvalidAuth if auth is invalid.

View Source 
var ErrLocked = errors.New("vault is locked")

ErrLocked if locked.

View Source 
var ErrSetupNeeded = errors.New("setup needed")

ErrSetupNeeded if setup if needed.

Functions

func SetLogger 

func SetLogger(l Logger) func()

SetLogger sets logger for the package.

Types

type Change 

type Change struct {
	VID       keys.ID
	Local     int64
	Remote    int64
	Timestamp int64
	Push      bool
}

Change on remote.

type Config 

type Config struct {
	// contains filtered or unexported fields
}

func (Config) Bytes 

func (c Config) Bytes(k string) ([]byte, error)

func (Config) KID 

func (c Config) KID(k string) (keys.ID, error)

func (Config) Set 

func (c Config) Set(k string, v string) error

func (Config) SetBytes 

func (c Config) SetBytes(k string, v []byte) error

func (Config) SetKID 

func (c Config) SetKID(k string, v keys.ID) error

func (Config) SetString 

func (c Config) SetString(k string, v string) error

func (Config) String 

func (c Config) String(k string) (string, error)

type Event 

type Event = client.Event

Event alias.

type Events 

type Events = client.Events

Events alias.

type Keyring 

type Keyring struct {
	// contains filtered or unexported fields
}

Keyring ...

func NewKeyring 

func NewKeyring(vault *Vault) *Keyring

NewKeyring creates a keyring.

func (*Keyring) Find 

func (k *Keyring) Find(ctx context.Context, kid keys.ID) (*api.Key, error)

Find looks for local key and if not found, syncs and retries.

func (*Keyring) Get 

func (k *Keyring) Get(kid keys.ID) (*api.Key, error)

Get key by id. Returns nil if not found.

func (*Keyring) Key 

func (k *Keyring) Key(kid keys.ID) (*api.Key, error)

Key by id. If not found, returns keys.ErrNotFound. You can use Get instead.

func (*Keyring) KeyWithLabel 

func (k *Keyring) KeyWithLabel(label string) (*api.Key, error)

KeyWithLabel in vault.

func (*Keyring) Keys 

func (k *Keyring) Keys() ([]*api.Key, error)

Keys in vault.

func (*Keyring) KeysWithLabel 

func (k *Keyring) KeysWithLabel(label string) ([]*api.Key, error)

KeysWithLabel in vault.

func (*Keyring) KeysWithType 

func (k *Keyring) KeysWithType(typ string) ([]*api.Key, error)

KeysWithType in vault.

func (*Keyring) Remove 

func (k *Keyring) Remove(kid keys.ID) error

Remove a key. Requires Unlock.

func (*Keyring) Save 

func (k *Keyring) Save(key *api.Key) error

Save key to the keyring and try to sync in the background.

func (*Keyring) Set 

func (k *Keyring) Set(key *api.Key) error

Set a key in the keyring. Requires Unlock.

func (*Keyring) Sync 

func (k *Keyring) Sync(ctx context.Context) error

Sync db. Returns error if sync is not enabled.

func (*Keyring) Vaults 

func (k *Keyring) Vaults() ([]*client.Vault, error)

type LogLevel 

type LogLevel int

LogLevel ... 

const (
	// DebugLevel ...
	DebugLevel LogLevel = 3
	// InfoLevel ...
	InfoLevel LogLevel = 2
	// WarnLevel ...
	WarnLevel LogLevel = 1
	// ErrLevel ...
	ErrLevel LogLevel = 0
	// NoLevel
	NoLevel LogLevel = -1
)

func (LogLevel) String 

func (l LogLevel) String() string

type Logger 

type Logger interface {
	Debugf(format string, args ...interface{})
	Infof(format string, args ...interface{})
	Warningf(format string, args ...interface{})
	Errorf(format string, args ...interface{})
	Fatalf(format string, args ...interface{})
}

Logger interface used in this package.

func NewLogger 

func NewLogger(lev LogLevel) Logger

NewLogger ...

type Option 

type Option func(*Options)

Option for Vault.

func WithClient 

func WithClient(client *client.Client) Option

WithClient ...

func WithClock 

func WithClock(clock tsutil.Clock) Option

WithClock ...

type Options 

type Options struct {
	Client *client.Client
	Clock  tsutil.Clock
}

Options for vault.

type Status 

type Status string

Status for vault. 

const (
	Locked      Status = "locked"
	Unlocked    Status = "unlocked"
	SetupNeeded Status = "setup-needed"
)

Status of vault.

type Vault 

type Vault struct {
	// contains filtered or unexported fields
}

Vault syncs secrets.

func New 

func New(path string, auth *auth.DB, opt ...Option) (*Vault, error)

New vault.

func (*Vault) Add 

func (v *Vault) Add(key *keys.EdX25519Key, b []byte, cipher syncer.Cipher) error

Add to vault. The `vid` is a vault identifier. You can create a vault using Create. Requires Unlock.

