notary: github.com/docker/notary/signer/keydbstore Index | Files

package keydbstore

import "github.com/docker/notary/signer/keydbstore"

Index

Package Files

cachedcryptoservice.go keydbstore.go rethink_keydbstore.go sql_keydbstore.go

Constants

const (
    EncryptionAlg = jose.A256GCM
    KeywrapAlg    = jose.PBES2_HS256_A128KW
)

Constants

Variables

var PrivateKeysRethinkTable = rethinkdb.Table{
    Name:             RDBPrivateKey{}.TableName(),
    PrimaryKey:       "key_id",
    JSONUnmarshaller: rdbPrivateKeyFromJSON,
}

PrivateKeysRethinkTable is the table definition for notary signer's key information

func NewCachedKeyService Uses

func NewCachedKeyService(baseKeyService signed.CryptoService) signed.CryptoService

NewCachedKeyService returns a new signed.CryptoService that includes caching

type GormPrivateKey Uses

type GormPrivateKey struct {
    gorm.Model
    KeyID           string    `sql:"type:varchar(255);not null;unique;index:key_id_idx"`
    EncryptionAlg   string    `sql:"type:varchar(255);not null"`
    KeywrapAlg      string    `sql:"type:varchar(255);not null"`
    Algorithm       string    `sql:"type:varchar(50);not null"`
    PassphraseAlias string    `sql:"type:varchar(50);not null"`
    Gun             string    `sql:"type:varchar(255);not null"`
    Role            string    `sql:"type:varchar(255);not null"`
    Public          string    `sql:"type:blob;not null"`
    Private         string    `sql:"type:blob;not null"`
    LastUsed        time.Time `sql:"type:datetime;null;default:null"`
}

GormPrivateKey represents a PrivateKey in the database

func (GormPrivateKey) TableName Uses

func (g GormPrivateKey) TableName() string

TableName sets a specific table name for our GormPrivateKey

type RDBPrivateKey Uses

type RDBPrivateKey struct {
    rethinkdb.Timing
    KeyID           string        `gorethink:"key_id"`
    EncryptionAlg   string        `gorethink:"encryption_alg"`
    KeywrapAlg      string        `gorethink:"keywrap_alg"`
    Algorithm       string        `gorethink:"algorithm"`
    PassphraseAlias string        `gorethink:"passphrase_alias"`
    Gun             data.GUN      `gorethink:"gun"`
    Role            data.RoleName `gorethink:"role"`

    // gorethink specifically supports binary types, and says to pass it in as
    // a byteslice.  Currently our encryption method for the private key bytes
    // produces a base64-encoded string, but for future compatibility in case
    // we change how we encrypt, use a byteslace for the encrypted private key
    // too
    Public  []byte `gorethink:"public"`
    Private []byte `gorethink:"private"`

    // whether this key is active or not
    LastUsed time.Time `gorethink:"last_used"`
}

RDBPrivateKey represents a PrivateKey in the rethink database

func (RDBPrivateKey) TableName Uses

func (g RDBPrivateKey) TableName() string

TableName sets a specific table name for our RDBPrivateKey

type RethinkDBKeyStore Uses

type RethinkDBKeyStore struct {
    // contains filtered or unexported fields
}

RethinkDBKeyStore persists and manages private keys on a RethinkDB database

func NewRethinkDBKeyStore Uses

func NewRethinkDBKeyStore(dbName, username, password string, passphraseRetriever notary.PassRetriever, defaultPassAlias string, rethinkSession *gorethink.Session) *RethinkDBKeyStore

NewRethinkDBKeyStore returns a new RethinkDBKeyStore backed by a RethinkDB database

func (*RethinkDBKeyStore) AddKey Uses

func (rdb *RethinkDBKeyStore) AddKey(role data.RoleName, gun data.GUN, privKey data.PrivateKey) error

AddKey stores the contents of a private key. Both role and gun are ignored, we always use Key IDs as name, and don't support aliases

func (RethinkDBKeyStore) Bootstrap Uses

func (rdb RethinkDBKeyStore) Bootstrap() error

Bootstrap sets up the database and tables, also creating the notary signer user with appropriate db permission

func (RethinkDBKeyStore) CheckHealth Uses

func (rdb RethinkDBKeyStore) CheckHealth() error

CheckHealth verifies that DB exists and is query-able

func (RethinkDBKeyStore) Create Uses

func (rdb RethinkDBKeyStore) Create(role data.RoleName, gun data.GUN, algorithm string) (data.PublicKey, error)

