search

jaxxstorm / hookpick

A tool to manage some operational concepts of Hashicorp Vault
MIT License
84 stars 14 forks source link

Support for multiple keys #19

Closed ljagiello closed 6 years ago

ljagiello commented 6 years ago

This PR introduce support for multiple keys. The config structure is a bit different now:

  keys:
  - key: <key1>
  - key: <key2>

Where each key line provides a single key (gpg or plain text)

Example:

gpg: false
datacenters:
- hosts:
  - name: vault1.test
    port: 8200
  - name: vault2.test
    port: 8200
  - name: vault3.test
    port: 8200
  keys:
  - key: oJLvra8jHVbrjgSvudT9L2N8H9hz5TQ3lCXfclCQDLqm
  - key: h4jg+tSLI2L9RctbrbFC/JJTwkMBStFjMkHv5qso2I9D
  - key: IQXWLnEkBmNIP1D35Xir9iwsDQKOCie5WHsPkTEuPX21
  - key: Pp9lCx93AkzgZu7Vs2svy5bm/BhKP8sdxxfHOKDMZi1Z
  - key: 15kWjOLypUDdaABE/nCvs9/UzzlUEs/SCTQrakLkthld
  name: dc

Tested scenarios:

This PR fix https://github.com/jaxxstorm/hookpick/issues/18

jaxxstorm commented 6 years ago

I'm a bit concerned about this. Unless I'm reading it wrong, it seems that this model is making the assumption a single user holds multiple keys (whether they be GPG encrypted or in plaintext). This begs the question: How are you using vault in this model? Is it a single user with ALL the vault keys, or does each user get multiple keys and they have to provide several?

ljagiello commented 6 years ago

Hi @jaxxstorm

Thanks for your questions. Single user may or may not holds all keys. My PR add an option for multiple keys but it is not required to provide all keys (I think my example was a bit misleading).

Few scenarios I saw so far:

Overall it's a matter what is your threat model, it might be important to provide all necessary tools to Ops person so he/she can react on incident without another key holder.

jaxxstorm commented 6 years ago

Okay, that makes sense. I'll merge this and then release in a major version, as the config file format changes. Thanks for the contribution!