luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
11,151 Commits 1 Branch 0 Tags 214 MiB
Commit Graph

51 Commits

Author SHA1 Message Date
Lexman c86fe212c0
oss changes for entropy augmentation feature (#7670) 
* oss changes for entropy augmentation feature

* fix oss command/server/config tests

* update go.sum

* fix logical_system and http/ tests

* adds vendored files

* removes unused variable
 2019-10-17 10:33:00 -07:00
ncabatoff c16e3bbceb
Cache whether we've been initialized to reduce load on storage (#7549) 2019-10-08 17:52:38 -04:00
Brian Kassouf 934b497101
Clear the Barrier AEAD cache on keyring reload (#6870) 
* Clear the barrier's AEAD cache on keyring reload

* Update barrier_aes_gcm_test.go
 2019-06-12 08:56:16 -07:00
Jeff Mitchell 8bcb533a1b
Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
Jeff Mitchell 9f0a6edfcb
Remove some instances of potential recursive locking (#6548) 2019-04-08 12:45:28 -04:00
Jeff Mitchell 27c960d8df
Split SubView functionality into logical.StorageView (#6141) 
This lets other parts of Vault that can't depend on the vault package
take advantage of the subview functionality.

This also allows getting rid of BarrierStorage and vault.Entry, two
totally redundant abstractions.
 2019-01-31 09:25:18 -05:00
Jim Kalafut d0e2badbae Run goimports across the repository (#6010) 
The result will still pass gofmtcheck and won't trigger additional
changes if someone isn't using goimports, but it will avoid the
piecemeal imports changes we've been seeing.
 2019-01-08 16:48:57 -08:00
Vishal Nayak 510726494a Fix panic when storage value is nil (#5724) 
* Fix panic when storage value is nil

* Ensure the value is at least of expected length

* Format correction

* Address review feedback
 2018-11-07 14:10:08 -08:00
Jeff Mitchell a64fc7d7cb
Batch tokens (#755) 2018-10-15 12:56:24 -04:00
Jeff Mitchell c9e2cd93e8
Move logic around a bit to avoid holding locks when not necessary (#5277) 
Also, ensure we are error checking the rand call
 2018-09-05 11:49:32 -04:00
Becca Petrin 7a8c116fb1
undo make fmt (#5265) 2018-09-04 09:29:18 -07:00
Becca Petrin ed7639b0ec
run make fmt (#5261) 2018-09-04 09:12:59 -07:00
Calvin Leung Huang 9988ace85e gofmt files (#5233) 2018-08-31 09:15:40 -07:00
Jeff Mitchell 75eb0f862e
Revert some of commit 050ab805a7565c5b0cadb0176023031ee5f0d17b. (#4768) 
If we have a panic defer functions are run but unlocks aren't. Since we
can't really trust plugins and storage, this backs out the changes for
those parts of the request path.
 2018-06-14 13:44:13 -04:00
Jeff Mitchell 0c2d2226c4
Remove a lot of deferred functions in the request path. (#4733) 
* Remove a lot of deferred functions in the request path.

There is an interesting benchmark at https://www.reddit.com/r/golang/comments/3h21nk/simple_micro_benchmark_to_measure_the_overhead_of/

It shows that defer actually adds quite a lot of overhead -- maybe 100ns
per call but we defer a *lot* of functions in the request path. So this
removes some of the ones in request handling, ha, barrier, router, and
physical cache.

One meta-note: nearly every metrics function is in a defer which means
every metrics call we add could add a non-trivial amount of time, e.g.
for every 10 extra metrics statements we add 1ms to a request. I don't
know how to solve this right now without doing what I did in some of
these cases and putting that call into a simple function call that then
goes before each return.

* Simplify barrier defer cleanup
 2018-06-14 09:49:10 -04:00
Becca Petrin abb621752f Clean up error string formatting (#4304) 2018-04-09 14:35:21 -04:00
Vishal Nayak 28e3eb9e2c
Errwrap everywhere (#4252) 
* package api

* package builtin/credential

* package builtin/logical

* package command

* package helper

* package http and logical

* package physical

* package shamir

* package vault

* package vault

* address feedback

* more fixes
 2018-04-05 11:49:21 -04:00
Jeff Mitchell 123e22cd7e Fix compile 2018-01-19 05:31:55 -05:00
Brian Kassouf 2f19de0305 Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 01:44:44 -05:00
Jeff Mitchell 548629e8ef Port over some changes 2017-11-30 09:43:07 -05:00
Jeff Mitchell c144f95be0 Sync over 2017-10-23 16:43:07 -04:00
Jeff Mitchell f37b6492d1 More rep porting (#2391) 
* More rep porting

* Add a bit more porting
 2017-02-16 23:09:39 -05:00
Jeff Mitchell 69eb5066dd Multi value test seal (#2281) 2017-01-17 15:43:10 -05:00
vishalnayak ad7cb2c8f1 Added JSON Decode and Encode helpers. 
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
 2016-07-06 12:25:40 -04:00
Jeff Mitchell 8d19b4fb53 Add keyring zeroize function and add some more memzero calls in 
appropriate places. Known to be best-effort, but may help in some cases.

Fixes #1446
 2016-05-27 20:47:40 +00:00
Sean Chittenden 7a4b31ce51
Speling police 2016-05-15 09:58:36 -07:00
Jeff Mitchell c5ddfbc391 Bump AESGCM version; include path in the GCM tags. 2015-09-19 17:04:37 -04:00
Armon Dadgar ef770e371a vault: guard against potentially missing keyring 2015-07-13 18:18:22 +10:00
Armon Dadgar 7ecd8f05d1 nomad: fixing issue with keyring upgrade 2015-07-07 16:02:49 -06:00
Armon Dadgar f6729b29f8 vault: adding ability to reload master key 2015-05-29 14:29:55 -07:00
Armon Dadgar 67ed0a3c16 vault: moving upgrade path into barrier 2015-05-28 16:42:32 -07:00
Armon Dadgar 796ae59a89 vault: support keyring reload 2015-05-28 16:09:15 -07:00
Armon Dadgar 2e86fa62d5 vault: adding barrier AddKey 2015-05-28 15:52:26 -07:00
Armon Dadgar 4e3f0cddcf vault: Adding VerifyMaster to Barrier 2015-05-28 11:28:33 -07:00
Armon Dadgar 26cff2f42f vault: expose information about keys 2015-05-27 17:25:36 -07:00
Armon Dadgar b93feb8a6b vault: first pass at rekey 2015-05-27 17:13:40 -07:00
Armon Dadgar ead96e8c99 vault: first pass at key rotation 2015-05-27 17:05:02 -07:00
Armon Dadgar 3d800fe7be vault: keyring api changes 2015-05-27 17:04:46 -07:00
Armon Dadgar 28560a612f vault: test for backwards compatability 2015-05-27 16:42:42 -07:00
Armon Dadgar e8e9103300 vault: share keyring persistence code 2015-05-27 16:29:59 -07:00
Armon Dadgar 0e9136d14c vault: first pass at keyring integration 2015-05-27 16:01:25 -07:00
Armon Dadgar 70b3b37ffb vault: rename key epoch to term for clarity 2015-05-27 14:37:39 -07:00
Armon Dadgar a03268bc32 vault: Adding an epoch prefix to keys to support eventual online key rotation 2015-04-17 16:51:13 -07:00
Aaron Bedra 95c37c1c4d Clarify Barrier encryption defaults. 
Declare the defaults in the comments to be what they are now (256 bit
key and default golang NONCE value). Make the key error message more
precise since. It isn't between 16 and 32, it is 16 OR 32.
 2015-04-15 18:24:23 -05:00
Armon Dadgar e6fd2f2ce5 vault: Default key size to 256bit. 2015-04-15 13:33:47 -07:00
Armon Dadgar 3ee434a783 vault: Allow AES key to be up to 256 bits. Fixes #7 2015-04-15 13:33:47 -07:00
Armon Dadgar 512b3d7afd vault: Adding metrics profiling 2015-04-08 16:43:17 -07:00
Armon Dadgar 3ed3e23d93 vault: Improve error when unseal key is wrong 2015-03-12 11:27:41 -07:00
Armon Dadgar aa0ca02b8c vault: sanity check key length 2015-03-12 11:20:38 -07:00
Armon Dadgar ea7f4a45e6 vault: Structure the barrier init file 2015-03-05 13:57:45 -08:00