Create will attempt to first re-use an inactive key for the same role, gun, and algorithm. If one isn't found, it will create a private key and add it to the DB as an inactive key

func (*RethinkDBKeyStore) GetKey Uses

func (rdb *RethinkDBKeyStore) GetKey(keyID string) data.PublicKey

GetKey returns the PublicKey given a KeyID, and does not activate the key

func (*RethinkDBKeyStore) GetPrivateKey Uses

func (rdb *RethinkDBKeyStore) GetPrivateKey(keyID string) (data.PrivateKey, data.RoleName, error)

GetPrivateKey returns the PrivateKey given a KeyID

func (RethinkDBKeyStore) ListAllKeys Uses

func (rdb RethinkDBKeyStore) ListAllKeys() map[string]data.RoleName

ListAllKeys always returns nil. This method is here to satisfy the CryptoService interface

func (RethinkDBKeyStore) ListKeys Uses

func (rdb RethinkDBKeyStore) ListKeys(role data.RoleName) []string

ListKeys always returns nil. This method is here to satisfy the CryptoService interface

func (*RethinkDBKeyStore) Name Uses

func (rdb *RethinkDBKeyStore) Name() string

Name returns a user friendly name for the storage location

func (RethinkDBKeyStore) RemoveKey Uses

func (rdb RethinkDBKeyStore) RemoveKey(keyID string) error

RemoveKey removes the key from the table

func (RethinkDBKeyStore) RotateKeyPassphrase Uses

func (rdb RethinkDBKeyStore) RotateKeyPassphrase(keyID, newPassphraseAlias string) error

RotateKeyPassphrase rotates the key-encryption-key

type SQLKeyDBStore Uses

type SQLKeyDBStore struct {
    // contains filtered or unexported fields
}

SQLKeyDBStore persists and manages private keys on a SQL database

func NewSQLKeyDBStore Uses

func NewSQLKeyDBStore(passphraseRetriever notary.PassRetriever, defaultPassAlias string,
    dbDialect string, dbArgs ...interface{}) (*SQLKeyDBStore, error)

NewSQLKeyDBStore returns a new SQLKeyDBStore backed by a SQL database

func (*SQLKeyDBStore) AddKey Uses

func (s *SQLKeyDBStore) AddKey(role data.RoleName, gun data.GUN, privKey data.PrivateKey) error

AddKey stores the contents of a private key. Both role and gun are ignored, we always use Key IDs as name, and don't support aliases

func (*SQLKeyDBStore) Create Uses

func (s *SQLKeyDBStore) Create(role data.RoleName, gun data.GUN, algorithm string) (data.PublicKey, error)

Create will attempt to first re-use an inactive key for the same role, gun, and algorithm. If one isn't found, it will create a private key and add it to the DB as an inactive key

func (*SQLKeyDBStore) GetKey Uses

func (s *SQLKeyDBStore) GetKey(keyID string) data.PublicKey

GetKey performs the same get as GetPrivateKey, but does not mark the as active and only returns the public bytes

func (*SQLKeyDBStore) GetPrivateKey Uses

func (s *SQLKeyDBStore) GetPrivateKey(keyID string) (data.PrivateKey, data.RoleName, error)

GetPrivateKey returns the PrivateKey given a KeyID

func (*SQLKeyDBStore) HealthCheck Uses

func (s *SQLKeyDBStore) HealthCheck() error

HealthCheck verifies that DB exists and is query-able

func (*SQLKeyDBStore) ListAllKeys Uses

func (s *SQLKeyDBStore) ListAllKeys() map[string]data.RoleName

ListAllKeys always returns nil. This method is here to satisfy the CryptoService interface

func (*SQLKeyDBStore) ListKeys Uses

func (s *SQLKeyDBStore) ListKeys(role data.RoleName) []string

ListKeys always returns nil. This method is here to satisfy the CryptoService interface

func (*SQLKeyDBStore) Name Uses

func (s *SQLKeyDBStore) Name() string

Name returns a user friendly name for the storage location

func (*SQLKeyDBStore) RemoveKey Uses

func (s *SQLKeyDBStore) RemoveKey(keyID string) error

RemoveKey removes the key from the keyfilestore

func (*SQLKeyDBStore) RotateKeyPassphrase Uses

func (s *SQLKeyDBStore) RotateKeyPassphrase(keyID, newPassphraseAlias string) error

RotateKeyPassphrase rotates the key-encryption-key

Package keydbstore imports 17 packages (graph). Updated 2018-05-21. Refresh now. Tools for package owners.