Affected by GO-2022-0260 and 1 other vulnerabilities

GO-2022-0260: Privilege escalation to cluster admin on multi-tenant environments in github.com/fluxcd/kustomize-controller

GO-2022-0447: Improper path handling in kustomization files allows path traversal in github.com/fluxcd/flux2

pgp

package

v0.12.2 Latest Latest Go to latest Published: Jun 2, 2021 License: Apache-2.0, MPL-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/fluxcd/kustomize-controller

Links

Open Source Insights

Documentation ¶

Index ¶

type MasterKey
- func NewMasterKeyFromFingerprint(fingerprint, homeDir string) *MasterKey

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type MasterKey ¶

type MasterKey struct {
	Fingerprint  string
	EncryptedKey string
	CreationDate time.Time
	// contains filtered or unexported fields
}

MasterKey is a PGP key used to securely store sops' data key by encrypting it and decrypting it.

Adapted from https://github.com/mozilla/sops/blob/v3.7.0/pgp/keysource.go to be able to control the GPG home directory and have a "contained" environment.

We are unable to drop the dependency on the GPG binary (although we wish!) because the builtin GPG support in Go is limited, it does for example not offer support for FIPS: * https://github.com/golang/go/issues/11658#issuecomment-120448974 * https://github.com/golang/go/issues/45188

func NewMasterKeyFromFingerprint ¶

func NewMasterKeyFromFingerprint(fingerprint, homeDir string) *MasterKey

NewMasterKeyFromFingerprint takes a PGP fingerprint and returns a new MasterKey with that fingerprint.

func (*MasterKey) Decrypt ¶

func (key *MasterKey) Decrypt() ([]byte, error)

Decrypt uses PGP to obtain the data key from the EncryptedKey store in the MasterKey and returns it.

func (*MasterKey) Encrypt ¶

func (key *MasterKey) Encrypt(dataKey []byte) error

Encrypt encrypts the data key with the PGP key with the same fingerprint as the MasterKey. It first looks for PGP public keys in MasterKey.homeDir, and falls back to $GNUPGHOME/pubring.gpg.

func (*MasterKey) EncryptIfNeeded ¶

func (key *MasterKey) EncryptIfNeeded(dataKey []byte) error

EncryptIfNeeded encrypts the data key with PGP only if it's needed, that is, if it hasn't been encrypted already.

func (*MasterKey) EncryptedDataKey ¶

func (key *MasterKey) EncryptedDataKey() []byte

EncryptedDataKey returns the encrypted data key this master key holds.

func (*MasterKey) NeedsRotation ¶

func (key *MasterKey) NeedsRotation() bool

NeedsRotation returns whether the data key needs to be rotated or not.

func (*MasterKey) SetEncryptedDataKey ¶

func (key *MasterKey) SetEncryptedDataKey(enc []byte)

SetEncryptedDataKey sets the encrypted data key for this master key.

func (MasterKey) ToMap ¶

func (key MasterKey) ToMap() map[string]interface{}

ToMap converts the MasterKey into a map for serialization purposes

func (*MasterKey) ToString ¶

func (key *MasterKey) ToString() string

ToString returns the string representation of the key, i.e. its fingerprint.

Source Files ¶

View all Source files

keysource.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL