trousseau

README

What

Trousseau is an encrypted key-value store designed to be a simple, safe and trustworthy place for your data.

It stores data in a single file, encrypted using the openpgp asymmetric encryption algorithm. It can be easily exported and imported to/from multiple remote storages: like S3, an ssh endpoint, gist (ftp, dropbox, and more to come...). It is able to restrict access to the data store to a set of openpgp recipients.

Create a trousseau data store, specify which opengpg recipients are allowed to open and modify it, add some key-value pairs to it, export it to S3 for example, and re-import it on another device: As simple as that.

Secrets are made to be shared, just not with anyone. Whether you're an admin, a paranoid guy living in a bunker, or a random user who seeks a simple way to store it's critical data in secured manner. Trousseau can do something for you.

Why

Storing, transporting, and sharing sensitive data can be hard, and much more difficult when it comes to automate it.

Trousseau was created with private keys transportation and sharing across a servers cluster in mind. However it has proved being useful to anyone who need to store and eventually share a passwords store, bank accounts details or even more sensitive data.

Real world use cases

For the admins out there

Trousseau can be useful to you when it comes to:

• Store sensitive data: No more plain certificates and keys in your repositories and configuration files. Your brand new shiny infrastructure surely relies on many certificates and private keys of different kinds: ssl, rsa, gpg, ... Trousseau provides a simple and fine-tuned way to store their content in a single file that you can safely version using your favorite cvs.
• Share passwords, keys and other critical data with co-workers and servers in your cluster in a safe manner. Trousseau encrypts its content for the specific recipient you provide it. Only the recipient you intend will be able to import and read-write the Trousseau store content. Trousseau proved itself to be a great way to share some services passwords with your co-workers too!
• Deploy keys to your servers in a safe and normative way. Encrypt the trousseau store for each server selectively.

For the common users

• Store your sensitive data like passwords, bank account details, sex tapes involving you and your teachers or whatever comes to your mind in an encrypted store.
• Sync your sensitive data store to remote services and easily share it between your unix-like devices.

How

Installation

Debian and ubuntu

A binary debian repository provides trousseau packages for i386, x86_64 and arm architectures, so you can easily install it. Just add the repository to your sources.list:

$ echo "deb http://dl.bintray.com/oleiade/deb /" | sudo tee /etc/apt/sources.list.d/trousseau.list

And you're ready to go:

$ sudo apt-get update && sudo apt-get install trousseau

OSX

Homebrew

If you're using homebrew just proceed to installation using the provided formula:

$ brew install https://raw.githubusercontent.com/oleiade/trousseau/master/trousseau.rb

Et voila!

Macports

Coming soon (Don't be shy, if you feel like you could do it, just send pull request ;) )

Build it

1. First, make sure you have a Go language compiler >= 1.2 (mandatory) and git installed.
2. Make sure you have the following go system dependencies in your $PATH: bzr, svn, hg, git
3. Ensure your GOPATH is properly set.
4. Run make

Prerequisities

Gpg passphrase

Every decryption operations will require your gpg primary key passphrase. As of today, trousseau is able to handle your passphrase through multiple ways:

• system's keyring manager
• gpg-agent daemon
• system environment
• --passphrase global option

Keyring manager

Supported system keyring manager are osx keychain access and linux gnome secret-service and gnome-keychain (more might be added in the future on demand). To use the keyring manager you will need to set up the TROUSSEAU_KEYRING_SERVICE environment variable to the name of they keyring manager key holding the trousseau main gpg key passphrase.

$ export TROUSSEAU_KEYRING_SERVICE=my_keyring_key
$ trousseau get abc

Gpg agent

Another authentication method supported is gpg-agent. In order to use it make sure you've started the gpg-agent daemon and exported the GPG_AGENT_INFO variable, trousseau will do the rest.

