Commit Graph

21 Commits

Author SHA1 Message Date
Jim Kalafut 22c4ae5933
Rename master key to root key (#13324)
* See what it looks like to replace "master key" with "root key".  There are two places that would require more challenging code changes: the storage path `core/master`, and its contents (the JSON-serialized EncodedKeyringtructure.)

* Restore accidentally deleted line

* Add changelog

* Update root->recovery

* Fix test

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2021-12-06 17:12:20 -08:00
Lars Lehtonen 53dd619d2f
vault: deprecate errwrap.Wrapf() (#11577) 2021-05-11 13:12:54 -04:00
Scott Miller 535bcf289e
Fix handling of minimum operations, and forward rotate/config requests to Primary (#11116)
* Boost max_operations to the greater of that specified or absoluteMinOperations

* Forward rotation config requests to the primary

* Reject rotation configs outside the min/max range

* Minor wording fix
2021-03-18 15:08:47 -05:00
Brian Kassouf aa00b53ba1
Make sure we sanitize the rotation config on each clone (#11050)
* Make sure we sanitize the rotation config on each clone

* Add regression test for missing rotation config

* use Equals

* simplify

Co-authored-by: Scott G. Miller <smiller@hashicorp.com>
2021-03-08 10:59:21 -06:00
Scott Miller a7b372b447
Two minor changes not reflected OSS side (#11020) 2021-02-26 14:23:56 -06:00
Scott Miller b13b27f37e
OSS side barrier encryption tracking and automatic rotation (#11007)
* Automatic barrier key rotation, OSS portion

* Fix build issues

* Vendored version

* Add missing encs field, not sure where this got lost.
2021-02-25 14:27:25 -06:00
Scott Miller 77d27cb968
Add NIST guidance on rotating keys used for AES-GCM encryption (#10612)
* Add NIST guidance on rotating keys used for AES-GCM encryption

* Capture more places barrier encryption is used

* spacing issue

* Probabilistically track an estimated encryption count by key term

* Un-reorder imports

* wip

* get rid of sampling
2021-01-07 15:37:37 -06:00
Jeff Mitchell 8bcb533a1b
Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
Vishal Nayak 28e3eb9e2c
Errwrap everywhere (#4252)
* package api

* package builtin/credential

* package builtin/logical

* package command

* package helper

* package http and logical

* package physical

* package shamir

* package vault

* package vault

* address feedback

* more fixes
2018-04-05 11:49:21 -04:00
vishalnayak ad7cb2c8f1 Added JSON Decode and Encode helpers.
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
2016-07-06 12:25:40 -04:00
Jeff Mitchell 8d19b4fb53 Add keyring zeroize function and add some more memzero calls in
appropriate places. Known to be best-effort, but may help in some cases.

Fixes #1446
2016-05-27 20:47:40 +00:00
Levi Gross fffcfc668b Fixed comment spelling mistake and removed unnecessary variable allocation 2015-10-15 14:51:30 -04:00
Armon Dadgar 0f933df76e vault: fixing a typo 2015-06-02 16:04:05 +02:00
Armon Dadgar c095861a02 keyring: Add key serialization 2015-05-28 15:49:52 -07:00
Armon Dadgar 5aed043ea5 vault: ensure master key is copied to avoid memzero issues 2015-05-28 11:38:59 -07:00
Armon Dadgar 490bece0a0 vault: make keyring immutable 2015-05-27 16:58:55 -07:00
Armon Dadgar 0e9136d14c vault: first pass at keyring integration 2015-05-27 16:01:25 -07:00
Armon Dadgar 8c2a767f4f vault: Adding version to key entry 2015-05-27 15:23:31 -07:00
Armon Dadgar 1903518202 vault: Ensure we always set a key InstallTime 2015-05-27 14:37:40 -07:00
Armon Dadgar ef2f71e17f vault: Adding InstallTime to key in keyring 2015-05-27 14:37:40 -07:00
Armon Dadgar 57c763a3fa vault: Adding keyring 2015-05-27 14:37:40 -07:00