Commit Graph

2049 Commits

Author SHA1 Message Date
Mitchell Hashimoto 9d84e7bacc vault: don't copy the key so it can be zeroed, document, add helper 2015-03-14 18:25:55 -07:00
Mitchell Hashimoto 866b91d858 vault: public TestCoreUnsealed, don't modify key in Unseal
/cc @armon - I do a key copy within Unseal now. It tripped me up for
quite awhile that that method actually modifies the param in-place and I
can't think of any scenario that is good for the user. Do you see any
issues here?
2015-03-14 17:47:11 -07:00
Mitchell Hashimoto b2af154fb4 vault: make Mount related core functions public
/cc @armon - So I know the conversation we had related to this about
auth, but I think we still need to export these and do auth only at the
external API layer. If you're writing to the internal API, then all bets
are off.

The reason is simply that if you have access to the code, you can
already work around it anyways (you can disable auth or w/e), so a
compromised Vault source/binary is already a failure, and that is the
only thing that our previous unexported methods were protecting against.

If you write an external tool to access a Vault, it still needs to be
unsealed so _that_ is the primary security mechanism from an API
perspective. Once it is unsealed then the core API has full access to
the Vault, and identity/auth is only done at the external API layer, not
at the internal API layer.

The benefits of this approach is that it lets us still treat the "sys"
mount specially but at least have sys adopt helper/backend and use that
machinery and it can still be the only backend which actually has a
reference to *vault.Core to do core things (a key difference). So, an
AWS backend still will never be able to muck with things it can't, but
we're explicitly giving Sys (via struct initialization in Go itself)
a reference to *vault.Core.
2015-03-14 17:26:59 -07:00
Mitchell Hashimoto f43a0290cf vault: public testing methods 2015-03-13 12:53:09 -07:00
Armon Dadgar 9d5db1286d vault: Track the renew time 2015-03-13 11:36:24 -07:00
Armon Dadgar 081358091a vault: improve seal/unseal log messages 2015-03-13 11:34:40 -07:00
Armon Dadgar f0d00e77ec vault: Adding start/stop to expiration manager 2015-03-13 11:31:43 -07:00
Armon Dadgar d744d4ee5e vault: integrate expiration manager with core setup/teardown 2015-03-13 11:20:36 -07:00
Armon Dadgar d0380e553d vault: Support a pre-seal teardown 2015-03-13 11:16:24 -07:00
Armon Dadgar 5ce63ea7cd vault: Adding lease registration 2015-03-13 10:56:03 -07:00
Armon Dadgar affeefa7f8 vault: Validate lease values 2015-03-13 10:56:03 -07:00
Armon Dadgar e77ce26d31 vault: spec out expiration manager API 2015-03-12 18:38:22 -07:00
Armon Dadgar 15de847389 vault: Setup expiration manager on unseal 2015-03-12 12:44:30 -07:00
Armon Dadgar 6c759416d0 vault: special view path for system 2015-03-12 12:44:30 -07:00
Armon Dadgar ef82fe04c6 vault: Support sub-views 2015-03-12 12:44:30 -07:00
Armon Dadgar b17607e51f vault: support remount 2015-03-12 12:09:30 -07:00
Armon Dadgar 3ed3e23d93 vault: Improve error when unseal key is wrong 2015-03-12 11:27:41 -07:00
Armon Dadgar aa0ca02b8c vault: sanity check key length 2015-03-12 11:20:38 -07:00
Mitchell Hashimoto 718065c733 vault: the config has to be exported 2015-03-12 10:22:12 -07:00
Armon Dadgar 11b76b064c vault: Verify paths that are root 2015-03-11 18:47:15 -07:00
Armon Dadgar 67dc52f40f vault: testing new system endpoints 2015-03-11 18:34:33 -07:00
Armon Dadgar 719eded495 vault: testing mount/unmount 2015-03-11 18:29:49 -07:00
Armon Dadgar 0ca093fb2d vault: First pass at mount/unmount 2015-03-11 18:19:45 -07:00
Armon Dadgar 59052069bc vault: Router can check for matching mounts 2015-03-11 18:19:45 -07:00
Armon Dadgar 91462a61a2 vault: Adding mounts table endpoint 2015-03-11 16:12:15 -07:00
Armon Dadgar b212890043 vault: Setup the mount tables after load 2015-03-11 15:50:42 -07:00
Armon Dadgar 10afebabdd vault: Moving generic backend into package 2015-03-11 15:50:42 -07:00
Armon Dadgar c6009345d1 vault: Testing mount table setup 2015-03-11 15:33:25 -07:00
Armon Dadgar f54e4e0f6a vault: Loading mount tables on start 2015-03-11 15:19:41 -07:00
Armon Dadgar 370693ebb4 vault: Adding UUID method 2015-03-11 15:13:07 -07:00
Armon Dadgar fdad9e9ce3 vault: Test routing while sealed 2015-03-11 14:31:55 -07:00
Armon Dadgar a6508b4010 vault: Testing core unseal 2015-03-11 14:25:16 -07:00
Armon Dadgar faa337dcbe vault: Testing initialization 2015-03-11 11:57:05 -07:00
Armon Dadgar 8fdac427a7 vault: Test initialization simple 2015-03-11 11:52:01 -07:00
Armon Dadgar 6794e59e2b vault: First pass at Unseal 2015-03-11 11:43:36 -07:00
Armon Dadgar 8c49152c78 vault: Support secret sharing 2015-03-11 11:34:08 -07:00
Armon Dadgar 53b4e3281a vault: First pass at initialization 2015-03-09 17:45:34 -07:00
Armon Dadgar da34cbb39a vault: Adding core skeleton 2015-03-09 16:33:27 -07:00
Armon Dadgar ff5834ddb4 vault: Adding mount type 2015-03-09 16:12:07 -07:00
Armon Dadgar a453d8fbf8 vault: Adding router 2015-03-05 17:23:56 -08:00
Armon Dadgar 51cc19e92f logical: Adding generic backend 2015-03-05 16:35:09 -08:00
Armon Dadgar e997fd31ea vault: more logical details 2015-03-05 15:31:40 -08:00
Armon Dadgar 0de1ac001f vault: Skeleton logical backend interface 2015-03-05 15:24:00 -08:00
Armon Dadgar a249149329 vault: Adding a barrier view 2015-03-05 14:34:05 -08:00
Armon Dadgar 9d2d0298ea vault: Basic test for barrier confidentiality and integrity 2015-03-05 14:03:00 -08:00
Armon Dadgar ea7f4a45e6 vault: Structure the barrier init file 2015-03-05 13:57:45 -08:00
Armon Dadgar 7326959d25 vault: Double Unseal should be a no-op 2015-03-05 13:29:23 -08:00
Armon Dadgar e8abe8b0cd vault: First pass at a barrier 2015-03-05 13:27:35 -08:00
Armon Dadgar 0cac63234a vault: Adding utility methods 2015-03-05 11:44:03 -08:00