mozilla
/
sops
зеркало из https://github.com/getsops/sops.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
588 коммитов 8 Ветки 35 Теги 176 MiB
Граф коммитов

79 Коммитов

Автор SHA1 Сообщение Дата
Adrian Utrilla 8541e26f7a
Fix data key retrieval bug with 1 key group 
This happened when there's multiple master keys inside a single key
group. SOPS would decrypt the data key with every single key in the
group, when only one is needed. This meant that multiple "parts" are
found, so because SOPS encountered != 1 part without using Shamir, it
errored out.
 2017-09-11 10:14:41 -07:00
Adrian Utrilla a7b2fbf8a7
Fix error messages 
Fixed typo
Changed 'sops branch' to 'sops metadata'
 2017-08-29 13:22:00 -07:00
Adrian Utrilla 4f4968f32e
Make GroupQuorum an int 2017-08-29 13:21:34 -07:00
Adrian Utrilla eb00619d0d
Make Metadata.ShamirQuorum an uint 
The quorum should never be negative.
 2017-08-29 12:59:50 -07:00
Adrian Utrilla a9582158d2
Revert UnmarshalMetadata returning pointer 2017-08-29 12:16:00 -07:00
Adrian Utrilla b6b976d337
Only error if no keyservice can update the masterkey 2017-08-24 17:39:19 -07:00
Adrian Utrilla b5224ae2d6
Reimplement --add/rm-pgp/kms 2017-08-24 15:47:53 -07:00
Adrian Utrilla 9e0da47372
Clean up encrypt and decrypt commands 2017-08-24 12:04:28 -07:00
Adrian Utrilla ebda335bf3
Package stability comment 2017-08-23 17:15:34 -07:00
Adrian Utrilla 13b70024d0
Refactor metadata marshalling 
**IMPORTANT** This breaks compatibility of the file format in 1.x for
json files, due to the version being encoded as a number in json files.
The fix for this is easy, however. One can either use a previous version
of sops in the range [2.0.0, 2.0.9] to edit the file, or one can manually edit
the encrypted file and change the version from a number to a string

Previously we basically hand-converted the metadata struct into a map
which we then passed to the stores. Now, we convert the metadata struct
to a "serialization" struct, which the stores serialize
 2017-08-23 17:10:39 -07:00
Adrian Utrilla 05e3962be6
Cache data key 2017-08-23 11:19:24 -07:00
Adrian Utrilla 48ee4bff63
First step towards keygroups 2017-08-23 11:06:47 -07:00
Adrian Utrilla 2c2c1a8b8c
Remove unused UpdateMasterKeysIfNeeded functions 2017-08-22 16:35:32 -07:00
Adrian Utrilla 44b26690c2
Merge remote-tracking branch 'origin/shamir' into remote-keys-shamir 
Shamir tests do not pass due to KeyService not knowing about the fake
MasterKey used by the tests
 2017-08-22 15:39:24 -07:00
Adrian Utrilla 2e21f57c31
Make UpdateMasterKeysIfNeeded use the key service 2017-08-17 16:14:42 -07:00
Adrian Utrilla 99f5a1d883
Make cmd/sops use KeyService 2017-08-17 11:32:04 -07:00
Adrian Utrilla 10dd9b5441
Use KeyService for all encrypt and decrypt operations 2017-08-17 11:32:04 -07:00
Adrian Utrilla 745a0631ba
Move MasterKey to separate package to avoid import cycles 2017-08-17 11:32:04 -07:00
Adrian Utrilla 2c30afdc5a
Added functional tests for shamir secret sharing 2017-05-26 22:29:57 +02:00
Adrian Utrilla daebfa74e0
Address review comments, missing functional tests 2017-05-26 20:40:11 +02:00
Adrian Utrilla cc042aaa96
Make shamir quorum configurable by the user 2017-05-26 11:17:43 +02:00
Adrian Utrilla 1d089e3752
Added shamir flag to cmd 2017-05-26 11:16:53 +02:00
Adrian Utrilla fae5e3c0f2
Add shamir dependency 2017-05-25 17:57:51 +02:00
Adrian Utrilla 533bc804c0
Added shamir secret sharing to the sops library 2017-05-25 15:34:47 +02:00
Andy Freeland 89e75471cc Fix KMS encryption context for backwards compatibility with SOPS 1.x 
In SOPS 1.x, KMS encryption context was stored as a JSON object, but
SOPS 2.0 stored it as a comma-separated list of key/value pairs:

```
$ jq '.sops.kms | .[].context' encrypted-python
{
  "a": "b",
  "c": "d"
}
> jq '.sops.kms | .[].context' encrypted-go
"a:b,c:d"
```

The two outputs are incompatible with each other and caused a stack
trace when reading files encrypted with SOPS 1.x.

This patch restores read and output compatibility with SOPS 1.x.

Fixes #190.
 2017-03-22 09:59:51 -07:00
Adrian Utrilla d4f24964e6
Merge branch 'issue-195' of github.com:mozilla/sops into issue-195 2017-03-13 15:32:05 +01:00
Adrian Utrilla 2ea0d4579e
Improved MAC mismatch error message when the file has no MAC 2017-03-13 15:27:16 +01:00
Julien Vehent [:ulfr] 60ea6050f5 Merge branch 'master' into issue-195 2017-03-13 09:49:00 -04:00
Adrian Utrilla f3f7cc8c60
Error whenever a non-string key is found in the tree. 2017-02-07 21:19:35 +01:00
Adrian Utrilla dd0a890e86
Added warning message whenever a file without a MAC is found. 2017-02-07 21:16:17 +01:00
Adrian Utrilla 3cdf659887
Refactored metadata unmarshaling to be store-agnostic. 2017-02-05 17:18:33 +01:00
Julien Vehent 6d21579a54
Add sops package doc 2017-01-22 11:15:17 -05:00
Julien Vehent [:ulfr] e4dfb23a0b Merge branch 'master' into issue-172 2016-11-19 09:57:52 -05:00
Julien Vehent [:ulfr] 7d1b85993f Merge branch 'master' into issue-174 2016-11-19 09:48:40 -05:00
Adrian Utrilla daaedcb19f
Better error message when unable to retrieve data key 
Fixes #176
 2016-11-19 03:00:02 +01:00
Adrian Utrilla 17625efd7d
Allow --set to add keys to maps 
Fixes #172
 2016-11-18 15:17:54 +01:00
Adrian Utrilla dfc5acf0d8
Marshal extracted values with the corresponding store 2016-11-18 14:55:17 +01:00
Adrian Utrilla 3535b3f4dc
Add --set flag 2016-11-03 18:34:59 +01:00
Adrian Utrilla f2ba024239
Extracted a few methods 2016-11-02 15:03:29 +01:00
Adrian Utrilla ba03ae1853
Fix removing items from slice while iterating 2016-11-01 16:08:33 +01:00
Adrian Utrilla d265e985ef
Merge branch 'go-sops' into exit-if-cant-encrypt 2016-11-01 15:12:04 +01:00
Adrian Utrilla b1d7fdcede
Exit if there's errors encrypting the data key 
Fixes #146
 2016-11-01 15:08:04 +01:00
Julien Vehent [:ulfr] 520eab6b9a Fix bug when KMS ARN are in multiple regions (#149) 
* Don't reuse KMS service between master keys

* Improve error handling in cmd

* Fix KMS service initialization issue with mocking
 2016-11-01 14:15:20 +01:00
Julien Vehent 016b28980f
Display more information when adding PGP/KMS master keys 2016-10-31 17:08:13 -04:00
Adrian Utrilla 3fa7cc43f1
Add KMS encryption context support 
Fixes #93
 2016-10-31 16:56:14 +01:00
Jeremiah Orem 76f4ae8db0 return lists of pointers to avoid repackaging 2016-10-28 10:04:18 -07:00
Jeremiah Orem 1d4b085f60 sops: fix reused pointer 2016-10-28 09:40:43 -07:00
Adrian Utrilla 9fff8de79c
Warn when a master key fails to encrypt the data key 2016-10-27 23:35:16 +02:00
Adrian Utrilla 71d4a3cfd2
Added go.mozilla.org imports 
Fixes #122
 2016-10-27 18:09:19 +02:00
Adrian Utrilla 8c2baa449a
Convert yaml comments to generic comments 2016-10-26 16:57:00 +02:00