keydbstore

package

v0.4.4 Latest Latest Go to latest Published: Jan 7, 2017 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/docker/notary

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func NewCachedKeyService(baseKeyService signed.CryptoService) signed.CryptoService
type GormPrivateKey
- func (g GormPrivateKey) TableName() string
type RDBPrivateKey
- func (g RDBPrivateKey) TableName() string
type RethinkDBKeyStore
- func NewRethinkDBKeyStore(dbName, username, password string, passphraseRetriever notary.PassRetriever, ...) *RethinkDBKeyStore
type SQLKeyDBStore
- func NewSQLKeyDBStore(passphraseRetriever notary.PassRetriever, defaultPassAlias string, ...) (*SQLKeyDBStore, error)

Constants ¶

View Source

const (
	EncryptionAlg = jose.A256GCM
	KeywrapAlg    = jose.PBES2_HS256_A128KW
)

Constants

Variables ¶

View Source

var PrivateKeysRethinkTable = rethinkdb.Table{
	Name:             RDBPrivateKey{}.TableName(),
	PrimaryKey:       "key_id",
	JSONUnmarshaller: rdbPrivateKeyFromJSON,
}

PrivateKeysRethinkTable is the table definition for notary signer's key information

Functions ¶

func NewCachedKeyService ¶ added in v0.4.0

func NewCachedKeyService(baseKeyService signed.CryptoService) signed.CryptoService

NewCachedKeyService returns a new signed.CryptoService that includes caching

Types ¶

type GormPrivateKey ¶

type GormPrivateKey struct {
	gorm.Model
	KeyID           string    `sql:"type:varchar(255);not null;unique;index:key_id_idx"`
	EncryptionAlg   string    `sql:"type:varchar(255);not null"`
	KeywrapAlg      string    `sql:"type:varchar(255);not null"`
	Algorithm       string    `sql:"type:varchar(50);not null"`
	PassphraseAlias string    `sql:"type:varchar(50);not null"`
	Gun             string    `sql:"type:varchar(255);not null"`
	Role            string    `sql:"type:varchar(255);not null"`
	Public          string    `sql:"type:blob;not null"`
	Private         string    `sql:"type:blob;not null"`
	LastUsed        time.Time `sql:"type:datetime;null;default:null"`
}

GormPrivateKey represents a PrivateKey in the database

func (GormPrivateKey) TableName ¶

func (g GormPrivateKey) TableName() string

TableName sets a specific table name for our GormPrivateKey

type RDBPrivateKey ¶ added in v0.3.0

type RDBPrivateKey struct {
	rethinkdb.Timing
	KeyID           string `gorethink:"key_id"`
	EncryptionAlg   string `gorethink:"encryption_alg"`
	KeywrapAlg      string `gorethink:"keywrap_alg"`
	Algorithm       string `gorethink:"algorithm"`
	PassphraseAlias string `gorethink:"passphrase_alias"`
	Gun             string `gorethink:"gun"`
	Role            string `gorethink:"role"`

	// gorethink specifically supports binary types, and says to pass it in as
	// a byteslice.  Currently our encryption method for the private key bytes
	// produces a base64-encoded string, but for future compatibility in case
	// we change how we encrypt, use a byteslace for the encrypted private key
	// too
	Public  []byte `gorethink:"public"`
	Private []byte `gorethink:"private"`

	// whether this key is active or not
	LastUsed time.Time `gorethink:"last_used"`
}

RDBPrivateKey represents a PrivateKey in the rethink database

func (RDBPrivateKey) TableName ¶ added in v0.3.0

func (g RDBPrivateKey) TableName() string

TableName sets a specific table name for our RDBPrivateKey

type RethinkDBKeyStore ¶ added in v0.3.0

type RethinkDBKeyStore struct {
	// contains filtered or unexported fields
}

RethinkDBKeyStore persists and manages private keys on a RethinkDB database

func NewRethinkDBKeyStore ¶ added in v0.3.0

func NewRethinkDBKeyStore(dbName, username, password string, passphraseRetriever notary.PassRetriever, defaultPassAlias string, rethinkSession *gorethink.Session) *RethinkDBKeyStore

NewRethinkDBKeyStore returns a new RethinkDBKeyStore backed by a RethinkDB database

func (*RethinkDBKeyStore) AddKey ¶ added in v0.3.0

func (rdb *RethinkDBKeyStore) AddKey(role, gun string, privKey data.PrivateKey) error

AddKey stores the contents of a private key. Both role and gun are ignored, we always use Key IDs as name, and don't support aliases

func (RethinkDBKeyStore) Bootstrap ¶ added in v0.3.0

func (rdb RethinkDBKeyStore) Bootstrap() error

Bootstrap sets up the database and tables, also creating the notary signer user with appropriate db permission

func (RethinkDBKeyStore) CheckHealth ¶ added in v0.3.0

func (rdb RethinkDBKeyStore) CheckHealth() error

CheckHealth verifies that DB exists and is query-able

func (RethinkDBKeyStore) Create ¶ added in v0.4.0

func (rdb RethinkDBKeyStore) Create(role, gun, algorithm string) (data.PublicKey, error)

