Safe Haskell | None |
---|---|
Language | Haskell2010 |
Synopsis
- data SECTIONS h s k = SECTIONS
- class (Bounded a, Enum a, Eq a, Ord a, Show a) => Code a where
- class (Code h, Code s, Code k) => Sections h s k | s -> h, k -> h, h -> s, k -> s, s -> k, h -> k where
- hostDeploySection :: h -> s
- sectionType :: s -> SectionType
- superSections :: s -> [s]
- keyIsHostIndexed :: k -> Maybe (h -> Bool)
- keyIsInSection :: k -> s -> Bool
- getKeyData :: Maybe h -> s -> k -> IO KeyData
- getKeyDataWithMode :: Maybe h -> s -> k -> IO (KeyDataMode, KeyData)
- sectionSettings :: Maybe s -> IO Settings
- describeKey :: k -> String
- describeSection :: s -> String
- sectionPWEnvVar :: s -> EnvVar
- data SectionType
- = ST_top
- | ST_signing
- | ST_keys
- data KeyData = KeyData {}
- data KeyDataMode
- type KeyPredicate h s k = Maybe h -> s -> k -> Bool
- data RetrieveDg
- initialise :: Sections h s k => CtxParams -> KeyPredicate h s k -> IO ()
- rotate :: Sections h s k => IC -> KeyPredicate h s k -> IO ()
- rotateIfChanged :: Sections h s k => IC -> KeyPredicate h s k -> IO ()
- rotate_ :: Sections h s k => IC -> Maybe KeyDataMode -> Bool -> KeyPredicate h s k -> IO ()
- retrieve :: Sections h s k => IC -> h -> k -> IO (Retrieve [Key])
- signKeystore :: Sections h s k => IC -> SECTIONS h s k -> IO ByteString
- verifyKeystore :: Sections h s k => IC -> SECTIONS h s k -> ByteString -> IO Bool
- noKeys :: KeyPredicate h s k
- allKeys :: KeyPredicate h s k
- listKeys :: Sections h s k => KeyPredicate h s k -> [(Maybe h, s, k)]
- keyPrededicate :: Sections h s k => Maybe h -> Maybe s -> Maybe k -> KeyPredicate h s k
- keyHelp :: Sections h s k => Maybe k -> Text
- sectionHelp :: Sections h s k => Maybe s -> IO Text
- secretKeySummary :: Sections h s k => IC -> SECTIONS h s k -> IO Text
- publicKeySummary :: Sections h s k => IC -> SECTIONS h s k -> FilePath -> IO Text
- locateKeys :: Sections h s k => IC -> SECTIONS h s k -> Name -> IO [Key]
- keyName :: Sections h s k => h -> k -> Retrieve Name
- keyName_ :: Sections h s k => Maybe h -> s -> k -> Name
- passwordName :: Sections h s k => s -> Name
- mkSection :: Sections h s k => IC -> s -> IO ()
Documentation
class (Code h, Code s, Code k) => Sections h s k | s -> h, k -> h, h -> s, k -> s, s -> k, h -> k where Source #
This class describes the relationship between the host-id, section-id and key-id types used to build a hierarchical deployment model for a keystore. A minimal instance would have to define hostDeploySection. The deploy example program contains a fairly thorough example of this class being used to implement a quite realitic deploymrnt scenario.
:: h | |
-> s | the deployment section: for a given host,
the starting section for locating the keys
during a deployment ( |
:: s | |
-> SectionType | whether the section holds the top key for the keystore (i.e., keystore master key), the signing key for the keystore or is a normal section containing deployment keys |
:: s | |
-> [s] | the sections that get a copy of the master for this section (making all of its keys available to them); N.B., the graph formed by this this relationship over the sections must be acyclic |
:: k | |
-> Maybe (h -> Bool) | if the key is host-indexed then the predicate specifies the hosts that use this key |
:: k | |
-> s | |
-> Bool | specifies which sections a key is resident in |
:: Maybe h | |
-> s | |
-> k | |
-> IO (KeyDataMode, KeyData) | loads the data for a particular key, returning mode |
:: k | |
-> String | describes the key (for the ks help command) |
:: s | |
-> String | describes the section (for the ks help command) |
:: s | |
-> EnvVar | secifies the environment variable containing the ^ master password/provate key for for the given section |
data SectionType Source #
Sections are used to hold the top (master) key for the keystore, its signing key, or deployment keys
Instances
Eq SectionType Source # | |
Defined in Data.KeyStore.Sections (==) :: SectionType -> SectionType -> Bool # (/=) :: SectionType -> SectionType -> Bool # | |
Ord SectionType Source # | |
Defined in Data.KeyStore.Sections compare :: SectionType -> SectionType -> Ordering # (<) :: SectionType -> SectionType -> Bool # (<=) :: SectionType -> SectionType -> Bool # (>) :: SectionType -> SectionType -> Bool # (>=) :: SectionType -> SectionType -> Bool # max :: SectionType -> SectionType -> SectionType # min :: SectionType -> SectionType -> SectionType # | |
Show SectionType Source # | |
Defined in Data.KeyStore.Sections showsPrec :: Int -> SectionType -> ShowS # show :: SectionType -> String # showList :: [SectionType] -> ShowS # |
A key is triple containing some (plain-text) identity information for the key, some comment text and the secret text to be encrypted. Note that the keystore doesn't rely on this information but merely stores it. (They can be empty.) The identity field will often be used to storte the key's identity within the system that generates and uses it, ofor example.
data KeyDataMode Source #
Instances
type KeyPredicate h s k = Maybe h -> s -> k -> Bool Source #
One, many or all of the keys in a store may be rotated at a time. we use one of these to specify which keys are to be rotated.
data RetrieveDg Source #
This type specifies the reasons that an attempt to access a key from the store has failed. This kind of failure suggests an inconsistent model and will be raised regardless of which keys have been stored in the store.
Instances
Eq RetrieveDg Source # | |
Defined in Data.KeyStore.Sections (==) :: RetrieveDg -> RetrieveDg -> Bool # (/=) :: RetrieveDg -> RetrieveDg -> Bool # | |
Ord RetrieveDg Source # | |
Defined in Data.KeyStore.Sections compare :: RetrieveDg -> RetrieveDg -> Ordering # (<) :: RetrieveDg -> RetrieveDg -> Bool # (<=) :: RetrieveDg -> RetrieveDg -> Bool # (>) :: RetrieveDg -> RetrieveDg -> Bool # (>=) :: RetrieveDg -> RetrieveDg -> Bool # max :: RetrieveDg -> RetrieveDg -> RetrieveDg # min :: RetrieveDg -> RetrieveDg -> RetrieveDg # | |
Show RetrieveDg Source # | |
Defined in Data.KeyStore.Sections showsPrec :: Int -> RetrieveDg -> ShowS # show :: RetrieveDg -> String # showList :: [RetrieveDg] -> ShowS # |
initialise :: Sections h s k => CtxParams -> KeyPredicate h s k -> IO () Source #
Here we create the store and rotate in a buch of keys. N.B. All of the section passwords must be bound in the process environment before calling procedure.
rotate :: Sections h s k => IC -> KeyPredicate h s k -> IO () Source #
Rotate in a set of keys specified by the predicate.
rotateIfChanged :: Sections h s k => IC -> KeyPredicate h s k -> IO () Source #
Rotate in a set of keys specified by the predicate, rotating each key only if it has changed: NB the check is contingent on the secret text being accessible; if the secret text is not accessible then the rotation will happen.
rotate_ :: Sections h s k => IC -> Maybe KeyDataMode -> Bool -> KeyPredicate h s k -> IO () Source #
Rotate in a set of keys specified by the predicate with the first argument controlling whether to squash duplicate rotations
retrieve :: Sections h s k => IC -> h -> k -> IO (Retrieve [Key]) Source #
Retrieve the keys for a given host from the store. Note that the whole history for the given key is returned.
Note also that the secret text may not be present if it is not accessible (depnding upon hwich section passwords
are correctly bound in the process environment). Note also that the Retrieve
diagnostic should not fail if a
coherent model has been ddefined for Sections
.
signKeystore :: Sections h s k => IC -> SECTIONS h s k -> IO ByteString Source #
Sign the keystore. (Requites the password for the signing section to be correctly bound in the environment)
verifyKeystore :: Sections h s k => IC -> SECTIONS h s k -> ByteString -> IO Bool Source #
noKeys :: KeyPredicate h s k Source #
A predicate specifying all of the keys in the store.
allKeys :: KeyPredicate h s k Source #
A predicate specifying none of the keys in the keystore.
listKeys :: Sections h s k => KeyPredicate h s k -> [(Maybe h, s, k)] Source #
List all of the keys specified by a KeyPredicate
keyPrededicate :: Sections h s k => Maybe h -> Maybe s -> Maybe k -> KeyPredicate h s k Source #
A utility for specifing a slice of the keys in the store, optionally specifying host section and key that should belong to the slice. (If the host is specified then the resulting predicate will only include host-indexed keys belonging to the given host.)
secretKeySummary :: Sections h s k => IC -> SECTIONS h s k -> IO Text Source #
List a shell script for establishing all of the keys in the environment. NB For this to work the password for the top section (or the passwords for all of the sections must be bound if the store does not maintain a top key).
publicKeySummary :: Sections h s k => IC -> SECTIONS h s k -> FilePath -> IO Text Source #
List a shell script for storing the public signing key for the store.
locateKeys :: Sections h s k => IC -> SECTIONS h s k -> Name -> IO [Key] Source #
List all of the keys that have the given name as their prefix. If the generic name of a key is given then it will list the complete history for the key, the current (or most recent) entry first.
keyName :: Sections h s k => h -> k -> Retrieve Name Source #
Return the generic name for a given key thst is used by the specified host, returning a failure diagnostic if the host does not have such a key on the given Section model.
keyName_ :: Sections h s k => Maybe h -> s -> k -> Name Source #
Basic function for generating a key name from the host (if it is host indexex), section name and key id.
passwordName :: Sections h s k => s -> Name Source #
The name of the key that stores the password for a given sections.