Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
id
keystore
Commits
26a3d5dc
Commit
26a3d5dc
authored
Dec 09, 2017
by
ale
Browse files
Add a README with the API description
parent
c05eedc7
Changes
1
Hide whitespace changes
Inline
Side-by-side
README.md
0 → 100644
View file @
26a3d5dc
keystore
========
KeyStore holds
*unencrypted*
secrets on behalf of users in memory for
a short time (of the order of a SSO session lifespan). User secrets
can be
*opened*
with a password (used to decrypt the key, which is
stored encrypted in a database),
*queried*
by presenting a suitable
authentication token, and
*closed*
(wiped and forgotten).
The database can provide multiple versions of the encrypted key (to
support multiple decryption passwords), in which case we'll try
them all sequentially until one of them decrypts successfully with
the provided password.
In order to query the KeyStore, you need to present a valid SSO
token for the user whose secrets you would like to obtain.
# API
The server exports an API over HTTP/HTTPS. All requests should be made
using the POST method and a Content-Type of
*application/json*
. The
request body should contain a JSON-encoded object. Responses will be
similarly JSON-encoded.
`/api/open`
(
*OpenRequest*
)
Retrieve the encrypted key for a user, decrypt it with the provided
password, and store it in memory.
OpenRequest is an object with the
following attributes:
*
`username`
*
`password`
to decrypt the user's key with
*
`ttl`
(seconds) time after which the credentials are automatically
forgotten
`/api/get`
(
*GetRequest*
) ->
*GetResponse*
Retrieve the key for a user. GetRequest must contain the following
attributes:
*
`username`
whose key you wish to retrieve
*
`sso_ticket`
with a valid SSO ticket for the
*keystore*
service
If the request is successfully authenticated, GetResponse will contain
a single attribute
*key*
.
`/api/close`
(
*CloseRequest*
)
Forget the key for a given user.
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment