Affected by GO-2022-0611 and 20 other vulnerabilities

GO-2022-0611: HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0778: Information Disclosure in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2514: Token leases could outlive their TTL in HashiCorp Vault in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

GO-2024-3246: Hashicorp Vault vulnerable to denial of service through memory exhaustion in github.com/hashicorp/vault

ocikms

package

v1.3.5 Latest Latest Go to latest Published: Apr 28, 2020 License: MPL-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hashicorp/vault

Links

Open Source Insights

Documentation ¶

Overview ¶

Index ¶

Constants
type OCIKMSMechanism
type OCIKMSSeal
- func NewSeal(logger log.Logger) *OCIKMSSeal

Constants ¶

View Source

const (
	// OCI KMS key ID to use for encryption and decryption
	EnvOCIKMSSealKeyID = "VAULT_OCIKMS_SEAL_KEY_ID"
	// OCI KMS crypto endpoint to use for encryption and decryption
	EnvOCIKMSCryptoEndpoint = "VAULT_OCIKMS_CRYPTO_ENDPOINT"
	// OCI KMS management endpoint to manage keys
	EnvOCIKMSManagementEndpoint = "VAULT_OCIKMS_MANAGEMENT_ENDPOINT"
	// Maximum number of retries
	KMSMaximumNumberOfRetries = 5
	// keyID config
	KMSConfigKeyID = "key_id"
	// cryptoEndpoint config
	KMSConfigCryptoEndpoint = "crypto_endpoint"
	// managementEndpoint config
	KMSConfigManagementEndpoint = "management_endpoint"
	// authTypeAPIKey config
	KMSConfigAuthTypeAPIKey = "auth_type_api_key"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type OCIKMSMechanism ¶

type OCIKMSMechanism uint32

OCIKMSMechanism is the method used to encrypt/decrypt in auto unseal process

type OCIKMSSeal ¶

type OCIKMSSeal struct {
	// contains filtered or unexported fields
}

func NewSeal ¶

func NewSeal(logger log.Logger) *OCIKMSSeal

NewSeal creates a new OCIKMSSeal seal with the provided logger

func (*OCIKMSSeal) Decrypt ¶

func (k *OCIKMSSeal) Decrypt(ctx context.Context, in *physical.EncryptedBlobInfo) ([]byte, error)

func (*OCIKMSSeal) Encrypt ¶

func (k *OCIKMSSeal) Encrypt(ctx context.Context, plaintext []byte) (*physical.EncryptedBlobInfo, error)

func (*OCIKMSSeal) Finalize ¶

func (k *OCIKMSSeal) Finalize(context.Context) error

func (*OCIKMSSeal) Init ¶

func (k *OCIKMSSeal) Init(context.Context) error

func (*OCIKMSSeal) KeyID ¶

func (k *OCIKMSSeal) KeyID() string

func (*OCIKMSSeal) SealType ¶

func (k *OCIKMSSeal) SealType() string

func (*OCIKMSSeal) SetConfig ¶

func (k *OCIKMSSeal) SetConfig(config map[string]string) (map[string]string, error)

Source Files ¶

View all Source files

ocikms.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL