vault

Documentation

Index

• Variables
• type ArgonParameters
• type Vault
  • func NewVault(db *sql.DB, bus *eventing.Eventbus, timeSvc utils.Clock) Vault
• type VaultConfiguredEvent

Variables

var (
	ErrVaultAlreadyConfigured     = errors.New("vault is already configured")
	ErrVaultNotConfigured         = errors.New("vault is not configured")
	ErrVaultNotConfiguredOrSealed = errors.New("vault is not configured or sealed")
)

var DefaultParameters = &ArgonParameters{
	Aargon2Version: argon2.Version,
	Variant:        "argon2id",
	Memory:         64 * 1024,
	Iterations:     3,
	Parallelism:    2,
	SaltLength:     16,
	KeyLength:      32,
}

var (
	VaultEventSource = eventing.EventSource("Vault")
)

Types

type ArgonParameters

type ArgonParameters struct {
	Aargon2Version uint32
	Variant        string
	Memory         uint32
	Iterations     uint32
	Parallelism    uint8
	SaltLength     uint32
	KeyLength      uint32
}

type Vault

type Vault interface {
	// IsConfigured returns true if the vault is configured with a key, false otherwise.
	IsConfigured(ctx app.Context) (bool, error)

	// Configure configures the vault with a key derived from the given plainPassword.
	Configure(ctx app.Context, plainPassword string) error

	// Open opens the vault with the given plainPassword.
	// Allows the vault to be used for encryption and decryption.
	Open(ctx app.Context, plainPassword string) (bool, error)

	// Seal closes the vault and purges the key from memory.
	Seal()

	// Vault can be used as an encryption service.
	encryption.EncryptionService
}

func NewVault

func NewVault(db *sql.DB, bus *eventing.Eventbus, timeSvc utils.Clock) Vault

type VaultConfiguredEvent

type VaultConfiguredEvent struct {
	KeyId string
}