Closed ljagiello closed 6 years ago
I'm a bit concerned about this. Unless I'm reading it wrong, it seems that this model is making the assumption a single user holds multiple keys (whether they be GPG encrypted or in plaintext). This begs the question: How are you using vault in this model? Is it a single user with ALL the vault keys, or does each user get multiple keys and they have to provide several?
Hi @jaxxstorm
Thanks for your questions. Single user may or may not holds all keys. My PR add an option for multiple keys but it is not required to provide all keys (I think my example was a bit misleading).
Few scenarios I saw so far:
Overall it's a matter what is your threat model, it might be important to provide all necessary tools to Ops person so he/she can react on incident without another key holder.
Okay, that makes sense. I'll merge this and then release in a major version, as the config file format changes. Thanks for the contribution!
This PR introduce support for multiple keys. The config structure is a bit different now:
Where each
key
line provides a single key (gpg or plain text)Example:
Tested scenarios:
This PR fix https://github.com/jaxxstorm/hookpick/issues/18