keystore

package

v0.17.2 Latest Latest Go to latest Published: Nov 7, 2024 License: Apache-2.0 Imports: 19 Imported by: 39

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/elastic/elastic-agent-libs

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func ResolverWrap(keystore Keystore) func(string) (string, parse.Config, error)
type Config
type FileKeystore
type Keystore
type ListingKeystore
- func AsListingKeystore(store Keystore) (ListingKeystore, error)
type Packager
type SecureString
- func NewSecureString(value []byte) *SecureString
type WritableKeystore
- func AsWritableKeystore(store Keystore) (WritableKeystore, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrAlreadyExists is returned when the file already exist at the location.
	ErrAlreadyExists = errors.New("cannot create a new keystore a valid keystore already exist at the location")

	// ErrKeyDoesntExists is returned when the key doesn't exist in the store
	ErrKeyDoesntExists = errors.New("cannot retrieve the key")

	// ErrNotWritable is returned when the keystore is not writable
	ErrNotWritable = errors.New("the configured keystore is not writable")

	// ErrNotWritable is returned when the keystore is not writable
	ErrNotListing = errors.New("the configured keystore is not listing")
)

Functions ¶

func ResolverWrap ¶

func ResolverWrap(keystore Keystore) func(string) (string, parse.Config, error)

ResolverWrap wrap a config resolver around an existing keystore.

Types ¶

type Config ¶

type Config struct {
	Path string `config:"path"`
}

Config Define keystore configurable options

type FileKeystore ¶

type FileKeystore struct {
	sync.RWMutex
	Path string
	// contains filtered or unexported fields
}

FileKeystore Allows to store key / secrets pair securely into an encrypted local file.

func (*FileKeystore) ConfiguredPath ¶

func (k *FileKeystore) ConfiguredPath() string

ConfiguredPath returns the path to the keystore.

func (*FileKeystore) Create ¶

func (k *FileKeystore) Create(override bool) error

Create create an empty keystore, if the store already exist we will return an error.

func (*FileKeystore) Delete ¶

func (k *FileKeystore) Delete(key string) error

Delete an existing key from the store and mark the store as dirty.

func (*FileKeystore) GetConfig ¶

func (k *FileKeystore) GetConfig() (*config.C, error)

GetConfig returns config.C representation of the key / secret pair to be merged with other loaded configuration.

func (*FileKeystore) IsPersisted ¶

func (k *FileKeystore) IsPersisted() bool

IsPersisted return if the keystore is physically persisted on disk.

func (*FileKeystore) List ¶

func (k *FileKeystore) List() ([]string, error)

List return the availables keys.

func (*FileKeystore) Package ¶

func (k *FileKeystore) Package() ([]byte, error)

Package returns the bytes of the encrypted keystore.

func (*FileKeystore) Retrieve ¶

func (k *FileKeystore) Retrieve(key string) (*SecureString, error)

Retrieve return a SecureString instance that will contains both the key and the secret.

func (*FileKeystore) Save ¶

func (k *FileKeystore) Save() error

Save persists the in memory data to disk if needed.

func (*FileKeystore) Store ¶

func (k *FileKeystore) Store(key string, value []byte) error

Store add the key pair to the secret store and mark the store as dirty.

type Keystore ¶

type Keystore interface {
	// Retrieve returns a SecureString instance of the searched key or an error.
	Retrieve(key string) (*SecureString, error)

	// GetConfig returns the key value pair in the config format to be merged with other configuration.
	GetConfig() (*config.C, error)

	// IsPersisted check if the current keystore is persisted.
	IsPersisted() bool
}

Keystore implement a way to securely saves and retrieves secrets to be used in the configuration Currently all credentials are loaded upfront and are not lazy retrieved, we will eventually move to that concept, so we can deal with tokens that has a limited duration or can be revoked by a remote keystore.

func Factory ¶

func Factory(c *config.C, defaultPath string, strictPerms bool) (Keystore, error)

Factory Create the right keystore with the configured options.

func NewFileKeystore ¶

func NewFileKeystore(keystoreFile string) (Keystore, error)

NewFileKeystore returns an new File based keystore or an error, currently users cannot set their own password on the keystore, the default password will be an empty string. When the keystore is initialized the secrets are automatically loaded into memory.

func NewFileKeystoreWithPassword ¶

func NewFileKeystoreWithPassword(keystoreFile string, password *SecureString) (Keystore, error)

NewFileKeystoreWithPassword return a new File based keystore or an error, allow to define what password to use to create the keystore.

func NewFileKeystoreWithPasswordAndStrictPerms ¶

func NewFileKeystoreWithPasswordAndStrictPerms(keystoreFile string, password *SecureString, strictPerms bool) (Keystore, error)

NewFileKeystoreWithPassword return a new File based keystore or an error, allow to define what password to use to create the keystore.

func NewFileKeystoreWithStrictPerms ¶

func NewFileKeystoreWithStrictPerms(keystoreFile string, strictPerms bool) (Keystore, error)

NewFileKeystore returns an new File based keystore or an error, currently users cannot set their own password on the keystore, the default password will be an empty string. When the keystore is initialized the secrets are automatically loaded into memory.

type ListingKeystore ¶

type ListingKeystore interface {
	// List returns the list of keys in the keystore, return an empty list if none is found.
	List() ([]string, error)
}

func AsListingKeystore ¶

func AsListingKeystore(store Keystore) (ListingKeystore, error)

AsListingKeystore casts a keystore to ListingKeystore, returning an ErrNotListing error if the given keystore does not implement ListingKeystore interface

type Packager ¶

type Packager interface {
	Package() ([]byte, error)
	ConfiguredPath() string
}

Packager defines a keystore that we can read the raw bytes and be packaged in an artifact.

type SecureString ¶

type SecureString struct {
	// contains filtered or unexported fields
}

SecureString Initial implementation for a SecureString representation in beats, currently we keep the password into a Bytes array, we need to implement a way to safely clean that array.

Investigate memguard: https://github.com/awnumar/memguard

func NewSecureString ¶

func NewSecureString(value []byte) *SecureString

NewSecureString return a struct representing a secrets string.

func (*SecureString) Get ¶

func (s *SecureString) Get() ([]byte, error)

Get returns the byte value of the secret, or an error if we cannot return it.

func (SecureString) GoString ¶

func (s SecureString) GoString() string

GoString implements the GoStringer interface to hide the secret value.

func (SecureString) String ¶

func (s SecureString) String() string

String custom string implementation to make sure we don't bleed this struct into a string.

type WritableKeystore ¶

type WritableKeystore interface {
	// Store add keys to the keystore, wont be persisted until we save.
	Store(key string, secret []byte) error

	// Delete removes a specific key from the keystore.
	Delete(key string) error

	// Create Allow to create an empty keystore.
	Create(override bool) error

	// Save persist the changes to the keystore.
	Save() error
}

func AsWritableKeystore ¶

func AsWritableKeystore(store Keystore) (WritableKeystore, error)

AsWritableKeystore casts a keystore to WritableKeystore, returning an ErrNotWritable error if the given keystore does not implement WritableKeystore interface

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL