Affected by GO-2023-1986 and 9 other vulnerabilities

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2063: HashiCorp Vault Improper Input Validation vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-2982: Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions in github.com/hashicorp/vault

GO-2024-3162: Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

GO-2024-3246: Hashicorp Vault vulnerable to denial of service through memory exhaustion in github.com/hashicorp/vault

cacheboltdb

package

v1.14.0 Latest Latest Go to latest Published: Jun 19, 2023 License: MPL-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hashicorp/vault

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func DBFileExists(path string) (bool, error)
type BoltStorage
- func NewBoltStorage(config *BoltStorageConfig) (*BoltStorage, error)
type BoltStorageConfig

Constants ¶

View Source

const (

	// DatabaseFileName - filename for the persistent cache file
	DatabaseFileName = "vault-agent-cache.db"

	// TokenType - Bucket/type for auto-auth tokens
	TokenType = "token"

	// LeaseType - v2 Bucket/type for auth AND secret leases.
	//
	// This bucket stores keys in the same order they were created using
	// auto-incrementing keys and the fact that BoltDB stores keys in byte
	// slice order. This means when we iterate through this bucket during
	// restore, we will always restore parent tokens before their children,
	// allowing us to correctly attach child contexts to their parent's context.
	LeaseType = "lease"

	// AutoAuthToken - key for the latest auto-auth token
	AutoAuthToken = "auto-auth-token"

	// RetrievalTokenMaterial is the actual key or token in the key bucket
	RetrievalTokenMaterial = "retrieval-token-material"
)

Variables ¶

This section is empty.

Functions ¶

func DBFileExists ¶

func DBFileExists(path string) (bool, error)

DBFileExists checks whether the vault agent cache file at `filePath` exists

Types ¶

type BoltStorage ¶

type BoltStorage struct {
	// contains filtered or unexported fields
}

BoltStorage is a persistent cache using a bolt db. Items are organized with the version and bootstrapping items in the "meta" bucket, and tokens, auth leases, and secret leases in their own buckets.

func NewBoltStorage ¶

func NewBoltStorage(config *BoltStorageConfig) (*BoltStorage, error)

NewBoltStorage opens a new bolt db at the specified file path and returns it. If the db already exists the buckets will just be created if they don't exist.

func (*BoltStorage) Clear ¶

func (b *BoltStorage) Clear() error

Clear the boltdb by deleting all the token and lease buckets and recreating the schema/layout

func (*BoltStorage) Close ¶

func (b *BoltStorage) Close() error

Close the boltdb

func (*BoltStorage) Delete ¶

func (b *BoltStorage) Delete(id string, indexType string) error

Delete an index (token or lease) by key from bolt storage

func (*BoltStorage) GetAutoAuthToken ¶

func (b *BoltStorage) GetAutoAuthToken(ctx context.Context) ([]byte, error)

GetAutoAuthToken retrieves the latest auto-auth token, and returns nil if non exists yet

func (*BoltStorage) GetByType ¶

func (b *BoltStorage) GetByType(ctx context.Context, indexType string) ([][]byte, error)

GetByType returns a list of stored items of the specified type

func (*BoltStorage) GetRetrievalToken ¶

func (b *BoltStorage) GetRetrievalToken() ([]byte, error)

GetRetrievalToken retrieves a plaintext token from the KeyBucket, which will be used by the key manager to retrieve the encryption key, nil if none set

func (*BoltStorage) Set ¶

func (b *BoltStorage) Set(ctx context.Context, id string, plaintext []byte, indexType string) error

Set an index (token or lease) in bolt storage

func (*BoltStorage) StoreRetrievalToken ¶

func (b *BoltStorage) StoreRetrievalToken(token []byte) error

StoreRetrievalToken sets plaintext token material in the RetrievalTokenBucket

type BoltStorageConfig ¶

type BoltStorageConfig struct {
	Path    string
	Logger  hclog.Logger
	Wrapper wrapping.Wrapper
	AAD     string
}

BoltStorageConfig is the collection of input parameters for setting up bolt storage

Source Files ¶

View all Source files

bolt.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL