packages feed

Cabal revisions of keystore-0.8.0.2

Hackage metadata revisions edit the .cabal file after upload; each diff below is one revision.

revision 1
-Name:                   keystore-Version:                0.8.0.2-Synopsis:               Managing stores of secret things-Homepage:               http://github.com/cdornan/keystore-Author:                 Chris Dornan-Maintainer:             chris@chrisdornan.com-Copyright:              Chris Dornan-License:                BSD3-License-file:           LICENSE-Category:               Cryptography-Build-type:             Simple-Description:-  Writing deployment scripts is a critical yet error-prone activity which we-  would rather do in Haskell. One of the most difficult aspect of deployment-  scripts is the management of credentials: they cannot be stored in the-  VCS like almost everything else, but need to be organised and accessed-  while under lock and key. This is the problem that keystore is trying to solve:-  flexible, secure and well-typed deployment scripts.-  .-  /All Haskell/-  .-  This package is written purely in Haskell and all of the cryptographic packages-  it relies upon are written in Haskell.-  .-  /JSON Format/-  .-  It stores everything in a JSON format that has proven to be stable. We can can-  use <http://hackage.haskell.org/package/api-tools migrations> in future-  should the store need to be reorganized.-  .-  /Simple and Flexible Underlying Model/-  .-  * /Named Keys/: every key has an name within the store that is associated-  with some secret data. If the secret data for that key is to be stored then-  it must identify another key in the store that will be used to encrypt the-  data. (Some keys -- the passwords -- will typically be auto-loaded from-  environment variables.)-  * *Functional model*: keys can be deleted and added again but the design-  encourages the retention of the history. The old keys remain available-  but deployment scripts will naturally select the latest version of a key.-  When a key is rotated this merely loads a new generation for the rotated-  key.-  .-  * /Simple Metadata/: oher information, such as the identity of the key-  with its originating system (e.g., the identifier of an AWS IAM key)-  and some arbitrary textual information (the 'comment') may be associated-  with a key and accessible without recourse to the key or password needed-  to access the secret information.-  .-  * /PKS/: the seret may be a RSA provate key with the public key stored-  separately in the cler.-  * *MFA*: a secret may be protected with multiple named keys, all of which-  will be needed to recover the secret text.-  .-  * /Hashing/: all keys can be hashed with an appropriate PBKDF-2 function-  and the hashes stored in the clear. These hashes may be sued to verify-  passwords but also can be inserted directly into configuration files-  for deployment. Precise control of the PBKDF-2 hash paramers is-  avaiable.-  .-  * /Hierarchical Organization/: keys can be stored in different sections-  with each key being protected by a master key for that section. Sections-  can be configured to store the master keys of other sections thereby-  gaining acces to all of the keys in those sections and the keys they-  have access to.-  .-  * /Systems Integration/: keys can automatically loaded from Environment-  variables. Typically a keystore session will start by settingb up an-  environment variable for the deployment section corresponding for-  the node that you need to deploy to. This will provide access to-  precisely the keys whose secrets you need to carry out the deployment-   and no more. It only needs access to the hashes of admin keys then they-  can be placed in separate higher-level @admin@ sections. Provided care-  is taken preparing the environment you will not deploy to the wrong host-  (e.g., a live server rather than a staging server, or the wrong live-  server) because those keys will not be accessible.-  .-  * /Configuration Control/: the parameters controling the encryption and-  hashing functions can be set up independently in each section of the-  store, allowing for heavier hashing to be used on live servers and-  light hashing to be used on development and staging servers where-  authentication needs to be quick.-  .-  * /Keystore Integrity/: the keystore can be signed and every operation-  made to check that the keystore matches its signature (and the public-  signing key matches an independent copy on the client).-  .-  * /External Crypto Operations/: keys in the keystore can be used to sign-  or encrypt external obejcts (provided they can be loaded into memory).-  .-  /The Layers/-  .-  The keystore package has several layers. Most users-  will probably need only the top "batteries-included" layer:-  .-  * @Data.KeyStore.Sections@: this provides a high-level model that allows-  a flexible hierarchical keystore to be set up relatively easily.-  See the 'deploy' example for details.-  .-  * @Data.KeyStore.CLI@ : This provides a stanalone program for inspecting-  and editing your keystores. It can also be embedded into your own-  deployment app. See the @deploy@ example for details.-  .-  * @Data.KeyStore.PasswordManager@ provides a password manager which each-  user can use to setup their own local password store for holding the-  deployment passwords and session tokens used to autheticate the server.-  .-  * @Data.KeyStore.IO@: this library provides general programatic access to-  a keystore through @IO@ primitives. See the source code for the @Sections@-  for an example of this module in use.-  .-  * @Data.KeyStore.KS@: this library provides general programatic access to-  a keystore through functional @KS@ primitives. See the source code for-  the @IO@ for an exteded example this system in action.-  .-  * @Data.KeyStore.Types@: This provides access to keystores at the types-  level.-  .-  /Launch Instructions/-  .-  See the bottom <https://github.com/cdornan/keystore#launch-instructions README>-  on GitHub home page for launch instructions for the deploy example.-Data-files:-    keystore.manifest-    keystore783.manifest-    examples/deploy/zshenv/.zshrc-    examples/deploy/example-pwstore.dat---Extra-source-files:     changelog-Cabal-version:          >= 1.14--Source-repository head-    type:               git-    location:           https://github.com/cdornan/keystore--flag hpc-    default: False--flag stacktrace-    default: False--Library-    Hs-Source-Dirs:     src--    Exposed-modules:-        Data.KeyStore-        Data.KeyStore.CLI-        Data.KeyStore.CLI.Command-        Data.KeyStore.IO-        Data.KeyStore.IO.IC-        Data.KeyStore.KS-        Data.KeyStore.KS.Configuration-        Data.KeyStore.KS.CPRNG-        Data.KeyStore.KS.Crypto-        Data.KeyStore.KS.KS-        Data.KeyStore.KS.Opt-        Data.KeyStore.KS.Packet-        Data.KeyStore.PasswordManager-        Data.KeyStore.Sections-        Data.KeyStore.Types-        Data.KeyStore.Types.E-        Data.KeyStore.Types.NameAndSafeguard-        Data.KeyStore.Types.PasswordStoreModel-        Data.KeyStore.Types.PasswordStoreSchema-        Data.KeyStore.Types.Schema-        Data.KeyStore.Version--    Build-depends:-        api-tools              >= 0.4               ,-        asn1-types             >= 0.2.0             ,-        asn1-encoding          >= 0.8.0             ,-        ansi-wl-pprint         >= 0.6.7             ,-        crypto-pubkey          >= 0.2.1             ,-        crypto-random          >= 0.0.7             ,-        aeson                  >= 0.6.2             ,-        aeson-pretty           >= 0.7               ,-        base                   >= 4                 ,-        base64-bytestring      >= 1.0               ,-        byteable               >= 0.1               ,-        bytestring             >= 0.9               ,-        cipher-aes             >= 0.2.6             ,-        containers             >= 0.4               ,-        directory              >= 1.2               ,-        filepath               >= 1.3               ,-        lens                   >= 3.9.2             ,-        mtl                    >= 2                 ,-        old-locale             >= 1.0.0.5           ,-        optparse-applicative   >= 0.11.0   && <0.14 ,-        pbkdf                  >= 1.1.1.0           ,-        regex-compat-tdfa      >= 0.95.1            ,-        safe                   >= 0.3.3             ,-        setenv                 >= 0.1               ,-        text                   >= 0.11.3            ,-        time                   >= 1.4               ,-        unordered-containers   >= 0.2.3.0           ,-        vector                 >= 0.10.0.1--    Default-Language:   Haskell2010--    GHC-Options:-        -Wall -fno-warn-warnings-deprecations---Executable ks-    Hs-Source-Dirs:     main--    Main-is:            ks.hs--    Default-Language:   Haskell2010--    Build-depends:-        base                   >  4 && < 5          ,-        keystore--    GHC-Options:-        -Wall -fno-warn-warnings-deprecations--Executable deploy-    Hs-Source-Dirs:     examples/deploy--    Main-is: deploy.hs--    Default-Language:   Haskell2010--    Other-modules:-        Deploy.Cmd-        Deploy.Deploy-        Deploy.HostSectionKey--    Build-depends:-        api-tools              >= 0.4               ,-        ansi-wl-pprint         >= 0.6.7.1           ,-        aeson                  >= 0.6.2             ,-        base                   >  4 && < 5          ,-        bytestring             >= 0.9               ,-        directory              >= 1.0               ,-        filepath               >= 1.1               ,-        keystore                                    ,-        mtl                    >= 2                 ,-        optparse-applicative   >= 0.9.0             ,-        process                >= 1.2.0.0           ,-        raw-strings-qq         >= 1.0.2             ,-        setenv                 >= 0.1               ,-        text                   >= 0.11              ,-        unordered-containers   >= 0.2.3.0--    GHC-Options:-        -Wall -fno-warn-warnings-deprecations+Name:                   keystore
+Version:                0.8.0.2
+x-revision: 1
+Synopsis:               Managing stores of secret things
+Homepage:               http://github.com/cdornan/keystore
+Author:                 Chris Dornan
+Maintainer:             chris@chrisdornan.com
+Copyright:              Chris Dornan
+License:                BSD3
+License-file:           LICENSE
+Category:               Cryptography
+Build-type:             Simple
+Description:
+  Writing deployment scripts is a critical yet error-prone activity which we
+  would rather do in Haskell. One of the most difficult aspect of deployment
+  scripts is the management of credentials: they cannot be stored in the
+  VCS like almost everything else, but need to be organised and accessed
+  while under lock and key. This is the problem that keystore is trying to solve:
+  flexible, secure and well-typed deployment scripts.
+  .
+  /All Haskell/
+  .
+  This package is written purely in Haskell and all of the cryptographic packages
+  it relies upon are written in Haskell.
+  .
+  /JSON Format/
+  .
+  It stores everything in a JSON format that has proven to be stable. We can can
+  use <http://hackage.haskell.org/package/api-tools migrations> in future
+  should the store need to be reorganized.
+  .
+  /Simple and Flexible Underlying Model/
+  .
+  * /Named Keys/: every key has an name within the store that is associated
+  with some secret data. If the secret data for that key is to be stored then
+  it must identify another key in the store that will be used to encrypt the
+  data. (Some keys -- the passwords -- will typically be auto-loaded from
+  environment variables.)
+  * *Functional model*: keys can be deleted and added again but the design
+  encourages the retention of the history. The old keys remain available
+  but deployment scripts will naturally select the latest version of a key.
+  When a key is rotated this merely loads a new generation for the rotated
+  key.
+  .
+  * /Simple Metadata/: oher information, such as the identity of the key
+  with its originating system (e.g., the identifier of an AWS IAM key)
+  and some arbitrary textual information (the 'comment') may be associated
+  with a key and accessible without recourse to the key or password needed
+  to access the secret information.
+  .
+  * /PKS/: the seret may be a RSA provate key with the public key stored
+  separately in the cler.
+  * *MFA*: a secret may be protected with multiple named keys, all of which
+  will be needed to recover the secret text.
+  .
+  * /Hashing/: all keys can be hashed with an appropriate PBKDF-2 function
+  and the hashes stored in the clear. These hashes may be sued to verify
+  passwords but also can be inserted directly into configuration files
+  for deployment. Precise control of the PBKDF-2 hash paramers is
+  avaiable.
+  .
+  * /Hierarchical Organization/: keys can be stored in different sections
+  with each key being protected by a master key for that section. Sections
+  can be configured to store the master keys of other sections thereby
+  gaining acces to all of the keys in those sections and the keys they
+  have access to.
+  .
+  * /Systems Integration/: keys can automatically loaded from Environment
+  variables. Typically a keystore session will start by settingb up an
+  environment variable for the deployment section corresponding for
+  the node that you need to deploy to. This will provide access to
+  precisely the keys whose secrets you need to carry out the deployment
+   and no more. It only needs access to the hashes of admin keys then they
+  can be placed in separate higher-level @admin@ sections. Provided care
+  is taken preparing the environment you will not deploy to the wrong host
+  (e.g., a live server rather than a staging server, or the wrong live
+  server) because those keys will not be accessible.
+  .
+  * /Configuration Control/: the parameters controling the encryption and
+  hashing functions can be set up independently in each section of the
+  store, allowing for heavier hashing to be used on live servers and
+  light hashing to be used on development and staging servers where
+  authentication needs to be quick.
+  .
+  * /Keystore Integrity/: the keystore can be signed and every operation
+  made to check that the keystore matches its signature (and the public
+  signing key matches an independent copy on the client).
+  .
+  * /External Crypto Operations/: keys in the keystore can be used to sign
+  or encrypt external obejcts (provided they can be loaded into memory).
+  .
+  /The Layers/
+  .
+  The keystore package has several layers. Most users
+  will probably need only the top "batteries-included" layer:
+  .
+  * @Data.KeyStore.Sections@: this provides a high-level model that allows
+  a flexible hierarchical keystore to be set up relatively easily.
+  See the 'deploy' example for details.
+  .
+  * @Data.KeyStore.CLI@ : This provides a stanalone program for inspecting
+  and editing your keystores. It can also be embedded into your own
+  deployment app. See the @deploy@ example for details.
+  .
+  * @Data.KeyStore.PasswordManager@ provides a password manager which each
+  user can use to setup their own local password store for holding the
+  deployment passwords and session tokens used to autheticate the server.
+  .
+  * @Data.KeyStore.IO@: this library provides general programatic access to
+  a keystore through @IO@ primitives. See the source code for the @Sections@
+  for an example of this module in use.
+  .
+  * @Data.KeyStore.KS@: this library provides general programatic access to
+  a keystore through functional @KS@ primitives. See the source code for
+  the @IO@ for an exteded example this system in action.
