6e069e94ca
* Modernize SSH key lengths No default change was made in this commit; note that the code already enforced a default of 2048 bits. ssh-keygen and Go's RSA key generation allows for key sizes including 3072, 4096, 8192; update the values of SSH key generation to match PKI's allowed RSA key sizes (from certutil.ValidateKeyTypeLength(...)). We still allow the legacy SSH key size of 1024; in the near future we should likely remove it. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Ensure minimum of 2048-bit PKI RSA keys While the stated path is a false-positive, verifying all paths is non-trivial. We largely validate API call lengths using certutil.ValidateKeyTypeLength(...), but ensuring no other path calls certutil.generatePrivateKey(...) --- directly or indirectly --- is non-trivial. Thus enforcing a minimum in this method sounds like a sane compromise. Resolves: https://github.com/hashicorp/vault/security/code-scanning/55 Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> |
||
|---|---|---|
| .. | ||
| database | ||
| framework | ||
| helper | ||
| logical | ||
| physical | ||
| plugin | ||
| queue | ||
| version | ||
| go.mod | ||
| go.sum | ||
| README.md | ||
Vault SDK libs
This package provides the sdk package which contains code useful for
developing Vault plugins.
Although we try not to break functionality, we reserve the right to reorganize
the code at will and may occasionally cause breaks if they are warranted. As
such we expect the tag of this module will stay less than v1.0.0.
For any major changes we will try to give advance notice in the CHANGES section of Vault's CHANGELOG.md.