Documentation ¶
Index ¶
- Constants
- Variables
- func Exists() bool
- func InitFromConfig(onChange func(*Seal)) error
- func InitFromStore(onChange func(*Seal), s *configstore.Store) error
- func KnownSealedConfigs() []string
- func SealConfigWith(s *configstore.Item, se *Seal) (string, error)
- func SealedConfigName(name string) string
- func UnsealConfig(s *configstore.Item) (string, error)
- func WaitUnseal() bool
- type Seal
- type SealError
- type SealedConfigFilter
Constants ¶
const (
// ConfigName is the name of the config item in the configstore
ConfigName = "seal"
)
Variables ¶
var ( // SealConfigFilter is the configstore manipulation filter used to retrieve the seal definition SealConfigFilter = configstore.Filter().Slice(ConfigName).Unmarshal(func() interface{} { return &Seal{} }) )
Functions ¶
func Exists ¶
func Exists() bool
Exists returns true if a global singleton seal is configured and initialized.
func InitFromConfig ¶
InitFromConfig initializes the global singleton seal from the configstore.
func InitFromStore ¶ added in v0.3.0
func InitFromStore(onChange func(*Seal), s *configstore.Store) error
InitFromStore initializes the global singleton seal from a specific store instance.
func KnownSealedConfigs ¶
func KnownSealedConfigs() []string
KnownSealedConfigs returns a list of known sealed config items. Useful when regenerating seal shards and needing to automatically re-seal existing config items.
func SealConfigWith ¶
func SealConfigWith(s *configstore.Item, se *Seal) (string, error)
SealConfigWith seals the configstore item with a given seal, and returns the sealed value.
func SealedConfigName ¶
SealedConfigName returns the suffixed name to use for a configstore (sealed) item.
func UnsealConfig ¶
func UnsealConfig(s *configstore.Item) (string, error)
UnsealConfig can be used with configstore.ItemList.Transform() to unseal configstore items.
func WaitUnseal ¶
func WaitUnseal() bool
WaitUnseal waits for the global singleton instance to become unsealed. It returns false if the global singleton instance is not initialized, otherwise it blocks and eventually returns true.
Types ¶
type Seal ¶
type Seal struct { Min uint `json:"min"` Total uint `json:"total"` Nonce string `json:"nonce"` Progress uint `json:"progress,omitempty"` Unsealed bool `json:"unsealed,omitempty"` // contains filtered or unexported fields }
Seal is a shamir-sharded encryption key.
func NewSealFromConfig ¶
NewSealFromConfig instantiates a new Seal from the configstore.
func NewSealFromStore ¶ added in v0.3.0
func NewSealFromStore(s *configstore.Store) (*Seal, error)
NewSealFromStore instantiates a new Seal from a specific store instance.
func (*Seal) AddShard ¶
AddShard adds a new shard to the Seal instance, trying to unseal it. It returns an error if the instance is nil, already unsealed or if the shard is invalid. It returns true if the seal became unsealed.
func (*Seal) Decrypt ¶
Decrypt arbitrary data from a hex-representation string. Extra data can be passed for MAC.
type SealError ¶ added in v0.5.0
type SealError struct {
// contains filtered or unexported fields
}
SealError is the concrete type returned for all errors originating from seal mis-use: Wrong parameters, incoherent state, etc.
type SealedConfigFilter ¶
type SealedConfigFilter struct {
// contains filtered or unexported fields
}
SealedConfigFilter helps managing configstore items encrypted with the seal. By using this filter like you would configstore's filter, you can directly manipulate sealed config items. They will be transformed from their encrypted blob form back to their plain form automatically. Also, KnownSealedConfigs() will be populated with the key name.
func ConfigFilter ¶
func ConfigFilter() *SealedConfigFilter
ConfigFilter returns a new SealedConfigFilter.
func (*SealedConfigFilter) Slice ¶
func (s *SealedConfigFilter) Slice(key string) *configstore.ItemFilter
Slice filters the list items, keeping only those matching key. If the global singleton is configured, it appends -sealed to the lookup key, and decrypts it before passing it to the rest of the chain.