+  .
+  * @Data.KeyStore.Types@: This provides access to keystores at the types
+  level.
+  .
+  /Launch Instructions/
+  .
+  See the bottom <https://github.com/cdornan/keystore#launch-instructions README>
+  on GitHub home page for launch instructions for the deploy example.
+Data-files:
+    keystore.manifest
+    keystore783.manifest
+    examples/deploy/zshenv/.zshrc
+    examples/deploy/example-pwstore.dat
+
+
+Extra-source-files:     changelog
+Cabal-version:          >= 1.14
+
+Source-repository head
+    type:               git
+    location:           https://github.com/cdornan/keystore
+
+flag hpc
+    default: False
+
+flag stacktrace
+    default: False
+
+Library
+    Hs-Source-Dirs:     src
+
+    Exposed-modules:
+        Data.KeyStore
+        Data.KeyStore.CLI
+        Data.KeyStore.CLI.Command
+        Data.KeyStore.IO
+        Data.KeyStore.IO.IC
+        Data.KeyStore.KS
+        Data.KeyStore.KS.Configuration
+        Data.KeyStore.KS.CPRNG
+        Data.KeyStore.KS.Crypto
+        Data.KeyStore.KS.KS
+        Data.KeyStore.KS.Opt
+        Data.KeyStore.KS.Packet
+        Data.KeyStore.PasswordManager
+        Data.KeyStore.Sections
+        Data.KeyStore.Types
+        Data.KeyStore.Types.E
+        Data.KeyStore.Types.NameAndSafeguard
+        Data.KeyStore.Types.PasswordStoreModel
+        Data.KeyStore.Types.PasswordStoreSchema
+        Data.KeyStore.Types.Schema
+        Data.KeyStore.Version
+
+    Build-depends:
+        api-tools              >= 0.4               ,
+        asn1-types             >= 0.2.0             ,
+        asn1-encoding          >= 0.8.0             ,
+        ansi-wl-pprint         >= 0.6.7             ,
+        crypto-pubkey          >= 0.2.1             ,
+        crypto-random          >= 0.0.7             ,
+        aeson                  >= 1                 ,
+        aeson-pretty           >= 0.7               ,
+        base                   >= 4                 ,
+        base64-bytestring      >= 1.0               ,
+        byteable               >= 0.1               ,
+        bytestring             >= 0.9               ,
+        cipher-aes             >= 0.2.6             ,
+        containers             >= 0.4               ,
+        directory              >= 1.2               ,
+        filepath               >= 1.3               ,
+        lens                   >= 3.9.2             ,
+        mtl                    >= 2                 ,
+        old-locale             >= 1.0.0.5           ,
+        optparse-applicative   >= 0.11.0   && <0.14 ,
+        pbkdf                  >= 1.1.1.0           ,
+        regex-compat-tdfa      >= 0.95.1            ,
+        safe                   >= 0.3.3             ,
+        setenv                 >= 0.1               ,
+        text                   >= 0.11.3            ,
+        time                   >= 1.4               ,
+        unordered-containers   >= 0.2.3.0           ,
+        vector                 >= 0.10.0.1
+
+    Default-Language:   Haskell2010
+
+    GHC-Options:
+        -Wall -fno-warn-warnings-deprecations
+
+
+Executable ks
+    Hs-Source-Dirs:     main
+
+    Main-is:            ks.hs
+
+    Default-Language:   Haskell2010
+
+    Build-depends:
+        base                   >  4 && < 5          ,
+        keystore
+
+    GHC-Options:
+        -Wall -fno-warn-warnings-deprecations
+
+Executable deploy
+    Hs-Source-Dirs:     examples/deploy
+
+    Main-is: deploy.hs
+
+    Default-Language:   Haskell2010
+
+    Other-modules:
+        Deploy.Cmd
+        Deploy.Deploy
+        Deploy.HostSectionKey
+
+    Build-depends:
+        api-tools              >= 0.4               ,
+        ansi-wl-pprint         >= 0.6.7.1           ,
+        aeson                  >= 0.6.2             ,
+        base                   >  4 && < 5          ,
+        bytestring             >= 0.9               ,
+        directory              >= 1.0               ,
+        filepath               >= 1.1               ,
+        keystore                                    ,
+        mtl                    >= 2                 ,
+        optparse-applicative   >= 0.9.0             ,
+        process                >= 1.2.0.0           ,
+        raw-strings-qq         >= 1.0.2             ,
+        setenv                 >= 0.1               ,
+        text                   >= 0.11              ,
+        unordered-containers   >= 0.2.3.0
+
+    GHC-Options:
+        -Wall -fno-warn-warnings-deprecations