func (*Vault) Auth 

func (v *Vault) Auth() *auth.DB

Auth returns auth db.

func (*Vault) Changes 

func (v *Vault) Changes(ctx context.Context) ([]*Change, error)

Changes for any keys in the keyring. If the keyring isn't synced this may not return all changes for those keyring keys, so you should usually sync the keyring first.

func (*Vault) Client 

func (v *Vault) Client() *client.Client

Client is the vault client.

func (*Vault) ClientKey 

func (v *Vault) ClientKey() (*api.Key, error)

ClientKey is the vault client key.

func (*Vault) Config 

func (v *Vault) Config() Config

func (*Vault) DB 

func (v *Vault) DB() *sqlx.DB

DB returns underlying database if vault is open. Returns nil if locked.

func (*Vault) FIDO2Devices 

func (v *Vault) FIDO2Devices(ctx context.Context) ([]*fido2.Device, error)

FIDO2Devices lists FIDO2 devices.

func (*Vault) FIDO2Plugin 

func (v *Vault) FIDO2Plugin() fido2.FIDO2Server

FIDO2Plugin if set.

func (*Vault) GenerateFIDO2HMACSecret 

func (v *Vault) GenerateFIDO2HMACSecret(ctx context.Context, pin string, device string, appName string) (*auth.FIDO2HMACSecret, error)

GenerateFIDO2HMACSecret ...

func (*Vault) Keyring 

func (v *Vault) Keyring() *Keyring

Keyring for keys in vault.

func (*Vault) Lock 

func (v *Vault) Lock() error

Lock vault.

func (*Vault) Register 

func (v *Vault) Register(ctx context.Context, key *keys.EdX25519Key, account *keys.EdX25519Key) (*api.Key, error)

Register a vault. You can register a key that already exists. Registering also sync's the keyring. Requires Unlock.

func (*Vault) RegisterFIDO2HMACSecret 

func (v *Vault) RegisterFIDO2HMACSecret(ctx context.Context, mk *[32]byte, hs *auth.FIDO2HMACSecret, pin string) (*auth.Auth, error)

RegisterFIDO2HMACSecret adds vault with a FIDO2 hmac-secret. Requires recent Unlock.

func (*Vault) RegisterPaperKey 

func (v *Vault) RegisterPaperKey(mk *[32]byte, paperKey string) (*auth.Auth, error)

RegisterPaperKey adds a paper key.

func (*Vault) RegisterPassword 

func (v *Vault) RegisterPassword(mk *[32]byte, password string) (*auth.Auth, error)

RegisterPassword adds a password.

func (*Vault) Reset 

func (v *Vault) Reset() error

func (*Vault) SetClientKey 

func (v *Vault) SetClientKey(ck *api.Key) error

func (*Vault) SetFIDO2Plugin 

func (v *Vault) SetFIDO2Plugin(fido2Plugin fido2.FIDO2Server)

SetFIDO2Plugin sets the plugin.

func (*Vault) Setup 

func (v *Vault) Setup(mk *[32]byte) error

Setup vault. Doesn't unlock.

func (*Vault) SetupFIDO2HMACSecret 

func (v *Vault) SetupFIDO2HMACSecret(ctx context.Context, hs *auth.FIDO2HMACSecret, pin string) (*[32]byte, error)

SetupFIDO2HMACSecret sets up vault with a FIDO2 hmac-secret.

func (*Vault) SetupPaperKey 

func (v *Vault) SetupPaperKey(paperKey string) (*[32]byte, error)

SetupPaperKey setup vault with a paper key.

func (*Vault) SetupPassword 

func (v *Vault) SetupPassword(password string) (*[32]byte, error)

SetupPassword setup vault with a password.

func (*Vault) Status 

func (v *Vault) Status() Status

 Status returns vault status.

func (*Vault) Sync 

func (v *Vault) Sync(ctx context.Context, vid keys.ID, receiver syncer.Receiver) error

Sync a specific key with receiver.

func (*Vault) Unlock 

func (v *Vault) Unlock(mk *[32]byte) error

Unlock vault.

func (*Vault) UnlockWithFIDO2HMACSecret 

func (v *Vault) UnlockWithFIDO2HMACSecret(ctx context.Context, pin string) (*[32]byte, error)

UnlockWithFIDO2HMACSecret opens vault with a FIDO2 hmac-secret.

func (*Vault) UnlockWithPaperKey 

func (v *Vault) UnlockWithPaperKey(paperKey string) (*[32]byte, error)

UnlockWithPaperKey opens vault with a paper key.

func (*Vault) UnlockWithPassword 

func (v *Vault) UnlockWithPassword(password string) (*[32]byte, error)

UnlockWithPassword opens vault with a password.

Source Files

View all Source files

Directories

Path Synopsis
api
examples
00-account
01-setup/fido2
01-setup/password
02-unlock/fido2
02-unlock/password
03-register/fido2
04-sync

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.