import "github.com/docker/notary/signer/keydbstore"
cachedcryptoservice.go keydbstore.go rethink_keydbstore.go sql_keydbstore.go
const ( EncryptionAlg = jose.A256GCM KeywrapAlg = jose.PBES2_HS256_A128KW )
Constants
var PrivateKeysRethinkTable = rethinkdb.Table{ Name: RDBPrivateKey{}.TableName(), PrimaryKey: "key_id", JSONUnmarshaller: rdbPrivateKeyFromJSON, }
PrivateKeysRethinkTable is the table definition for notary signer's key information
func NewCachedKeyService(baseKeyService signed.CryptoService) signed.CryptoService
NewCachedKeyService returns a new signed.CryptoService that includes caching
type GormPrivateKey struct { gorm.Model KeyID string `sql:"type:varchar(255);not null;unique;index:key_id_idx"` EncryptionAlg string `sql:"type:varchar(255);not null"` KeywrapAlg string `sql:"type:varchar(255);not null"` Algorithm string `sql:"type:varchar(50);not null"` PassphraseAlias string `sql:"type:varchar(50);not null"` Gun string `sql:"type:varchar(255);not null"` Role string `sql:"type:varchar(255);not null"` Public string `sql:"type:blob;not null"` Private string `sql:"type:blob;not null"` LastUsed time.Time `sql:"type:datetime;null;default:null"` }
GormPrivateKey represents a PrivateKey in the database
func (g GormPrivateKey) TableName() string
TableName sets a specific table name for our GormPrivateKey
type RDBPrivateKey struct { rethinkdb.Timing KeyID string `gorethink:"key_id"` EncryptionAlg string `gorethink:"encryption_alg"` KeywrapAlg string `gorethink:"keywrap_alg"` Algorithm string `gorethink:"algorithm"` PassphraseAlias string `gorethink:"passphrase_alias"` Gun data.GUN `gorethink:"gun"` Role data.RoleName `gorethink:"role"` // gorethink specifically supports binary types, and says to pass it in as // a byteslice. Currently our encryption method for the private key bytes // produces a base64-encoded string, but for future compatibility in case // we change how we encrypt, use a byteslace for the encrypted private key // too Public []byte `gorethink:"public"` Private []byte `gorethink:"private"` // whether this key is active or not LastUsed time.Time `gorethink:"last_used"` }
RDBPrivateKey represents a PrivateKey in the rethink database
func (g RDBPrivateKey) TableName() string
TableName sets a specific table name for our RDBPrivateKey
type RethinkDBKeyStore struct {
// contains filtered or unexported fields
}
RethinkDBKeyStore persists and manages private keys on a RethinkDB database
func NewRethinkDBKeyStore(dbName, username, password string, passphraseRetriever notary.PassRetriever, defaultPassAlias string, rethinkSession *gorethink.Session) *RethinkDBKeyStore
NewRethinkDBKeyStore returns a new RethinkDBKeyStore backed by a RethinkDB database
func (rdb *RethinkDBKeyStore) AddKey(role data.RoleName, gun data.GUN, privKey data.PrivateKey) error
AddKey stores the contents of a private key. Both role and gun are ignored, we always use Key IDs as name, and don't support aliases
func (rdb RethinkDBKeyStore) Bootstrap() error
Bootstrap sets up the database and tables, also creating the notary signer user with appropriate db permission
func (rdb RethinkDBKeyStore) CheckHealth() error
CheckHealth verifies that DB exists and is query-able
func (rdb RethinkDBKeyStore) Create(role data.RoleName, gun data.GUN, algorithm string) (data.PublicKey, error)
Create will attempt to first re-use an inactive key for the same role, gun, and algorithm. If one isn't found, it will create a private key and add it to the DB as an inactive key
func (rdb *RethinkDBKeyStore) GetKey(keyID string) data.PublicKey
GetKey returns the PublicKey given a KeyID, and does not activate the key
func (rdb *RethinkDBKeyStore) GetPrivateKey(keyID string) (data.PrivateKey, data.RoleName, error)
GetPrivateKey returns the PrivateKey given a KeyID
func (rdb RethinkDBKeyStore) ListAllKeys() map[string]data.RoleName
ListAllKeys always returns nil. This method is here to satisfy the CryptoService interface
func (rdb RethinkDBKeyStore) ListKeys(role data.RoleName) []string
ListKeys always returns nil. This method is here to satisfy the CryptoService interface
func (rdb *RethinkDBKeyStore) Name() string
Name returns a user friendly name for the storage location
func (rdb RethinkDBKeyStore) RemoveKey(keyID string) error
RemoveKey removes the key from the table
func (rdb RethinkDBKeyStore) RotateKeyPassphrase(keyID, newPassphraseAlias string) error
RotateKeyPassphrase rotates the key-encryption-key
type SQLKeyDBStore struct {
// contains filtered or unexported fields
}
SQLKeyDBStore persists and manages private keys on a SQL database
func NewSQLKeyDBStore(passphraseRetriever notary.PassRetriever, defaultPassAlias string, dbDialect string, dbArgs ...interface{}) (*SQLKeyDBStore, error)
NewSQLKeyDBStore returns a new SQLKeyDBStore backed by a SQL database
func (s *SQLKeyDBStore) AddKey(role data.RoleName, gun data.GUN, privKey data.PrivateKey) error
AddKey stores the contents of a private key. Both role and gun are ignored, we always use Key IDs as name, and don't support aliases
func (s *SQLKeyDBStore) Create(role data.RoleName, gun data.GUN, algorithm string) (data.PublicKey, error)
Create will attempt to first re-use an inactive key for the same role, gun, and algorithm. If one isn't found, it will create a private key and add it to the DB as an inactive key
func (s *SQLKeyDBStore) GetKey(keyID string) data.PublicKey
GetKey performs the same get as GetPrivateKey, but does not mark the as active and only returns the public bytes
func (s *SQLKeyDBStore) GetPrivateKey(keyID string) (data.PrivateKey, data.RoleName, error)
GetPrivateKey returns the PrivateKey given a KeyID
func (s *SQLKeyDBStore) HealthCheck() error
HealthCheck verifies that DB exists and is query-able
func (s *SQLKeyDBStore) ListAllKeys() map[string]data.RoleName
ListAllKeys always returns nil. This method is here to satisfy the CryptoService interface
func (s *SQLKeyDBStore) ListKeys(role data.RoleName) []string
ListKeys always returns nil. This method is here to satisfy the CryptoService interface
func (s *SQLKeyDBStore) Name() string
Name returns a user friendly name for the storage location
func (s *SQLKeyDBStore) RemoveKey(keyID string) error
RemoveKey removes the key from the keyfilestore
func (s *SQLKeyDBStore) RotateKeyPassphrase(keyID, newPassphraseAlias string) error
RotateKeyPassphrase rotates the key-encryption-key
Package keydbstore imports 17 packages (graph). Updated 2018-05-21. Refresh now. Tools for package owners.