Affected by GO-2022-0611 and 20 other vulnerabilities

GO-2022-0611: HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0816: Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2485: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2514: Token leases could outlive their TTL in HashiCorp Vault in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

GO-2024-3246: Hashicorp Vault vulnerable to denial of service through memory exhaustion in github.com/hashicorp/vault

awskms

package

v1.3.0-beta1 Latest Latest Go to latest Published: Oct 29, 2019 License: MPL-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hashicorp/vault

Documentation ¶

Index ¶

Constants
type AWSKMSMechanism
type AWSKMSSeal
- func NewAWSKMSTestSeal() *AWSKMSSeal
- func NewSeal(logger log.Logger) *AWSKMSSeal

Constants ¶

View Source

const (
	// AWSKMSEncrypt is used to directly encrypt the data with KMS
	AWSKMSEncrypt = iota
	// AWSKMSEnvelopeAESGCMEncrypt is when a data encryption key is generated and
	// the data is encrypted with AESGCM and the key is encrypted with KMS
	AWSKMSEnvelopeAESGCMEncrypt
)

View Source

const (
	// EnvAWSKMSSealKeyID is the AWS KMS key ID to use for encryption and decryption
	EnvAWSKMSSealKeyID = "VAULT_AWSKMS_SEAL_KEY_ID"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AWSKMSMechanism ¶

type AWSKMSMechanism uint32

AWSKMSMechanism is the method used to encrypt/decrypt in the autoseal

type AWSKMSSeal ¶

type AWSKMSSeal struct {
	// contains filtered or unexported fields
}

AWSKMSSeal represents credentials and Key information for the KMS Key used to encryption and decryption

func NewAWSKMSTestSeal ¶

func NewAWSKMSTestSeal() *AWSKMSSeal

func NewSeal ¶

func NewSeal(logger log.Logger) *AWSKMSSeal

NewSeal creates a new AWSKMS seal with the provided logger

func (*AWSKMSSeal) Decrypt ¶

func (k *AWSKMSSeal) Decrypt(_ context.Context, in *physical.EncryptedBlobInfo) (pt []byte, err error)

Decrypt is used to decrypt the ciphertext. This should be called after Init.

func (*AWSKMSSeal) Encrypt ¶

func (k *AWSKMSSeal) Encrypt(_ context.Context, plaintext []byte) (blob *physical.EncryptedBlobInfo, err error)

Encrypt is used to encrypt the master key using the the AWS CMK. This returns the ciphertext, and/or any errors from this call. This should be called after the KMS client has been instantiated.

func (*AWSKMSSeal) Finalize ¶

func (k *AWSKMSSeal) Finalize(_ context.Context) error

Finalize is called during shutdown. This is a no-op since AWSKMSSeal doesn't require any cleanup.

func (*AWSKMSSeal) Init ¶

func (k *AWSKMSSeal) Init(_ context.Context) error

Init is called during core.Initialize. No-op at the moment.

func (*AWSKMSSeal) KeyID ¶

func (k *AWSKMSSeal) KeyID() string

KeyID returns the last known key id.

func (*AWSKMSSeal) SealType ¶

func (k *AWSKMSSeal) SealType() string

SealType returns the seal type for this particular seal implementation.

func (*AWSKMSSeal) SetConfig ¶

func (k *AWSKMSSeal) SetConfig(config map[string]string) (map[string]string, error)

SetConfig sets the fields on the AWSKMSSeal object based on values from the config parameter.

Order of precedence AWS values: * Environment variable * Value from Vault configuration file * Instance metadata role (access key and secret key) * Default values

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL