Skip to content

Instantly share code, notes, and snippets.

@perifer

perifer/gist:5488903

Last active December 16, 2015 19:59
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save perifer/5488903 to your computer and use it in GitHub Desktop.
Save perifer/5488903 to your computer and use it in GitHub Desktop.
Download ZIP
go keys
Raw
gistfile1.md

go keys

security feautures

Each client holds a secret. The secret is used as passphrase for the keys (or only one key?) on the master.

The secret is also used to create a hmac that validates that the data stored in db.json has not been tampered with. This is done by created an hmac of the data in db.json and the secret. The hmac is saved in db.json alongside with the data. Next requset to the server from a client the hmac is recreated and matched against the stored hmac to verify that the data is not changed.

Implementation

Client communicates with server using json. Json consists of actions to take, arguments to the action and the secret.

Server is written in node.js to asynchronously push keys

Client can be written in anything - fabric to be able to use keyring library to store secret in keychain? Also see https://npmjs.org/package/keychain (both uses /usr/bin/security)

https://github.com/visionmedia/commander.js seems cool

go keys server

go keys server add NAME --user SERVER_USER --hostname HOSTNAME --url SERVER_URL --tags "TAG1,TAG2,TAG3" --repo REPO_URL --description "A DESCRIPTION" (other options)

--tags: coma or space seperated

go keys server edit (same options as add)

go keys server remove NAME

go keys server rename OLDNAME NEWNAME

go keys server show NAME or go keys server NAME

go keys server list or go keys server

go keys server add-user SERVERNAME USERNAME

go keys server remove-user SERVERNAME USERNAME

go keys user

go keys user add USERNAME --full-name "Anders Fajerson" --github-username "perifer" --public-key ~/.ssh/id_rsa.pub

either --github-username or --public-key has to be provided. If only --github-username is   provided https://github.com/perifer.keys will be used.

go keys user edit USERNAME (same options as add)

if github-username or public-key was edited, update the public key on all users servers. See    push-keys

go keys user push-keys USERNAME force update public key on all users servers. Used when e.g github public key has changed.

go keys user rename OLDNAME NEWNAME

go keys user remove USERNAME

this will remove the users public key from all the users servers

go keys user show USERNAME or go keys user USERNAME

show info and servers for user.

go keys user list or go keys user

list all users
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment