12bd2f430b
Ensure generatePolicy checks disk, not just the cache, now that we aren't eager loading
2016-01-28 13:10:59 -05:00
dd1b94fbd6
Remove eager loading
2016-01-28 08:59:05 -05:00
be83340b14
Embed the cache directly
2016-01-27 21:59:20 -05:00
48c9f79896
Implement locking in the transit backend.
...
This ensures that we can safely rotate and modify configuration
parameters with multiple requests in flight.
As a side effect we also get a cache, which should provide a nice
speedup since we don't need to decrypt/deserialize constantly, which
would happen even with the physical LRU.
2016-01-27 17:03:21 -05:00
d1b2bf3183
Move archive location; also detect first load of a policy after archive
...
is added and cause the keys to be copied to the archive.
2016-01-27 13:41:37 -05:00
369d0bbad0
Address review feedback
2016-01-27 13:41:37 -05:00
e5a58109ec
Store all keys in archive always
2016-01-27 13:41:37 -05:00
30ffc18c19
Add unit tests
2016-01-27 13:41:37 -05:00
5000711a67
Force min decrypt version to 1 if it's zero, which allows fixing problematic archiving logic
2016-01-27 13:41:37 -05:00
7a27dd5cb3
Fix logic bug when restoring keys
2016-01-27 13:41:37 -05:00
004b35be36
Fix decrementing instead of incrementing
2016-01-27 13:41:37 -05:00
beafe25508
Initial transit key archiving work
2016-01-27 13:41:37 -05:00
f3ce90164f
WriteOperation -> UpdateOperation
2016-01-08 13:03:03 -05:00
3eb38d19ba
Update transit backend documentation, and also return the min decryption
...
value in a read operation on the key.
2015-09-21 16:13:43 -04:00
01ee6c4fe1
Move no_plaintext to two separate paths for datakey.
2015-09-18 14:41:05 -04:00
448249108c
Add datakey generation to transit.
...
Can specify 128 bits (defaults to 256) and control whether or not
plaintext is returned (default true).
Unit tests for all of the new functionality.
2015-09-18 14:41:05 -04:00
61398f1b01
Remove enable/disable and make deletion_allowed a configurable property. On read, return the version and creation time of each key
2015-09-18 14:41:05 -04:00
801e531364
Enhance transit backend:
...
* Remove raw endpoint from transit
* Add multi-key structure
* Add enable, disable, rewrap, and rotate functionality
* Upgrade functionality, and record creation time of keys in metadata. Add flag in config function to control the minimum decryption version, and enforce that in the decrypt function
* Unit tests for everything
2015-09-18 14:41:05 -04:00
6c2927ede0
Vault: Fix wild card paths for all backends
2015-08-21 00:56:13 -07:00
0be3d419c8
secret/transit: address PR feedback
2015-07-05 19:58:31 -06:00
8293457633
secret/transit: use base64 for context to allow binary
2015-07-05 14:37:51 -07:00
f0eec18cc7
secret/transit: testing key derivation
2015-07-05 14:30:45 -07:00
143cd0875e
secret/transit: support key derivation in encrypt/decrypt
2015-07-05 14:19:24 -07:00
ae9591004b
secret/transit: check for context for derived keys
2015-07-05 14:12:07 -07:00
b30dbce404
secret/transit: support derived keys
2015-07-05 14:11:02 -07:00
4b27e4d8c5
Remove SetLogger, and unify on framework.Setup
2015-06-30 17:45:20 -07:00
5d69e7da90
Updating for backend API change
2015-06-30 17:36:12 -07:00
d34861b811
secret/transit: allow policies to be upserted
2015-06-17 18:51:05 -07:00
f53d31a580
secret/transit: Use special endpoint to get underlying keys. Fixes #219
2015-06-17 18:42:23 -07:00
6a38090822
secret/transit: rename policy to keys
2015-04-27 13:52:47 -07:00
793e6efef4
secret/transit: Adding more help. Fixes #41
2015-04-27 12:47:09 -07:00
07bffafbbd
Adding transit logical backend
2015-04-15 17:08:12 -07:00
Jeff Mitchell