seal

package
v0.6.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 19, 2024 License: BSD-3-Clause Imports: 10 Imported by: 0

Documentation

Index

Constants

View Source
const (

	// ConfigName is the name of the config item in the configstore
	ConfigName = "seal"
)

Variables

View Source
var (

	// SealConfigFilter is the configstore manipulation filter used to retrieve the seal definition
	SealConfigFilter = configstore.Filter().Slice(ConfigName).Unmarshal(func() interface{} { return &Seal{} })
)

Functions

func Exists

func Exists() bool

Exists returns true if a global singleton seal is configured and initialized.

func InitFromConfig

func InitFromConfig(onChange func(*Seal)) error

InitFromConfig initializes the global singleton seal from the configstore.

func InitFromStore added in v0.3.0

func InitFromStore(onChange func(*Seal), s *configstore.Store) error

InitFromStore initializes the global singleton seal from a specific store instance.

func KnownSealedConfigs

func KnownSealedConfigs() []string

KnownSealedConfigs returns a list of known sealed config items. Useful when regenerating seal shards and needing to automatically re-seal existing config items.

func SealConfigWith

func SealConfigWith(s *configstore.Item, se *Seal) (string, error)

SealConfigWith seals the configstore item with a given seal, and returns the sealed value.

func SealedConfigName

func SealedConfigName(name string) string

SealedConfigName returns the suffixed name to use for a configstore (sealed) item.

func UnsealConfig

func UnsealConfig(s *configstore.Item) (string, error)

UnsealConfig can be used with configstore.ItemList.Transform() to unseal configstore items.

func WaitUnseal

func WaitUnseal() bool

WaitUnseal waits for the global singleton instance to become unsealed. It returns false if the global singleton instance is not initialized, otherwise it blocks and eventually returns true.

Types

type Seal

type Seal struct {
	Min      uint   `json:"min"`
	Total    uint   `json:"total"`
	Nonce    string `json:"nonce"`
	Progress uint   `json:"progress,omitempty"`
	Unsealed bool   `json:"unsealed,omitempty"`
	// contains filtered or unexported fields
}

Seal is a shamir-sharded encryption key.

func Global

func Global() *Seal

Global returns the global singleton seal.

func NewRandom

func NewRandom(min, total uint) (*Seal, []string, error)

NewRandom instantiates a new random Seal.

func NewSealFromConfig

func NewSealFromConfig() (*Seal, error)

NewSealFromConfig instantiates a new Seal from the configstore.

func NewSealFromStore added in v0.3.0

func NewSealFromStore(s *configstore.Store) (*Seal, error)

NewSealFromStore instantiates a new Seal from a specific store instance.

func (*Seal) AddShard

func (r *Seal) AddShard(s string) (bool, error)

AddShard adds a new shard to the Seal instance, trying to unseal it. It returns an error if the instance is nil, already unsealed or if the shard is invalid. It returns true if the seal became unsealed.

func (*Seal) Decrypt

func (r *Seal) Decrypt(s string, extra ...[]byte) ([]byte, error)

Decrypt arbitrary data from a hex-representation string. Extra data can be passed for MAC.

func (*Seal) Encrypt

func (r *Seal) Encrypt(b []byte, extra ...[]byte) (string, error)

Encrypt arbitrary data. Extra data can be passed for MAC. Returns a printable hex-representation of the encrypted value.

func (*Seal) Sealed

func (r *Seal) Sealed() bool

Sealed returns false is the Seal instance is nil or unsealed. It returns true if it is initialized but still sealed.

type SealError added in v0.5.0

type SealError struct {
	// contains filtered or unexported fields
}

SealError is the concrete type returned for all errors originating from seal mis-use: Wrong parameters, incoherent state, etc.

type SealedConfigFilter

type SealedConfigFilter struct {
	// contains filtered or unexported fields
}

SealedConfigFilter helps managing configstore items encrypted with the seal. By using this filter like you would configstore's filter, you can directly manipulate sealed config items. They will be transformed from their encrypted blob form back to their plain form automatically. Also, KnownSealedConfigs() will be populated with the key name.

func ConfigFilter

func ConfigFilter() *SealedConfigFilter

ConfigFilter returns a new SealedConfigFilter.

func (*SealedConfigFilter) Slice

Slice filters the list items, keeping only those matching key. If the global singleton is configured, it appends -sealed to the lookup key, and decrypts it before passing it to the rest of the chain.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL