gaia: github.com/gaia-pipeline/gaia/security Index | Files

package security

import "github.com/gaia-pipeline/gaia/security"

Index

Package Files

ca.go legacy_vault.go secret_generator.go vault.go

func GenerateRandomUUIDV5 Uses

func GenerateRandomUUIDV5() string

GenerateRandomUUIDV5 will return a 32bit random seeded UUID based on a randomly generated UUID v4.

type CA Uses

type CA struct {
    // contains filtered or unexported fields
}

CA represents one generated CA.

func InitCA Uses

func InitCA() (*CA, error)

InitCA setups a new instance of CA and generates a new CA if not already exists.

func (*CA) CleanupCerts Uses

func (c *CA) CleanupCerts(crt, key string) error

CleanupCerts removes certificates at the given path.

func (*CA) CreateSignedCert Uses

func (c *CA) CreateSignedCert() (string, string, error)

CreateSignedCert creates a new key pair which is signed by the CA.

func (*CA) CreateSignedCertWithValidOpts Uses

func (c *CA) CreateSignedCertWithValidOpts(hostname string, hoursBeforeValid, hoursAfterValid time.Duration) (string, string, error)

CreateSignedCertWithValidOpts creates a signed certificate by the CA. It accepts hoursBeforeValid and hoursAfterValid.

func (*CA) GenerateTLSConfig Uses

func (c *CA) GenerateTLSConfig(certPath, keyPath string) (*tls.Config, error)

GenerateTLSConfig generates a new TLS config based on given certificate path and key path.

func (*CA) GetCACertPath Uses

func (c *CA) GetCACertPath() (string, string)

GetCACertPath returns the path to the cert and key from the root CA.

type CAAPI Uses

type CAAPI interface {
    // CreateSignedCert creates a new signed certificate.
    // First return param is the public cert.
    // Second return param is the private key.
    CreateSignedCert() (string, string, error)

    // CreateSignedCertWithValidOpts create a new signed certificate
    // with the given options.
    // First return param is the public cert.
    // Second return param is the private key.
    CreateSignedCertWithValidOpts(hostname string, hoursBeforeValid, hoursAfterValid time.Duration) (string, string, error)

    // GenerateTLSConfig generates a TLS config.
    // It requires the path to the cert and the key.
    GenerateTLSConfig(certPath, keyPath string) (*tls.Config, error)

    // CleanupCerts cleans up the certs at the given path.
    CleanupCerts(crt, key string) error

    // GetCACertPath returns the public cert and private key
    // of the CA.
    GetCACertPath() (string, string)
}

CAAPI represents the interface used to handle certificates.

type FileVaultStorer Uses

type FileVaultStorer struct {
    // contains filtered or unexported fields
}

FileVaultStorer implements VaultStorer as a simple file based storage device.

func (*FileVaultStorer) Init Uses

func (fvs *FileVaultStorer) Init() error

Init initializes the FileVaultStorer.

func (*FileVaultStorer) Read Uses

func (fvs *FileVaultStorer) Read() ([]byte, error)

Read defines a read for the FileVaultStorer.

func (*FileVaultStorer) Write Uses

func (fvs *FileVaultStorer) Write(data []byte) error

Write defines a read for the FileVaultStorer.

type Vault Uses

type Vault struct {
    sync.RWMutex
    // contains filtered or unexported fields
}

Vault is a secret storage for data that gaia needs to store encrypted.

func NewVault Uses

func NewVault(ca CAAPI, storer VaultStorer) (*Vault, error)

NewVault creates a vault which is a simple k/v storage medium with AES encryption. The format is: KEY=VALUE KEY2=VALUE2 NewVault also can take a storer which is an implementation of VaultStorer. This defines a storage medium for the vault. If it's left to nil the vault will use a default FileVaultStorer.

func (*Vault) Add Uses

func (v *Vault) Add(key string, value []byte)

Add adds a value to the vault. This operation is safe to use concurrently. Add will overwrite if the key already exists and not warn.

func (*Vault) Get Uses

func (v *Vault) Get(key string) ([]byte, error)

Get returns a value for a key. This operation is safe to use concurrently. Get will return an error if the data doesn't exist.

func (*Vault) GetAll Uses

func (v *Vault) GetAll() []string

GetAll returns all keys and values in a copy of the internal data.

func (*Vault) LoadSecrets Uses

func (v *Vault) LoadSecrets() error

LoadSecrets decrypts the contents of the vault and fills up a map of data to work with.

func (*Vault) Remove Uses

func (v *Vault) Remove(key string)

Remove removes a key from the vault. This operation is safe to use concurrently. Remove is a no-op if the data doesn't exist.

func (*Vault) SaveSecrets Uses

func (v *Vault) SaveSecrets() error

SaveSecrets encrypts data passed to the vault in a k/v format and saves it to the vault file.

type VaultAPI Uses

type VaultAPI interface {
    LoadSecrets() error
    GetAll() []string
    SaveSecrets() error
    Add(key string, value []byte)
    Remove(key string)
    Get(key string) ([]byte, error)
}

VaultAPI defines a set of apis that a Vault must provide in order to be a Gaia Vault.

type VaultStorer Uses

type VaultStorer interface {
    // Init initializes the medium by creating the file, or bootstrapping the
    // db or simply setting up an in-memory mock storage device. The Init
    // function of a storage medium should be idempotent. Meaning it should
    // be callable multiple times without changing the underlying medium.
    Init() error
    // Read will read bytes from the storage medium and return it to the caller.
    Read() (data []byte, err error)
    // Write will store the passed in encrypted data. How, is up to the implementor.
    Write(data []byte) error
}

VaultStorer defines a storage medium for the Vault.

Package security imports 24 packages (graph) and is imported by 7 packages. Updated 2019-07-21. Refresh now. Tools for package owners.