forked from cosmos/cosmos-sdk
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
keyring's encrypted file backend integration (cosmos#5355)
Client commands accept a new `--keyring-backend` option through which users can specify which backend should be used by the new key store: - os: use OS default credentials storage (default). - file: use encrypted file-based store. - test: use password-less key store (highly insecure).
- Loading branch information
1 parent
916998b
commit 078c053
Showing
15 changed files
with
171 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
package keys | ||
|
||
import ( | ||
"path/filepath" | ||
"strings" | ||
"testing" | ||
|
||
"github.com/spf13/viper" | ||
"github.com/stretchr/testify/require" | ||
|
||
"github.com/cosmos/cosmos-sdk/client/flags" | ||
"github.com/cosmos/cosmos-sdk/tests" | ||
) | ||
|
||
func TestNewKeyringFromDir(t *testing.T) { | ||
dir, cleanup := tests.NewTestCaseDir(t) | ||
defer cleanup() | ||
viper.Set(flags.FlagKeyringBackend, flags.KeyringBackendTest) | ||
_, err := NewKeyringFromDir(filepath.Join(dir, "test"), nil) | ||
require.NoError(t, err) | ||
viper.Set(flags.FlagKeyringBackend, flags.KeyringBackendFile) | ||
buf := strings.NewReader("password\npassword\n") | ||
_, err = NewKeyringFromDir(filepath.Join(dir, "test"), buf) | ||
require.NoError(t, err) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
# Keys API | ||
|
||
[![API Reference](https://godoc.org/github.com/cosmos/cosmos-sdk/crypto/keys?status.svg)](https://godoc.org/github.com/cosmos/cosmos-sdk/crypto/keys) | ||
|
||
|
||
## The Keybase interface | ||
|
||
The [Keybase](https://godoc.org/github.com/cosmos/cosmos-sdk/crypto/keys#Keybase) interface defines | ||
the methods that a type needs to implement to be used as key storage backend. This package provides | ||
few implementations out-of-the-box. | ||
|
||
## Constructors | ||
|
||
### New | ||
|
||
The [New](https://godoc.org/github.com/cosmos/cosmos-sdk/crypto/keys#New) constructor returns | ||
an on-disk implementation backed by LevelDB storage that has been the default implementation used by the SDK until v0.38.0. | ||
Due to [security concerns](https://github.com/cosmos/cosmos-sdk/blob/master/docs/architecture/adr-006-secret-store-replacement.md), we recommend to drop | ||
it in favor of the `NewKeyring` or `NewKeyringFile` constructors. We strongly advise to migrate away from this function as **it may be removed in a future | ||
release**. | ||
|
||
### NewInMemory | ||
|
||
The [NewInMemory](https://godoc.org/github.com/cosmos/cosmos-sdk/crypto/keys#NewInMemory) constructor returns | ||
an implementation backed by an in-memory, goroutine-safe map that we've historically used for testing purposes or on-the-fly | ||
key generation and we consider safe for the aforementioned use cases since the generated keys are discarded when the process | ||
terminates or the type instance is garbage collected. | ||
|
||
### NewKeyring | ||
|
||
The [NewKeyring](https://godoc.org/github.com/cosmos/cosmos-sdk/crypto/keys#NewKeyring) constructor returns | ||
an implementation backed by the [Keyring](https://github.com/99designs/keyring) library, whose aim is to provide a common | ||
abstraction and uniform interface between secret stores available for Windows, macOS, and most GNU/Linux distributions. | ||
The instance returned by this constructor will use the operating system's default credentials store, which will then handle | ||
keys storage operations securely. | ||
|
||
### NewKeyringFile, NewTestKeyring | ||
|
||
Both [NewKeyringFile](https://godoc.org/github.com/cosmos/cosmos-sdk/crypto/keys#NewKeyringFile) and | ||
[NewTestKeyring](https://godoc.org/github.com/cosmos/cosmos-sdk/crypto/keys#NewTestKeyring) constructors return | ||
on-disk implementations backed by the [Keyring](https://github.com/99designs/keyring) `file` backend. | ||
Whilst `NewKeyringFile` returns a secure, encrypted file-based type that requires user's password in order to | ||
function correctly, the implementation returned by `NewTestKeyring` stores keys information in clear text and **must be used | ||
only for testing purposes**. | ||
|
||
`NewKeyringFile` and `NewTestKeyring` store key files in the client home directory's `keyring` | ||
and `keyring-test` subdirectories respectively. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.