keystore-0.8.1.1: Managing stores of secret things

Data.KeyStore.Sections

Synopsis

# Documentation

data SECTIONS h s k Source #

Constructors

 SECTIONS

class (Bounded a, Enum a, Eq a, Ord a, Show a) => Code a where Source #

Minimal complete definition

encode

Methods

encode :: a -> String Source #

class (Code h, Code s, Code k) => Sections h s k | s -> h, k -> h, h -> s, k -> s, s -> k, h -> k where Source #

This class describes the relationship between the host-id, section-id and key-id types used to build a hierarchical deployment model for a keystore. A minimal instance would have to define hostDeploySection. The deploy example program contains a fairly thorough example of this class being used to implement a quite realitic deploymrnt scenario.

Minimal complete definition

hostDeploySection

Methods

Arguments

 :: h -> s the deployment section: for a given host, the starting section for locating the keys during a deployment (higher/closer sections taking priority)

Arguments

 :: s -> SectionType whether the section holds the top key for the keystore (i.e., keystore master key), the signing key for the keystore or is a normal section containing deployment keys

Arguments

 :: s -> [s] the sections that get a copy of the master for this section (making all of its keys available to them); N.B., the graph formed by this this relationship over the sections must be acyclic

Arguments

 :: k -> Maybe (h -> Bool) if the key is host-indexed then the predicate specifies the hosts that use this key

Arguments

 :: k -> s -> Bool specifies which sections a key is resident in

Arguments

 :: Maybe h -> s -> k -> IO KeyData loads the data for a particular key

Arguments

 :: Maybe h -> s -> k -> IO (KeyDataMode, KeyData) loads the data for a particular key, returning mode

Arguments

 :: Maybe s -> IO Settings loads the setting for a given settings

Arguments

 :: k -> String describes the key (for the ks help command)

Arguments

 :: s -> String describes the section (for the ks help command)

Arguments

 :: s -> EnvVar secifies the environment variable containing the ^ master password/provate key for for the given section

Sections are used to hold the top (master) key for the keystore, its signing key, or deployment keys

Constructors

 ST_top ST_signing ST_keys
Instances
 Source # Instance detailsDefined in Data.KeyStore.Sections Methods Source # Instance detailsDefined in Data.KeyStore.Sections Methods Source # Instance detailsDefined in Data.KeyStore.Sections MethodsshowList :: [SectionType] -> ShowS #

data KeyData Source #

A key is triple containing some (plain-text) identity information for the key, some comment text and the secret text to be encrypted. Note that the keystore doesn't rely on this information but merely stores it. (They can be empty.) The identity field will often be used to storte the key's identity within the system that generates and uses it, ofor example.

Constructors

 KeyData Fields
Instances
 Source # Instance detailsDefined in Data.KeyStore.Sections Methods(==) :: KeyData -> KeyData -> Bool #(/=) :: KeyData -> KeyData -> Bool # Source # Instance detailsDefined in Data.KeyStore.Sections MethodsshowList :: [KeyData] -> ShowS #

Constructors

 KDM_static KDM_random
Instances
 Source # Instance detailsDefined in Data.KeyStore.Sections Methods Source # Instance detailsDefined in Data.KeyStore.Sections Methods Source # Instance detailsDefined in Data.KeyStore.Sections Methods Source # Instance detailsDefined in Data.KeyStore.Sections Methods Source # Instance detailsDefined in Data.KeyStore.Sections MethodsshowList :: [KeyDataMode] -> ShowS #

type KeyPredicate h s k = Maybe h -> s -> k -> Bool Source #

One, many or all of the keys in a store may be rotated at a time. we use one of these to specify which keys are to be rotated.

This type specifies the reasons that an attempt to access a key from the store has failed. This kind of failure suggests an inconsistent model and will be raised regardless of which keys have been stored in the store.

Constructors

 RDG_key_not_reachable RDG_no_such_host_key
Instances
 Source # Instance detailsDefined in Data.KeyStore.Sections Methods Source # Instance detailsDefined in Data.KeyStore.Sections Methods Source # Instance detailsDefined in Data.KeyStore.Sections MethodsshowList :: [RetrieveDg] -> ShowS #

initialise :: Sections h s k => CtxParams -> KeyPredicate h s k -> IO () Source #

Here we create the store and rotate in a buch of keys. N.B. All of the section passwords must be bound in the process environment before calling procedure.

rotate :: Sections h s k => IC -> KeyPredicate h s k -> IO () Source #

Rotate in a set of keys specified by the predicate.

rotateIfChanged :: Sections h s k => IC -> KeyPredicate h s k -> IO () Source #

Rotate in a set of keys specified by the predicate, rotating each key only if it has changed: NB the check is contingent on the secret text being accessible; if the secret text is not accessible then the rotation will happen.

rotate_ :: Sections h s k => IC -> Maybe KeyDataMode -> Bool -> KeyPredicate h s k -> IO () Source #

Rotate in a set of keys specified by the predicate with the first argument controlling whether to squash duplicate rotations

retrieve :: Sections h s k => IC -> h -> k -> IO (Retrieve [Key]) Source #

Retrieve the keys for a given host from the store. Note that the whole history for the given key is returned. Note also that the secret text may not be present if it is not accessible (depnding upon hwich section passwords are correctly bound in the process environment). Note also that the Retrieve diagnostic should not fail if a coherent model has been ddefined for Sections.

signKeystore :: Sections h s k => IC -> SECTIONS h s k -> IO ByteString Source #

Sign the keystore. (Requites the password for the signing section to be correctly bound in the environment)

noKeys :: KeyPredicate h s k Source #

A predicate specifying all of the keys in the store.

allKeys :: KeyPredicate h s k Source #

A predicate specifying none of the keys in the keystore.

listKeys :: Sections h s k => KeyPredicate h s k -> [(Maybe h, s, k)] Source #

List all of the keys specified by a KeyPredicate

keyPrededicate :: Sections h s k => Maybe h -> Maybe s -> Maybe k -> KeyPredicate h s k Source #

A utility for specifing a slice of the keys in the store, optionally specifying host section and key that should belong to the slice. (If the host is specified then the resulting predicate will only include host-indexed keys belonging to the given host.)

keyHelp :: Sections h s k => Maybe k -> Text Source #

secretKeySummary :: Sections h s k => IC -> SECTIONS h s k -> IO Text Source #

List a shell script for establishing all of the keys in the environment. NB For this to work the password for the top section (or the passwords for all of the sections must be bound if the store does not maintain a top key).

publicKeySummary :: Sections h s k => IC -> SECTIONS h s k -> FilePath -> IO Text Source #

List a shell script for storing the public signing key for the store.

locateKeys :: Sections h s k => IC -> SECTIONS h s k -> Name -> IO [Key] Source #

List all of the keys that have the given name as their prefix. If the generic name of a key is given then it will list the complete history for the key, the current (or most recent) entry first.

keyName :: Sections h s k => h -> k -> Retrieve Name Source #

Return the generic name for a given key thst is used by the specified host, returning a failure diagnostic if the host does not have such a key on the given Section model.

keyName_ :: Sections h s k => Maybe h -> s -> k -> Name Source #

Basic function for generating a key name from the host (if it is host indexex), section name and key id.

passwordName :: Sections h s k => s -> Name Source #

The name of the key that stores the password for a given sections.

mkSection :: Sections h s k => IC -> s -> IO () Source #