C0ffeeCode/rvault
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity

+ cargo fmt

Browse source 
+ zeroize secret
This commit is contained in:
sam 2024-06-02 14:20:00 -07:00
parent 6bc9bbbf50
commit ee8f6d8e65
4 changed files with 31 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Cargo.toml
View file

@ -6,7 +6,7 @@ edition = "2021"
[dependencies] [dependencies]
log = "0.4.21" log = "0.4.21"
env_logger = "0.11.3" env_logger = "0.11.3"
zeroize = { version = "1.7.0", features = ["zeroize_derive"] } zeroize = { version = "1.7.0", features = ["derive"]}
chrono = { version = "0.4.38", features = ["serde"] } chrono = { version = "0.4.38", features = ["serde"] }
tokio = { version = "1.37.0", features = ["full"] } tokio = { version = "1.37.0", features = ["full"] }
tower = { version = "0.4.13", features = [] } tower = { version = "0.4.13", features = [] }

7
src/engines/kv.rs
View file

@ -116,9 +116,12 @@ async fn post_data(
); );
let mut highest_num = 0; let mut highest_num = 0;
match sqlx::query("SELECT version_number FROM secret_versions WHERE secret_path = $1").bind (&path).fetch_all(&pool).await{ match sqlx::query("SELECT version_number FROM secret_versions WHERE secret_path = $1")
.bind(&path)
.fetch_all(&pool)
.await
{
Ok(v) => { Ok(v) => {
for curr_ver in v { for curr_ver in v {
let curr_num = curr_ver.get("version_number"); let curr_num = curr_ver.get("version_number");
if highest_num < curr_num { if highest_num < curr_num {

5
src/engines/kv/db_structs.rs
View file

@ -2,15 +2,13 @@ use chrono::{DateTime, Utc};
use serde::Serialize; use serde::Serialize;
use sqlx::FromRow; use sqlx::FromRow;
#[derive(FromRow)] #[derive(FromRow, Debug)]
#[derive(Debug)]
pub struct DbSecretMeta { pub struct DbSecretMeta {
pub secret_path: String, pub secret_path: String,
pub cas_required: bool, pub cas_required: bool,
pub created_time: DateTime<Utc>, pub created_time: DateTime<Utc>,
// Consider implementation of duration type for further development: // Consider implementation of duration type for further development:
// https://developer.hashicorp.com/vault/docs/concepts/duration-format // https://developer.hashicorp.com/vault/docs/concepts/duration-format
/// In Hashicorp: /// In Hashicorp:
/// If not set, the backend's configured delete_version_after is used. /// If not set, the backend's configured delete_version_after is used.
/// Cannot be greater than the backend's delete_version_after /// Cannot be greater than the backend's delete_version_after
@ -24,7 +22,6 @@ pub struct DbSecretMeta {
pub max_versions: i64, pub max_versions: i64,
pub updated_time: DateTime<Utc>, pub updated_time: DateTime<Utc>,
/// User-provided key-value pairs that are used to describe arbitrary and version-agnostic information about a secret. /// User-provided key-value pairs that are used to describe arbitrary and version-agnostic information about a secret.
pub custom_data: Option<String>, pub custom_data: Option<String>,
} }

16
src/engines/kv/http_structs.rs
View file

@ -6,12 +6,14 @@ use axum::{
use chrono::{DateTime, Utc}; use chrono::{DateTime, Utc};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use std::collections::HashMap; use std::collections::HashMap;
use zeroize::Zeroize;
pub type KvSecretData = HashMap<String, String>; pub type KvSecretData = HashMap<String, String>;
// This file contains structures for serializing HTTP Responses (Res) and deserializing Requests (Req) for the KV engine // This file contains structures for serializing HTTP Responses (Res) and deserializing Requests (Req) for the KV engine
#[derive(Deserialize, Debug)] #[derive(Deserialize, Debug)]
// #[zeroize(drop)]
/// HTTP Request to create or update a secret /// HTTP Request to create or update a secret
pub struct KvSecretReq { pub struct KvSecretReq {
/// Map (required) /// Map (required)
@ -23,6 +25,20 @@ pub struct KvSecretReq {
// pub version: Option<i64>, // pub version: Option<i64>,
} }
impl Zeroize for KvSecretReq {
fn zeroize(&mut self) {
// Zero out each field individually
self.data = HashMap::new();
self.options = None;
}
}
impl Drop for KvSecretReq {
fn drop(&mut self) {
self.zeroize();
}
}
#[derive(Serialize, Debug)] #[derive(Serialize, Debug)]
/// HTTP Response to creating or updating a secret /// HTTP Response to creating or updating a secret
/// Contained by [`KvSecretRes`] /// Contained by [`KvSecretRes`]