Add Simple encrypted store.

This uses JWCrypto to encrypt any key stored in the sqlite database with a master key. The master key is stored in a file and must be provided by the configuration. A sample key and configuration is provided too. Signed-off-by: Simo Sorce <simo@redhat.com>
author: Simo Sorce <simo@redhat.com> 2015-04-15 17:44:10 -0400
committer: Simo Sorce <simo@redhat.com> 2015-04-15 17:44:10 -0400
commit: 974837af648f2fbc80f3468e7a90fca7d11f8e29 (patch)
tree: 6c32aaba5ff01649e162a8065d057661dbe285dc /custodia.conf
parent: 3ad95956864a8b8727dc3661e208e04b688baf8e (diff)
download: custodia-974837af648f2fbc80f3468e7a90fca7d11f8e29.tar.gz
custodia-974837af648f2fbc80f3468e7a90fca7d11f8e29.tar.xz
custodia-974837af648f2fbc80f3468e7a90fca7d11f8e29.zip
1 files changed, 18 insertions, 0 deletions
diff --git a/custodia.conf b/custodia.conf
index 79d7085..013d7e2 100644
--- a/custodia.conf
+++ b/custodia.conf
@@ -43,3 +43,21 @@ store = tenant1
 [/tenant1/secrets]
 handler = custodia.root.Secrets
 store = tenant1
+
+
+# Encstore example
+[store:encrypted]
+handler = custodia.store.enclite.EncryptedStore
+dburi = secrets.db
+table = enclite
+master_key = ./enclite.sample.key
+master_enctype = A128CBC-HS256
+
+[authz:encrypted]
+handler = custodia.secrets.Namespaces
+path = /enc/secrets/
+store = encrypted
+
+[/enc/secrets]
+handler = custodia.root.Secrets
+store = encrypted
author	Simo Sorce <simo@redhat.com>	2015-04-15 17:44:10 -0400
committer	Simo Sorce <simo@redhat.com>	2015-04-15 17:44:10 -0400
commit	974837af648f2fbc80f3468e7a90fca7d11f8e29 (patch)
tree	6c32aaba5ff01649e162a8065d057661dbe285dc /custodia.conf
parent	3ad95956864a8b8727dc3661e208e04b688baf8e (diff)
download	custodia-974837af648f2fbc80f3468e7a90fca7d11f8e29.tar.gz custodia-974837af648f2fbc80f3468e7a90fca7d11f8e29.tar.xz custodia-974837af648f2fbc80f3468e7a90fca7d11f8e29.zip