diff options
author | Simo Sorce <simo@redhat.com> | 2015-04-15 17:44:10 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2015-04-15 17:44:10 -0400 |
commit | 974837af648f2fbc80f3468e7a90fca7d11f8e29 (patch) | |
tree | 6c32aaba5ff01649e162a8065d057661dbe285dc /custodia.conf | |
parent | 3ad95956864a8b8727dc3661e208e04b688baf8e (diff) | |
download | custodia-974837af648f2fbc80f3468e7a90fca7d11f8e29.tar.gz custodia-974837af648f2fbc80f3468e7a90fca7d11f8e29.tar.xz custodia-974837af648f2fbc80f3468e7a90fca7d11f8e29.zip |
Add Simple encrypted store.
This uses JWCrypto to encrypt any key stored in the sqlite database
with a master key.
The master key is stored in a file and must be provided by the
configuration.
A sample key and configuration is provided too.
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'custodia.conf')
-rw-r--r-- | custodia.conf | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/custodia.conf b/custodia.conf index 79d7085..013d7e2 100644 --- a/custodia.conf +++ b/custodia.conf @@ -43,3 +43,21 @@ store = tenant1 [/tenant1/secrets] handler = custodia.root.Secrets store = tenant1 + + +# Encstore example +[store:encrypted] +handler = custodia.store.enclite.EncryptedStore +dburi = secrets.db +table = enclite +master_key = ./enclite.sample.key +master_enctype = A128CBC-HS256 + +[authz:encrypted] +handler = custodia.secrets.Namespaces +path = /enc/secrets/ +store = encrypted + +[/enc/secrets] +handler = custodia.root.Secrets +store = encrypted |