security

package
v0.0.0-...-d892afd Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 30, 2022 License: MIT Imports: 24 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GenerateRandomUUIDV5

func GenerateRandomUUIDV5() string

GenerateRandomUUIDV5 will return a 32bit random seeded UUID based on a randomly generated UUID v4.

Types

type BelaurVault

type BelaurVault interface {
	LoadSecrets() error
	GetAll() []string
	SaveSecrets() error
	Add(key string, value []byte)
	Remove(key string)
	Get(key string) ([]byte, error)
}

BelaurVault defines a set of apis that a Vault must provide in order to be a Bhojpur Belaur Vault.

type CA

type CA struct {
	// contains filtered or unexported fields
}

CA represents one generated CA.

func InitCA

func InitCA() (*CA, error)

InitCA setups a new instance of CA and generates a new CA if not already exists.

func (*CA) CleanupCerts

func (c *CA) CleanupCerts(crt, key string) error

CleanupCerts removes certificates at the given path.

func (*CA) CreateSignedCert

func (c *CA) CreateSignedCert() (string, string, error)

CreateSignedCert creates a new key pair which is signed by the CA.

func (*CA) CreateSignedCertWithValidOpts

func (c *CA) CreateSignedCertWithValidOpts(hostname string, hoursBeforeValid, hoursAfterValid time.Duration) (string, string, error)

CreateSignedCertWithValidOpts creates a signed certificate by the CA. It accepts hoursBeforeValid and hoursAfterValid.

func (*CA) GenerateTLSConfig

func (c *CA) GenerateTLSConfig(certPath, keyPath string) (*tls.Config, error)

GenerateTLSConfig generates a new TLS config based on given certificate path and key path.

func (*CA) GetCACertPath

func (c *CA) GetCACertPath() (string, string)

GetCACertPath returns the path to the cert and key from the root CA.

type CAAPI

type CAAPI interface {
	// CreateSignedCert creates a new signed certificate.
	// First return param is the public cert.
	// Second return param is the private key.
	CreateSignedCert() (string, string, error)

	// CreateSignedCertWithValidOpts create a new signed certificate
	// with the given options.
	// First return param is the public cert.
	// Second return param is the private key.
	CreateSignedCertWithValidOpts(hostname string, hoursBeforeValid, hoursAfterValid time.Duration) (string, string, error)

	// GenerateTLSConfig generates a TLS config.
	// It requires the path to the cert and the key.
	GenerateTLSConfig(certPath, keyPath string) (*tls.Config, error)

	// CleanupCerts cleans up the certs at the given path.
	CleanupCerts(crt, key string) error

	// GetCACertPath returns the public cert and private key
	// of the CA.
	GetCACertPath() (string, string)
}

CAAPI represents the interface used to handle certificates.

type FileVaultStorer

type FileVaultStorer struct {
	// contains filtered or unexported fields
}

FileVaultStorer implements VaultStorer as a simple file based storage device.

func (*FileVaultStorer) Init

func (fvs *FileVaultStorer) Init() error

Init initializes the FileVaultStorer.

func (*FileVaultStorer) Read

func (fvs *FileVaultStorer) Read() ([]byte, error)

Read defines a read for the FileVaultStorer.

func (*FileVaultStorer) Write

func (fvs *FileVaultStorer) Write(data []byte) error

Write defines a read for the FileVaultStorer.

type Vault

type Vault struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

Vault is a secret storage for data that Bhojpur Belaur needs to store encrypted.

func NewVault

func NewVault(ca CAAPI, storer VaultStorer) (*Vault, error)

NewVault creates a vault which is a simple k/v storage medium with AES encryption. The format is: KEY=VALUE KEY2=VALUE2 NewVault also can take a storer which is an implementation of VaultStorer. This defines a storage medium for the vault. If it's left to nil the vault will use a default FileVaultStorer.

func (*Vault) Add

func (v *Vault) Add(key string, value []byte)

Add adds a value to the vault. This operation is safe to use concurrently. Add will overwrite if the key already exists and not warn.

func (*Vault) Get

func (v *Vault) Get(key string) ([]byte, error)

Get returns a value for a key. This operation is safe to use concurrently. Get will return an error if the data doesn't exist.

func (*Vault) GetAll

func (v *Vault) GetAll() []string

GetAll returns all keys and values in a copy of the internal data.

func (*Vault) LoadSecrets

func (v *Vault) LoadSecrets() error

LoadSecrets decrypts the contents of the vault and fills up a map of data to work with.

func (*Vault) Remove

func (v *Vault) Remove(key string)

Remove removes a key from the vault. This operation is safe to use concurrently. Remove is a no-op if the data doesn't exist.

func (*Vault) SaveSecrets

func (v *Vault) SaveSecrets() error

SaveSecrets encrypts data passed to the vault in a k/v format and saves it to the vault file.

type VaultStorer

type VaultStorer interface {
	// Init initializes the medium by creating the file, or bootstrapping the
	// db or simply setting up an in-memory mock storage device. The Init
	// function of a storage medium should be idempotent. Meaning it should
	// be callable multiple times without changing the underlying medium.
	Init() error
	// Read will read bytes from the storage medium and return it to the caller.
	Read() (data []byte, err error)
	// Write will store the passed in encrypted data. How, is up to the implementor.
	Write(data []byte) error
}

VaultStorer defines a storage medium for the Vault.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL