search

latchset / custodia

An API to manage secrets storage and retrieval
GNU General Public License v3.0
85 stars 27 forks source link

Add secret_protection option to encgen driver #215

Closed raildo closed 7 years ago

raildo commented 7 years ago

This option adds the key name into the protected header of the JWE token used to encryp secrets. This allows Custodia to verify that the database was not tampered with (e.g. secrets swapped between keys).

If enabled this option will cause exception when pre-existing keys generated without the protected header are looked up. however turning off this option will not cause failures.

Signed-off-by: Simo Sorce simo@redhat.com Signed-off-by: Raildo Mascena rmascena@redhat.com

codecov-io commented 7 years ago

Codecov Report

Merging #215 into master will increase coverage by 0.12%. The diff coverage is 82.85%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #215      +/-   ##
==========================================
+ Coverage   69.82%   69.94%   +0.12%     
==========================================
  Files          31       31              
  Lines        3201     3234      +33     
  Branches      347      352       +5     
==========================================
+ Hits         2235     2262      +27     
- Misses        847      851       +4     
- Partials      119      121       +2
Impacted Files Coverage Δ
tests/test_custodia.py 95% <100%> (+0.01%) :arrow_up:
tests/test_store.py 100% <100%> (ø) :arrow_up:
src/custodia/store/encgen.py 82.81% <62.5%> (-7.19%) :arrow_down:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update d32113a...e61278c. Read the comment docs.