Create will attempt to first re-use an inactive key for the same role, gun, and algorithm. If one isn't found, it will create a private key and add it to the DB as an inactive key

func (*RethinkDBKeyStore) GetKey ¶ added in v0.3.0

func (rdb *RethinkDBKeyStore) GetKey(keyID string) data.PublicKey

GetKey returns the PublicKey given a KeyID, and does not activate the key

func (*RethinkDBKeyStore) GetPrivateKey ¶ added in v0.4.0

func (rdb *RethinkDBKeyStore) GetPrivateKey(keyID string) (data.PrivateKey, string, error)

GetPrivateKey returns the PrivateKey given a KeyID

func (RethinkDBKeyStore) ListAllKeys ¶ added in v0.4.0

func (rdb RethinkDBKeyStore) ListAllKeys() map[string]string

ListAllKeys always returns nil. This method is here to satisfy the CryptoService interface

func (RethinkDBKeyStore) ListKeys ¶ added in v0.3.0

func (rdb RethinkDBKeyStore) ListKeys(role string) []string

ListKeys always returns nil. This method is here to satisfy the CryptoService interface

func (*RethinkDBKeyStore) Name ¶ added in v0.3.0

func (rdb *RethinkDBKeyStore) Name() string

Name returns a user friendly name for the storage location

func (RethinkDBKeyStore) RemoveKey ¶ added in v0.3.0

func (rdb RethinkDBKeyStore) RemoveKey(keyID string) error

RemoveKey removes the key from the table

func (RethinkDBKeyStore) RotateKeyPassphrase ¶ added in v0.3.0

func (rdb RethinkDBKeyStore) RotateKeyPassphrase(keyID, newPassphraseAlias string) error

RotateKeyPassphrase rotates the key-encryption-key

type SQLKeyDBStore ¶ added in v0.4.0

type SQLKeyDBStore struct {
	// contains filtered or unexported fields
}

SQLKeyDBStore persists and manages private keys on a SQL database

func NewSQLKeyDBStore ¶ added in v0.4.0

func NewSQLKeyDBStore(passphraseRetriever notary.PassRetriever, defaultPassAlias string,
	dbDialect string, dbArgs ...interface{}) (*SQLKeyDBStore, error)

NewSQLKeyDBStore returns a new SQLKeyDBStore backed by a SQL database

func (*SQLKeyDBStore) AddKey ¶ added in v0.4.0

func (s *SQLKeyDBStore) AddKey(role, gun string, privKey data.PrivateKey) error

AddKey stores the contents of a private key. Both role and gun are ignored, we always use Key IDs as name, and don't support aliases

func (*SQLKeyDBStore) Create ¶ added in v0.4.0

func (s *SQLKeyDBStore) Create(role, gun, algorithm string) (data.PublicKey, error)

Create will attempt to first re-use an inactive key for the same role, gun, and algorithm. If one isn't found, it will create a private key and add it to the DB as an inactive key

func (*SQLKeyDBStore) GetKey ¶ added in v0.4.0

func (s *SQLKeyDBStore) GetKey(keyID string) data.PublicKey

GetKey performs the same get as GetPrivateKey, but does not mark the as active and only returns the public bytes

func (*SQLKeyDBStore) GetPrivateKey ¶ added in v0.4.0

func (s *SQLKeyDBStore) GetPrivateKey(keyID string) (data.PrivateKey, string, error)

GetPrivateKey returns the PrivateKey given a KeyID

func (*SQLKeyDBStore) HealthCheck ¶ added in v0.4.0

func (s *SQLKeyDBStore) HealthCheck() error

HealthCheck verifies that DB exists and is query-able

func (*SQLKeyDBStore) ListAllKeys ¶ added in v0.4.0

func (s *SQLKeyDBStore) ListAllKeys() map[string]string

ListAllKeys always returns nil. This method is here to satisfy the CryptoService interface

func (*SQLKeyDBStore) ListKeys ¶ added in v0.4.0

func (s *SQLKeyDBStore) ListKeys(role string) []string

ListKeys always returns nil. This method is here to satisfy the CryptoService interface

func (*SQLKeyDBStore) Name ¶ added in v0.4.0

func (s *SQLKeyDBStore) Name() string

Name returns a user friendly name for the storage location

func (*SQLKeyDBStore) RemoveKey ¶ added in v0.4.0

func (s *SQLKeyDBStore) RemoveKey(keyID string) error

RemoveKey removes the key from the keyfilestore

func (*SQLKeyDBStore) RotateKeyPassphrase ¶ added in v0.4.0

func (s *SQLKeyDBStore) RotateKeyPassphrase(keyID, newPassphraseAlias string) error

RotateKeyPassphrase rotates the key-encryption-key

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL