Documentation
¶
Index ¶
- Constants
- Variables
- type SecretContext
- func (s *SecretContext) Access()
- func (s *SecretContext) AddVersion(ctx context.Context, suffix string, payload []byte) (err error)
- func (s *SecretContext) Create(ctx context.Context, suffix string) (err error)
- func (s *SecretContext) Delete(ctx context.Context, suffix string) (err error)
- func (s *SecretContext) Destroy(ctx context.Context, password string) (err error)
- func (s *SecretContext) Fetch(ctx context.Context, password string) (_ string, destroyed bool, err error)
- func (s *SecretContext) LatestVersion(ctx context.Context, suffix string) (_ []byte, err error)
- func (s *SecretContext) Load(ctx context.Context, reload bool) (err error)
- func (s *SecretContext) New(ctx context.Context, secret string) (err error)
- func (s *SecretContext) SetPassword(password string) (err error)
- func (s *SecretContext) Valid() bool
- func (s *SecretContext) VerifyPassword(password string) (err error)
- type SecretManager
Constants ¶
const ( SuffixSecret = "secret" SuffixMetadata = "metadata" )
Suffixes describe the name that the secret or metadata is stored with
Variables ¶
var ( ErrAlreadyExists = errors.New("secret already exists") ErrSecretNotFound = errors.New("secret does not exist in secret manager") ErrFileSizeLimit = errors.New("secret payload exceeds size limit") ErrTimeToLive = errors.New("expiration time must be at least 1m in the future") ErrPermissionDenied = errors.New("secret manager permission denied") ErrNotAuthorized = errors.New("correct password required") ErrNotLoaded = errors.New("secret context needs to be loaded") )
Standard errors for error type checking
Functions ¶
This section is empty.
Types ¶
type SecretContext ¶
type SecretContext struct {
// External information that is serialized and stored in the secret manager.
Password string `json:"password,omitempty"` // the argon2 hashed password for comparision
Filename string `json:"filename,omitempty"` // if the secret is a file, the name of the file for download
IsBase64 bool `json:"is_base64"` // if the secret is base64 encoded or not
Accesses int `json:"accesses"` // the number of allowed accesses for the secret
Retrievals int `json:"retrievals"` // counts the number of times the secret has been accessed
Created time.Time `json:"created"` // the timestamp the secret was created
LastAccessed time.Time `json:"last_accessed"` // the timestamp that the secret was last accessed
Expires time.Time `json:"expires"` // the timestamp when the secret will have expired
// contains filtered or unexported fields
}
SecretContext stores sidechannel information related to the secret but not the secret itself. This data allows the whipser service to manage passwords, the number of accesses, and the expiration of the secret without having to retrieve the secret directly, creating a possible vulnerability. The context is also responsible for managing interactions with the Google Secret Manager service for a specific secret, including using the derived key algorithm for password verification and checking.
func (*SecretContext) Access ¶
func (s *SecretContext) Access()
Access updates the secret metadata on a fetch or other access to the secret.
func (*SecretContext) AddVersion ¶
AddVersion updates the Secret with the new payload and is a helper function that is used both in New to create the first version and in Fetch to track accesses and updates in the secret metadata.
func (*SecretContext) Create ¶
func (s *SecretContext) Create(ctx context.Context, suffix string) (err error)
Create is an helper function that is called twice from New: once to create the secret metadata and once to create the secret itself. The only external information required is the token which is stored on the context.
func (*SecretContext) Delete ¶
func (s *SecretContext) Delete(ctx context.Context, suffix string) (err error)
func (*SecretContext) Destroy ¶
func (s *SecretContext) Destroy(ctx context.Context, password string) (err error)
Destroy both the secret metadata and the secret unless the password is incorrect (returns not authorized) or the secret does not exist (returns not found).
func (*SecretContext) Fetch ¶
func (s *SecretContext) Fetch(ctx context.Context, password string) (_ string, destroyed bool, err error)
Fetch loads the metadata into the context, then determines if a password is required and validates the password using the derived key algorithm. If the secret metadata is still valid then it returns the secret, updating the accesses, otherwise it returns not found. If the secret is invalid after access, it is destroyed. In either case if the secret is invalid before fetch or destroyed after fetch, the destroyed boolean indicates what happened in the function.
func (*SecretContext) LatestVersion ¶
LatestVersion returns the payload for the latest version of the secret if it exists. This is a helper function that performs no validation or password verification.
func (*SecretContext) Load ¶
func (s *SecretContext) Load(ctx context.Context, reload bool) (err error)
Load is a helper function that retrieves the secret metadata from the Secret Manager. It is safe to call load multiple times because it will only load once unless reload
func (*SecretContext) New ¶
func (s *SecretContext) New(ctx context.Context, secret string) (err error)
New creates a new secret and metadata in Google Secret Manager adding the first version to actually store the data. Returns an error if the secret already exists.
func (*SecretContext) SetPassword ¶
func (s *SecretContext) SetPassword(password string) (err error)
SetPassword is the preferred way for setting a password on a secret that is about to be created since it guarantees that the derived key methodology is correct.
func (*SecretContext) Valid ¶
func (s *SecretContext) Valid() bool
Valid returns true if the retrievals is less than the number of allowed accesses and the current time is before the expiration time. If the Expires or Created timestamp is zero, the context is assumed to not have been initialized. Valid is used both to check if the secret context can be created/updated and to determine if it should be destroyed.
func (*SecretContext) VerifyPassword ¶
func (s *SecretContext) VerifyPassword(password string) (err error)
VerifyPassword checks that the password matches the dervied password otherwise errors.
type SecretManager ¶
type SecretManager struct {
// contains filtered or unexported fields
}
SecretManager provides access to the Google Secret Manager and is the primary "vault" (secret storage) currently used by Whisper. The manager maintains the secret parent path composed by the project name as well as the RPC client.
func New ¶
func New(conf config.GoogleConfig) (sm *SecretManager, err error)
New creates and returns a client to access the Google Secret Manager. This function requires the $GOOGLE_APPLICATION_CREDENTIALS environment variable to be set, which specifies the JSON path to the service account credentials.
func NewMock ¶
func NewMock(conf config.GoogleConfig) (*SecretManager, error)
NewMock creates and returns a client to access a mock Secret Manager for testing. Note that the SecretManager is identical and all external functionality is unchanged, however instead of making requests to Google Secret Manager, the mock object is simply storing things in memory.
func (*SecretManager) Check ¶
Check returns true if the secret exists, false if it does not. Used to determine if the secret exists as quickly as possible (e.g. to ensure no duplicates).
func (*SecretManager) With ¶
func (sm *SecretManager) With(token string) *SecretContext
With extracts a secret context with the information required to fetch a secret from Google Secret Manager. This is used to create a new context and to retrieve one.
Source Files