Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a basic file backend #63

Merged
merged 2 commits into from
Jun 21, 2016
Merged

Add a basic file backend #63

merged 2 commits into from
Jun 21, 2016

Conversation

lox
Copy link
Collaborator

@lox lox commented May 3, 2016
edited
Loading

This adds a file backend for storing keyring items encrypted in ~/.awsvault/keys/{keyname}. Keys are encrypted as JWT tokens.

The usecase for this is for command-line linux usage. It also opens up the possibility of using it on servers to store credentials.

@neumayer
Copy link

I started working on my own simple file backend before I saw this :-). I think your commit should be rather easy to extend further to use gpg, in the future I mean.

Anyway, I tested locally and this works for me. It might be nice to add some tests for non-happy paths.

Any plans on whether you'll merge this?

@lox
Copy link
Collaborator Author

lox commented Jun 20, 2016

Thoughts @pda @mtibben?

@mtibben
Copy link
Member

mtibben commented Jun 21, 2016

👍

mtibben
mtibben reviewed Jun 21, 2016
View reviewed changes
keyring/file.go
return &fileKeyring{
PasswordFunc: terminalPrompt,
}, nil
})
Copy link
Member

@mtibben mtibben Jun 21, 2016
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It may be better to keep use of the supportedBackends in keyring.go to keep the scope small

@pda
Copy link
Collaborator

pda commented Jun 21, 2016

Keys are encrypted as JWT tokens.

Why JWT? Does the encryption layer not provide authentication?

@pda
Copy link
Collaborator

pda commented Jun 21, 2016

Oh right, it's encrypting the data using the Javascript Object Signing and Encryption (JOSE) and/or JWE (JSON Web Encryption) things that are related to JWT.

@pda
Copy link
Collaborator

pda commented Jun 21, 2016

The usecase for this is for command-line linux usage.

Seems good 👍

It also opens up the possibility of using it on servers to store credentials.

Sounds dangerously out of scope.

@lox lox merged commit 0a93138 into master Jun 21, 2016
@mtibben mtibben deleted the file-backend branch November 28, 2016 04:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@lox @neumayer @mtibben @pda