luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
13,257 Commits 1 Branch 0 Tags 214 MiB
Commit Graph

26 Commits

Author SHA1 Message Date
Scott Miller b13b27f37e
OSS side barrier encryption tracking and automatic rotation (#11007) 
* Automatic barrier key rotation, OSS portion

* Fix build issues

* Vendored version

* Add missing encs field, not sure where this got lost.
 2021-02-25 14:27:25 -06:00
Scott Miller 57c6ae4233
Test for overflow of the capacity value (#9317) 2020-06-25 11:22:13 -05:00
ncabatoff 1c98152fa0
Shamir seals now come in two varieties: legacy and new-style. (#7694) 
Shamir seals now come in two varieties: legacy and new-style. Legacy
Shamir is automatically converted to new-style when a rekey operation
is performed. All new Vault initializations using Shamir are new-style.

New-style Shamir writes an encrypted master key to storage, just like
AutoUnseal. The stored master key is encrypted using the shared key that
is split via Shamir's algorithm. Thus when unsealing, we take the key
fragments given, combine them into a Key-Encryption-Key, and use that
to decrypt the master key on disk. Then the master key is used to read
the keyring that decrypts the barrier.
 2019-10-18 14:46:00 -04:00
Lexman c86fe212c0
oss changes for entropy augmentation feature (#7670) 
* oss changes for entropy augmentation feature

* fix oss command/server/config tests

* update go.sum

* fix logical_system and http/ tests

* adds vendored files

* removes unused variable
 2019-10-17 10:33:00 -07:00
Jeff Mitchell 8bcb533a1b
Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
Jeff Mitchell 27c960d8df
Split SubView functionality into logical.StorageView (#6141) 
This lets other parts of Vault that can't depend on the vault package
take advantage of the subview functionality.

This also allows getting rid of BarrierStorage and vault.Entry, two
totally redundant abstractions.
 2019-01-31 09:25:18 -05:00
Josh Soref 73b1fde82f Spelling (#4119) 2018-03-20 14:54:10 -04:00
Jeff Mitchell b4be030d07
Add context to barrier encryptor interface 2018-01-19 05:28:47 -05:00
Brian Kassouf 2f19de0305 Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 01:44:44 -05:00
Jeff Mitchell 548629e8ef Port over some changes 2017-11-30 09:43:07 -05:00
Jeff Mitchell c144f95be0 Sync over 2017-10-23 16:43:07 -04:00
Jeff Mitchell f37b6492d1 More rep porting (#2391) 
* More rep porting

* Add a bit more porting
 2017-02-16 23:09:39 -05:00
Armon Dadgar f6729b29f8 vault: adding ability to reload master key 2015-05-29 14:29:55 -07:00
Armon Dadgar 67ed0a3c16 vault: moving upgrade path into barrier 2015-05-28 16:42:32 -07:00
Armon Dadgar 796ae59a89 vault: support keyring reload 2015-05-28 16:09:15 -07:00
Armon Dadgar 2e86fa62d5 vault: adding barrier AddKey 2015-05-28 15:52:26 -07:00
Armon Dadgar 4e3f0cddcf vault: Adding VerifyMaster to Barrier 2015-05-28 11:28:33 -07:00
Armon Dadgar 26cff2f42f vault: expose information about keys 2015-05-27 17:25:36 -07:00
Armon Dadgar b93feb8a6b vault: first pass at rekey 2015-05-27 17:13:40 -07:00
Armon Dadgar ead96e8c99 vault: first pass at key rotation 2015-05-27 17:05:02 -07:00
Armon Dadgar 50dc6a471e vault: adding path for keyring 2015-05-27 15:23:43 -07:00
Armon Dadgar f2c0f79435 vault: Split SecurityBarrier interface to BarrierStorage 2015-04-10 16:43:35 -07:00
Mitchell Hashimoto 63a9eb321a logical: put structs here, vault uses them 2015-03-15 14:27:06 -07:00
Armon Dadgar 3ed3e23d93 vault: Improve error when unseal key is wrong 2015-03-12 11:27:41 -07:00
Armon Dadgar aa0ca02b8c vault: sanity check key length 2015-03-12 11:20:38 -07:00
Armon Dadgar e8abe8b0cd vault: First pass at a barrier 2015-03-05 13:27:35 -08:00