$ export GPG_AGENT_INFO=path_to_the_gpg_agent_info_file
$ export TROUSSEAU_MASTER_GPG_ID=myid@mymail.com
$ trousseau get abc

Environment variable

Alternatively, you can pass your primary key passphrase as TROUSSEAU_PASSPHRASE environment variable:

$ export TROUSSEAU_PASSPHRASE=mysupperdupperpassphrase
$ trousseau get abc

Passphrase global option

Ultimately, you can pass you gpg passphrase through the command line global option:

$ trousseau --passhphrase mysupperdupperpassphrase get abc

Environment

Trousseau behavior can be controlled through the system environment:

• TROUSSEAU_STORE : if you want to have multiple trousseau data store, set this environment variable to the path of the one you want to use. Default is $HOME/.trousseau

Let's get started

Basics

First use of trousseau requires the data store to be created. A trousseau data store is built and maintained for a list of gpg recipients who will be the only ones able to decrypt and manipulate it (so don't forget to include yourself ;) ) Moreover, you can easily create/select multiple stores using whether the --store global option or the TROUSSEAU_STORE environment variable mentioned upper in this README.

API

Commands

• create [RECIPIENTS ...] : creates the trousseau encrypted datastore for provided recipients and stores it in $HOME/.trousseau
• upgrade : Will upgrade your data store to be compatible with a newer version of trousseau. For example, to upgrade a data store created by trousseau <= 0.3.1 to be compatible with trousseau >= 0.3.1
• meta : Outputs the store metadata.
• add-recipient RECIPIENT : Adds a recipient to the store. The recipient will be able to open and modify the store.
• list-recipients : Lists the data store recipients.
• remove-recipient RECIPIENT : Removes a recipient from the store. The recipient will not be able to open or modify the store.

Global options

• --store [PATH] : select an alternative trousseau data store path. This option is really helpful when you want to manipulate multiple stores.

First steps with the data store

# create a trousseau for two gpg recipients
# both key ids and key email are supported.
$ trousseau create 4B7D890,foo@bar.com 
trousseau created at $HOME/.trousseau

Trousseau data store consists in single gpg encrypted file residing in your $HOME directory. Check by yourself.

$ cat ~/.trousseau
{
    "crypto_type":1,
    "crypto_algorithm":0,
    "_data":"012ue091ido19d81j2d01029dj1029d1029u401294i ... 1028019k0912djm0129d12"
}

If you've just updated trousseau to a version marked as implying backward incompatibilities, the upgrade command is here to help

$ trousseau upgrade
Upgrading trousseau data store to version M: success
Upgrading trousseau data store to version N: success
# This is it, your legacy data store has now been upgraded to be compatible with
# your current version of trousseau

Manipulating keys

Once your trousseau has been created, you're now able to read, write, list, delete its data. Here's how the fun part goes.

API

• get KEY [--file]: Outputs the stored KEY-value pair, whether on stdout or in pointed --file option path.
• set KEY [VALUE | --file] : Sets the provided key-value pair in store using provided value or extracting it from path pointed by --file option.
• rename KEY_NAME NEW_NAME : Renames a store key
• del KEY : Deletes provided key from the store
• keys : Lists the stored keys
• show : Lists the stored key-value pairs

You've got the keys

# Right now the store is empty
$ trousseau show


# Let's add some data into it
$ trousseau set abc 123
$ trousseau set "easy as" "do re mi"

# set action supports a --file flag to use the content
# of a file as value
$ trousseau set myuser.ssh.public_key --file ~/.ssh/id_rsa.pub


# Now let's make sure data has been added
$ trousseau keys
abc
easy as
myuser.ssh.public_key

# Let's check values too
$ trousseau get abc
123

# What about renaming abc key, just for fun?
$ trousseau rename abc 'my friend jackson'
$ trousseau keys 
my friend jackson
easy as
myuser.ssh.public_key


$ trousseau show
my friend jackson: 123
easy as: do re mi
myuser.ssh.public_key: ssh-rsa 1289eu102ij30192u3e0912e
...

# Whenever you want to export a key value to a file, just use
# the get command --file option
$ trousseau get myuser.ssh.public_key --file /home/myuser/id_rsa.pub

# Now if you don't need a key anymore, just drop it.
$ trousseau del 'my friend jackson' # Now the song lacks something doesn't it?

### Importing/Exporting to remote storage

Trousseau was built with data remote storage in mind. Therefore it provides push and pull actions to export and import the trousseau data store to remote destinations. As of today S3, SSH and gist storages are available (more are to come).

API

• push : Pushes the trousseau data store to remote storage
• pull : Pulls the trousseau data store from remote storage

DSN

In order to make your life easier trousseau allows you to select your export and import sources using a DSN.

    {protocol}://{identifier}:{secret}@{host}:{port}/{path}

• protocol: The remote service target type. Can be one of: s3 or scp
• identifier: The login/key/whatever to authenticate trousseau to the remote service. Provide your aws_access_key if you're targeting s3, or your remote login if you're targeting scp.
• secret: The secret to authenticate trousseau to the remote service. Provide your aws_secret_key if you're targeting s3, or your remote password if you're targeting scp.
• host: Your bucket name is you're targeting s3. The host to login to using scp otherwise.
• port: The aws_region if you're targeting s3. The port to login to using scp otherwise.
• path: The remote path to push to or retrieve from the trousseau file on a push or pull action.

S3 Example

# Considering a non empty trousseau data store
$ trousseau show
abc: 123
easy as: do re mi

# And then you're ready to push
$ trousseau push s3://aws_access_key:aws_secret_key@bucket:region/remote_file_path


# Now that data store is pushed to S3, let's remove the
# local data store and pull it once again to ensure it worked
$ rm ~/.trousseau
$ trousseau show
Trousseau unconfigured: no data store

$ trousseau pull s3://aws_access_key:aws_secret_key@bucket:region/remote_file_path
$ trousseau show
abc: 123
easy as: do re mi

Scp example

# We start with a non-empty trousseau data store
$ trousseau show
abc: 123
easy as: do re mi

# To push it using scp we need to provide it a couple of
# basic options.
# Nota: In order for your remote password not to appear
# in your shell history, we strongly advise you to use
# the push/pull --ask-password option instead of supplying
# the password through the dsn.
$ trousseau push --ask-password scp://user:@host:port/remote_file_path
Password: 
Trousseau data store succesfully pushed to ssh remote storage


# Now that data store has been pushed to the remote storage
# using scp, let's remove the local data store and pull it
# once again to ensure it worked
$ rm ~/.trousseau
$ trousseau show
Trousseau unconfigured: no data store

$ trousseau pull --ask-password scp://user:@host:port/remote_file_path
Password:
Trousseau data store succesfully pulled from ssh remote storage

$ trousseau show
abc: 123
easy as: do re mi

Gist example

To use the gist remote storage support, you will need to generate a Github personal access token. Once you've generated one, use it as the dsn password field as in the following example:

# We start with a non-empty trousseau data store
$ trousseau show
abc: 123
easy as: do re mi

# Nota:
# * Gist remote storage doesn't use the host and port dsn fields,
#   but you still need to provide their ':' separator
$ trousseau push gist://user:mysuppedupertoken@:/gist_name
Password: 
Trousseau data store succesfully pushed to gist remote storage


# Now that data store has been pushed to gist
# let's remove the local data store and pull it
# once again to ensure it worked
$ rm ~/.trousseau
$ trousseau show
Trousseau unconfigured: no data store

$ trousseau pull gist://user:mysupperduppertoken@:/gist_name
Password:
Trousseau data store succesfully pulled from gist

$ trousseau show
abc: 123
easy as: do re mi

Local imports and exports

API

• import FILENAME: will import a trousseau data store from the local filesystem. The operation erases the current trousseau store content.
• export FILENAME: will export the current trousseau data store as FILENAME on the local fs.

Real world example

$ trousseau export testtrousseau.asc  # Fine we've exported our current data store into a single file
$ mail -f testtrousseau.asc cousin@machin.com  # Let's pretend we've sent it by mail

# Now cousin machin is now able to import the data store
$ trousseau import testtrousseau.asc
$ trousseau show
cousin_machin:isagreatbuddy
adams_family:rests in peace, for sure

Metadata

Trousseau keeps track and exposes all sort of metadata about your store that you can access through the meta command.

$ trousseau meta
CreatedAt: 2013-08-12 08:00:20.457477714 +0200 CEST
LastModifiedAt: 2013-08-12 08:00:20.457586991 +0200 CEST
Recipients: [4B7D890,28EA78B]
TrousseauVersion: 0.1.0c

Once again, if you're intersted in how the meta data are stored, go check yourself by decrypting the store content using one of your recipients private key.

$ cat ~/.trousseau | gpg -d -r 4B7D890 --textmode
You need a passphrase to unlock the secret key for
user: "My Gpg User <MyGpg@mail.com>"
2048-bit RSA key, ID 4B7D890, created 2013-05-21 (main key ID 4B7D890)

gpg: encrypted with 2048-bit RSA key, ID 4B7D890, created 2013-05-21
  "My Gpg User <MyGpg@mail.com>"
{"_meta":{"created_at":"2013-08-12 08:00:20.457477714 +0200 CEST","last_modified_at":"2013-08-12 08:00:20.457586991 +0200 CEST","recipients":["92EDE36B"],"version":"0.1.0"},"data":{}}

Adding and removing recipients

Okay, so you've created a trousseau data store with two recipients allowed to manipulate it. Now suppose you'd like to add another recipient to be able to open and update the trousseau store; or to remove one. add-recipient and remove-recipient commands can help you with that.

$ trousseau add-recipient 75FE3AB
$ trousseau add-recipient 869FA4A
$ trousseau meta
CreatedAt: 2013-08-12 08:00:20.457477714 +0200 CEST
LastModifiedAt: 2013-08-12 08:00:20.457586991 +0200 CEST
Recipients: [4B7D890, 75FE3AB, 869FA4A]
TrousseauVersion: 0.1.0c

$ trousseau remove-recipient 75FE3AB
$ trousseau meta
CreatedAt: 2013-08-12 08:00:20.457477714 +0200 CEST
LastModifiedAt: 2013-08-12 08:00:20.457586991 +0200 CEST
Recipients: [4B7D890, 869FA4A]
TrousseauVersion: 0.1.0c

More features to come

• Support for Sftp remote storage

• Support for GDrive remote storage

• Support for Dropbox remote storage

• In a further future I might add TrueCrypt encryption

Contribute

• Check for open issues or open a fresh issue to start a discussion around a feature idea or a bug.
• Fork the repository on GitHub to start making your changes to the master branch (or branch off of it).
• Write tests which show that the bug was fixed or that the feature works as expected.
• Send a pull request and bug the maintainer until it gets merged and published. :) Make sure to add yourself to AUTHORS.

It's open-source

Trousseau is open source software under the MIT license. Any hackers are welcome to supply ideas, features requests, patches, pull requests and so on. Let's make Trousseau awesome!

See Contribute section.

Changelog

See History

Documentation

Overview

Package gpgagent interacts with the local GPG Agent.

Index

• Constants
• Variables
• func AddRecipientAction(recipient string)
• func CreateAction(recipients []string)
• func DecryptAsymmetricPGP(encryptedData []byte, passphrase string) ([]byte, error)
• func DelAction(key string)
• func DiscoverVersion(d []byte, mapping map[string]VersionMatcher) string
• func DownloadUsingGist(dsn *dsn.Dsn) (err error)
• func DownloadUsingS3(dsn *dsn.Dsn) error
• func DownloadUsingScp(dsn *dsn.Dsn, privateKey string) (err error)
• func EncryptAsymmetricPGP(plainData []byte, recipients []string) ([]byte, error)
• func ExportAction(to string, plain bool)
• func GetAction(key string, filepath string)
• func GetPassphrase() (passphrase string)
• func GetStorePath() string
• func ImportAction(from string, strategy ImportStrategy, plain bool)
• func ImportStore(src, dest *Store, strategy ImportStrategy) error
• func InferStorePath() string
• func KeysAction()
• func ListRecipientsAction()
• func MetaAction()
• func PathExists(path string) bool
• func PromptForPassword() string
• func PullAction(source string, sshPrivateKey string, askPassword bool)
• func PushAction(destination string, sshPrivateKey string, askPassword bool)
• func RemoveRecipientAction(recipient string)
• func RenameAction(src, dest string, overwrite bool)
• func SetAction(key, value, file string)
• func SetStorePath(storePath string)
• func ShowAction()
• func UpgradeAction(yes, noBackup bool)
• func UpgradeFrom(startVersion string, d []byte, mapping map[string]UpgradeClosure) ([]byte, error)
• func UploadUsingGist(dsn *dsn.Dsn) (err error)
• func UploadUsingS3(dsn *dsn.Dsn) error
• func UploadUsingScp(dsn *dsn.Dsn, privateKey string) (err error)
• type Conn
  • func NewGpgAgentConn() (*Conn, error)
  • func (c *Conn) Close() error
  • func (c *Conn) GetPassphrase(pr *PassphraseRequest) (passphrase string, outerr error)
  • func (c *Conn) RemoveFromCache(cacheKey string) error
• type CryptoAlgorithm
• type CryptoType
• type ImportStrategy
  • func (s *ImportStrategy) FromCliContext(c *cli.Context) error
• type KVStore
  • func (kvs *KVStore) Del(key string)
  • func (kvs *KVStore) Get(key string) (interface{}, error)
  • func (kvs *KVStore) Items() map[string]interface{}
  • func (kvs *KVStore) Keys() []string
  • func (kvs *KVStore) Rename(src, dest string, overwrite bool) error
  • func (kvs *KVStore) Set(key string, value interface{})
• type Meta
  • func (m *Meta) AddRecipient(recipient string) error
  • func (m *Meta) ListRecipients() []string
  • func (m *Meta) RemoveRecipient(recipient string) error
  • func (m *Meta) String() string
• type PassphraseRequest
• type Store
  • func NewStore(meta Meta) *Store
• type Trousseau
  • func OpenTrousseau(fp string) (*Trousseau, error)
  • func (t *Trousseau) Decrypt() (*Store, error)
  • func (t *Trousseau) Encrypt(store *Store) error
  • func (t *Trousseau) Write(fp string) error
• type UpgradeClosure
• type VersionMatcher

Constants

const (
	CONFIG_KEY_RECIPIENTS = "recipients"
	CONFIG_KEY_PASSWORD   = "password"
)

const (
	ENV_TROUSSEAU_STORE     = "TROUSSEAU_STORE"
	ENV_PASSPHRASE_KEY      = "TROUSSEAU_PASSPHRASE"
	ENV_KEYRING_SERVICE_KEY = "TROUSSEAU_KEYRING_SERVICE"
	ENV_KEYRING_USER_KEY    = "USER"
	ENV_MASTER_GPG_ID_KEY   = "TROUSSEAU_MASTER_GPG_ID"
	ENV_SSH_PRIVATE_KEY     = "TROUSSEAU_PRIVATE_KEY"
)

const (
	IMPORT_YOURS     = 0x0
	IMPORT_THEIRS    = 0x1
	IMPORT_OVERWRITE = 0x2
)

Import strategies enumeration

const (
	DEFAULT_STORE_FILENAME = ".trousseau"
)

const TROUSSEAU_VERSION = "0.3.4"

Variables

var (
	S3Defaults map[string]string = map[string]string{
		"Path": "trousseau.tsk",
	}
	ScpDefaults map[string]string = map[string]string{
		"Id":   os.Getenv("USER"),
		"Port": "22",
		"Path": "trousseau.tsk",
	}
)

Global variables defining default values for S3 and scp uploads/downloads

var (
	ErrNoAgent = errors.New("GPG_AGENT_INFO not set in environment")
	ErrNoData  = errors.New("GPG_ERR_NO_DATA cache miss")
	ErrCancel  = errors.New("gpgagent: Cancel")
)

var ErrorLogger = log.New(os.Stderr, "Error: ", 0)

var GnupgHome = path.Join(os.Getenv("HOME"), ".gnupg")

