Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Hashicorp Vault to store Tessera keys #565

Merged
merged 61 commits into from Dec 17, 2018
Merged

Add support for Hashicorp Vault to store Tessera keys #565

merged 61 commits into from Dec 17, 2018

Conversation

chris-j-h
Copy link
Collaborator

@chris-j-h chris-j-h commented Dec 5, 2018
edited
Loading

Add Hashicorp Vault to supported key vaults that can be used with Tessera. Features include:

  • Store generated public/private key pairs in a Vault configured with a version 2 k/v secret engine
  • Retrieve public/private key pairs and previous versions of key pair from a pre-configured Vault
  • TLS communication between Tessera and the Vault server is supported. Non-TLS communication is also allowed for development/test purposes
  • Vault config can be provided in configfile, and the corresponding CLI options have been added to provide this information for key generation
  • GetSecretData and SetSecretData added as arguments for the KeyVaultService methods. This allows for the same method signatures to be used in the Hashicorp and Azure implementations despite each provider's different interpretation of what constitutes a secret

@chris-j-h
Add initial service and config to interact with Hashicorp Vault
7ffaee1
@chris-j-h
Add Hashicorp config to KeyConfiguration object
770eb14
@chris-j-h
Add factory to create hashicorp service using the token auth method
44089b2
@chris-j-h
Read Hashicorp key data from config and marshall to new key pair type
8e558f1
@chris-j-h
Add tests for Hashicorp Service and ServiceFactory
f82ba26
@chris-j-h
Add tests for Hashicorp vault config additions
7375b4d
@chris-j-h
Update validation to cover incomplete Hashicorp keydata
5bf1b9a
@chris-j-h
Add validation to require Hashicorp config if providing Hashicorp keys
d54a432
@chris-j-h
Add logic to KeyPairConverter for Hashicorp key pair types
35b09a1
@chris-j-h
Add vault config validation tests and update other tests
e37f6d9
@chris-j-h
Add ability to save generated keys in a Hashicorp Vault
7bae62b
@chris-j-h
Provide more descriptive message if error encountered writing secret
d677855
@chris-j-h
Add test for changes made to key generator factory
832f062
@chris-j-h
Change Vault SDK used and add support for TLS comms w/ Vault
382139a 
Switch to use vault-java-driver instead of spring-vault-core
Add config item for TLS certificate path
@chris-j-h
Support TLS for keygen by adding certificate CLI option
699ed56
@chris-j-h
Remove spring-vault-core implementation
d20d526
@chris-j-h
Remove spring-vault-core-implementation
5f459b5
@chris-j-h
Introduce custom objects for parameters of the KeyVaultService methods
169f9e0
@chris-j-h
Add tests for Hashicorp data, exception and service classes
346513e
@chris-j-h
Start writing tests for Hashicorp vault-java-driver service
55c76bc
@chris-j-h
Move Vault client creation into new class to facilitate testing
a67b4d9
@chris-j-h
Add tests for new Hashicorp config factory classes
4e7a4ac
@chris-j-h
Begin migration to KeyVaultService methods using SecretData types
3ee62ea
@chris-j-h
Add GetSecretData & VaultClient factories for use in KeyPairConverter
c681778
@chris-j-h
Migrate keygeneration code to use SetSecretData types
b6654af
@chris-j-h
Move SecretData objects to config package so can be used across the app
a2733da
@chris-j-h
Clean up no longer needed classes and methods
535851c
@chris-j-h
Improve TLS support to mutual authentication
7e035d8
@chris-j-h
Add support for non-default approle auth method paths
444b8a9
@chris-j-h
Update tests for key generation and key pair converter
2750dac
prd-fox
prd-fox previously approved these changes Dec 6, 2018
View reviewed changes
melowe
melowe previously approved these changes Dec 6, 2018
View reviewed changes
@namtruong namtruong dismissed stale reviews from melowe and prd-fox via 97690f6 December 7, 2018 11:41
namtruong
namtruong previously approved these changes Dec 7, 2018
View reviewed changes
@chris-j-h
Split Hashicorp secretPath into 2 params and use keystores in config
0e8da5e 
Update tests and usages in config package
Use empty constructor w/ setters instead of multi-arg constructor
@chris-j-h
[WIP] Change client library and update ServiceFactory
9d66a0d
@chris-j-h
[WIP] Use separate SecretData properties for secretengine and secretname
bcc2ca3
@chris-j-h
[WIP] Update KeyVaultService to use new client and SecretData types
8e0287d
@chris-j-h
[WIP] Create KeyValueOperationsDelegate to aid testing
c081674
@chris-j-h
[WIP] Remove KeyVaultClientFactory class as no longer in use
3310e7e
@chris-j-h
Add keygen CLI options for keystores and secret engine name
b588955
@chris-j-h
Remove unnecessary classes and fix tests broken after previous changes
2459912
@chris-j-h
Allow previous versions of a Hashicorp secret to be retrieved from Vault
bb7a507
@chris-j-h
Add vault dependencies to dep mgmt and minor changes/tests
64c4523
@chris-j-h
Copy link
Collaborator Author

Changes have been made to support v2 of the k/v secrets engine (i.e. versioning of secrets and retrieval of previous versions of a secret)

@Krish1979 Krish1979 merged commit 08fa1bb into Consensys:master Dec 17, 2018
@Krish1979 Krish1979 deleted the feature/hashicorp-vault-support branch December 17, 2018 18:53
@chris-j-h chris-j-h mentioned this pull request Dec 21, 2018
Closed
@prd-fox prd-fox added 0.8 and removed review labels Jan 2, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@melowe melowe melowe approved these changes

@prd-fox prd-fox prd-fox approved these changes

@namtruong namtruong namtruong left review comments

@SatpalSandhu61 SatpalSandhu61 Awaiting requested review from SatpalSandhu61

@nicolae-leonte-go nicolae-leonte-go Awaiting requested review from nicolae-leonte-go

Assignees
No one assigned
Labels
0.8
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@chris-j-h @codecov-io @melowe @namtruong @prd-fox @Krish1979