Gnupg variables

var GnupgPubring func() string = func() string { return path.Join(GnupgHome, "pubring.gpg") }

var GnupgSecring func() string = func() string { return path.Join(GnupgHome, "secring.gpg") }

var InfoLogger = log.New(os.Stdout, "", 0)

var UpgradeClosures map[string]UpgradeClosure = map[string]UpgradeClosure{
	"0.3.0": upgradeZeroDotThreeToNext,
}

var VersionDiscoverClosures map[string]VersionMatcher = map[string]VersionMatcher{
	"0.3.0": isVersionZeroDotThreeDotZero,
	"0.3.1": isVersionZeroDotThreeDotOne,
}

Functions

func AddRecipientAction

func AddRecipientAction(recipient string)

func CreateAction

func CreateAction(recipients []string)

func DecryptAsymmetricPGP

func DecryptAsymmetricPGP(encryptedData []byte, passphrase string) ([]byte, error)

DecryptAsymmetricPGP decrypts an OpenPGP message using GnuPG.

func DelAction

func DelAction(key string)

func DiscoverVersion

func DiscoverVersion(d []byte, mapping map[string]VersionMatcher) string

func DownloadUsingGist

func DownloadUsingGist(dsn *dsn.Dsn) (err error)

downloadUsingGist executes the whole process of pulling the trousseau data store file from gist remote storage using the provided scheme informations.

func DownloadUsingS3

func DownloadUsingS3(dsn *dsn.Dsn) error

downloadUsingS3 executes the whole process of pulling the trousseau data store file from s3 remote storage using the provided environment.

func DownloadUsingScp

func DownloadUsingScp(dsn *dsn.Dsn, privateKey string) (err error)

downloadUsingScp executes the whole process of pulling the trousseau data store file from scp remote storage using the provided environment.

func EncryptAsymmetricPGP

func EncryptAsymmetricPGP(plainData []byte, recipients []string) ([]byte, error)

func ExportAction

func ExportAction(to string, plain bool)

func GetAction

func GetAction(key string, filepath string)

func GetPassphrase

func GetPassphrase() (passphrase string)

GetPassphrase attemps to retrieve the user's gpg master key passphrase using multiple methods. First it will attempt to retrieve it from the environment, then it will try to fetch it from the system keyring manager, ultimately it will try to get it from a running gpg-agent daemon.

func GetStorePath

func GetStorePath() string

func ImportAction

func ImportAction(from string, strategy ImportStrategy, plain bool)

func ImportStore

func ImportStore(src, dest *Store, strategy ImportStrategy) error

ImportStore imports the src encrypted data store content into dest data store, respecting the provided import strategy.

func InferStorePath

func InferStorePath() string

func KeysAction

func KeysAction()

func ListRecipientsAction

func ListRecipientsAction()

func MetaAction

func MetaAction()

func PathExists

func PathExists(path string) bool

exists returns whether the given file or directory exists or not

func PromptForPassword

func PromptForPassword() string

func PullAction

func PullAction(source string, sshPrivateKey string, askPassword bool)

func PushAction

func PushAction(destination string, sshPrivateKey string, askPassword bool)

func RemoveRecipientAction

func RemoveRecipientAction(recipient string)

func RenameAction

func RenameAction(src, dest string, overwrite bool)

func SetAction

func SetAction(key, value, file string)

func SetStorePath

func SetStorePath(storePath string)

func ShowAction

func ShowAction()

func UpgradeAction

func UpgradeAction(yes, noBackup bool)

func UpgradeFrom

func UpgradeFrom(startVersion string, d []byte, mapping map[string]UpgradeClosure) ([]byte, error)

func UploadUsingGist

func UploadUsingGist(dsn *dsn.Dsn) (err error)

uploadUsingGist executes the whole process of pushing the trousseau data store file to gist remote storage using the provided dsn informations.

func UploadUsingS3

func UploadUsingS3(dsn *dsn.Dsn) error

uploadUsingS3 executes the whole process of pushing the trousseau data store file to s3 remote storage using the provided environment.

func UploadUsingScp

func UploadUsingScp(dsn *dsn.Dsn, privateKey string) (err error)

uploadUsingScp executes the whole process of pushing the trousseau data store file to scp remote storage using the provided environment.

Types

type Conn

type Conn struct {
	// contains filtered or unexported fields
}

Conn is a connection to the GPG agent.

func NewGpgAgentConn

func NewGpgAgentConn() (*Conn, error)

NewGpgAgentConn connects to the GPG Agent as described in the GPG_AGENT_INFO environment variable.

func (*Conn) Close

func (c *Conn) Close() error

func (*Conn) GetPassphrase

func (c *Conn) GetPassphrase(pr *PassphraseRequest) (passphrase string, outerr error)

func (*Conn) RemoveFromCache

func (c *Conn) RemoveFromCache(cacheKey string) error

type CryptoAlgorithm

type CryptoAlgorithm int

Declare available encryption algorithms

const (
	GPG_ENCRYPTION     CryptoAlgorithm = 0
	AES_256_ENCRYPTION CryptoAlgorithm = 1
)

type CryptoType

type CryptoType int

Declare encryption types

const (
	SYMMETRIC_ENCRYPTION  CryptoType = 0
	ASYMMETRIC_ENCRYPTION CryptoType = 1
)

type ImportStrategy

type ImportStrategy uint32

func (*ImportStrategy) FromCliContext

func (s *ImportStrategy) FromCliContext(c *cli.Context) error

TODO : remove

type KVStore

type KVStore map[string]interface{}

func (*KVStore) Del

func (kvs *KVStore) Del(key string)

Del deletes a key value pair from the trousseau file

func (*KVStore) Get

func (kvs *KVStore) Get(key string) (interface{}, error)

Get method fetches a key from the trousseau file store

func (*KVStore) Items

func (kvs *KVStore) Items() map[string]interface{}

func (*KVStore) Keys

func (kvs *KVStore) Keys() []string

Keys lists the keys contained in the trousseau store file

func (*KVStore) Rename

func (kvs *KVStore) Rename(src, dest string, overwrite bool) error

Rename a data store key to dest. If overwrite parameter is provided with a true value, any existing destination key-value pair will be overriden, otherwise (false) an error will be returned.

func (*KVStore) Set

func (kvs *KVStore) Set(key string, value interface{})

Set method sets a key value pair in the store

type Meta

type Meta struct {
	CreatedAt        string   `json:"created_at"`
	LastModifiedAt   string   `json:"last_modified_at"`
	Recipients       []string `json:"recipients"`
	TrousseauVersion string   `json:"version"`
}

func (*Meta) AddRecipient

func (m *Meta) AddRecipient(recipient string) error

func (*Meta) ListRecipients

func (m *Meta) ListRecipients() []string

func (*Meta) RemoveRecipient

func (m *Meta) RemoveRecipient(recipient string) error

func (*Meta) String

func (m *Meta) String() string

type PassphraseRequest

type PassphraseRequest struct {
	CacheKey, Error, Prompt, Desc string

	// If the option --no-ask is used and the passphrase is not in
	// the cache the user will not be asked to enter a passphrase
	// but the error code GPG_ERR_NO_DATA is returned.  (ErrNoData)
	NoAsk bool
}

PassphraseRequest is a request to get a passphrase from the GPG Agent.

type Store

type Store struct {
	Meta Meta    `json:"meta"`
	Data KVStore `json:"store"`
}

func NewStore

func NewStore(meta Meta) *Store

type Trousseau

type Trousseau struct {
	// Crypto public configuration attributes
	CryptoType      CryptoType      `json:"crypto_type"`
	CryptoAlgorithm CryptoAlgorithm `json:"crypto_algorithm"`

	// Encrypted data private attribute
	Data []byte `json:"_data"`
	// contains filtered or unexported fields
}

func OpenTrousseau

func OpenTrousseau(fp string) (*Trousseau, error)

func (*Trousseau) Decrypt

func (t *Trousseau) Decrypt() (*Store, error)

func (*Trousseau) Encrypt

func (t *Trousseau) Encrypt(store *Store) error

func (*Trousseau) Write

func (t *Trousseau) Write(fp string) error

type UpgradeClosure

type UpgradeClosure func([]byte) ([]byte, error)

type VersionMatcher

type VersionMatcher func([]byte) bool