Cabal revisions of keystore-0.8.0.2
Hackage metadata revisions edit the .cabal file after upload; each diff below is one revision.
revision 1
-Name: keystore-Version: 0.8.0.2-Synopsis: Managing stores of secret things-Homepage: http://github.com/cdornan/keystore-Author: Chris Dornan-Maintainer: chris@chrisdornan.com-Copyright: Chris Dornan-License: BSD3-License-file: LICENSE-Category: Cryptography-Build-type: Simple-Description:- Writing deployment scripts is a critical yet error-prone activity which we- would rather do in Haskell. One of the most difficult aspect of deployment- scripts is the management of credentials: they cannot be stored in the- VCS like almost everything else, but need to be organised and accessed- while under lock and key. This is the problem that keystore is trying to solve:- flexible, secure and well-typed deployment scripts.- .- /All Haskell/- .- This package is written purely in Haskell and all of the cryptographic packages- it relies upon are written in Haskell.- .- /JSON Format/- .- It stores everything in a JSON format that has proven to be stable. We can can- use <http://hackage.haskell.org/package/api-tools migrations> in future- should the store need to be reorganized.- .- /Simple and Flexible Underlying Model/- .- * /Named Keys/: every key has an name within the store that is associated- with some secret data. If the secret data for that key is to be stored then- it must identify another key in the store that will be used to encrypt the- data. (Some keys -- the passwords -- will typically be auto-loaded from- environment variables.)- * *Functional model*: keys can be deleted and added again but the design- encourages the retention of the history. The old keys remain available- but deployment scripts will naturally select the latest version of a key.- When a key is rotated this merely loads a new generation for the rotated- key.- .- * /Simple Metadata/: oher information, such as the identity of the key- with its originating system (e.g., the identifier of an AWS IAM key)- and some arbitrary textual information (the 'comment') may be associated- with a key and accessible without recourse to the key or password needed- to access the secret information.- .- * /PKS/: the seret may be a RSA provate key with the public key stored- separately in the cler.- * *MFA*: a secret may be protected with multiple named keys, all of which- will be needed to recover the secret text.- .- * /Hashing/: all keys can be hashed with an appropriate PBKDF-2 function- and the hashes stored in the clear. These hashes may be sued to verify- passwords but also can be inserted directly into configuration files- for deployment. Precise control of the PBKDF-2 hash paramers is- avaiable.- .- * /Hierarchical Organization/: keys can be stored in different sections- with each key being protected by a master key for that section. Sections- can be configured to store the master keys of other sections thereby- gaining acces to all of the keys in those sections and the keys they- have access to.- .- * /Systems Integration/: keys can automatically loaded from Environment- variables. Typically a keystore session will start by settingb up an- environment variable for the deployment section corresponding for- the node that you need to deploy to. This will provide access to- precisely the keys whose secrets you need to carry out the deployment- and no more. It only needs access to the hashes of admin keys then they- can be placed in separate higher-level @admin@ sections. Provided care- is taken preparing the environment you will not deploy to the wrong host- (e.g., a live server rather than a staging server, or the wrong live- server) because those keys will not be accessible.- .- * /Configuration Control/: the parameters controling the encryption and- hashing functions can be set up independently in each section of the- store, allowing for heavier hashing to be used on live servers and- light hashing to be used on development and staging servers where- authentication needs to be quick.- .- * /Keystore Integrity/: the keystore can be signed and every operation- made to check that the keystore matches its signature (and the public- signing key matches an independent copy on the client).- .- * /External Crypto Operations/: keys in the keystore can be used to sign- or encrypt external obejcts (provided they can be loaded into memory).- .- /The Layers/- .- The keystore package has several layers. Most users- will probably need only the top "batteries-included" layer:- .- * @Data.KeyStore.Sections@: this provides a high-level model that allows- a flexible hierarchical keystore to be set up relatively easily.- See the 'deploy' example for details.- .- * @Data.KeyStore.CLI@ : This provides a stanalone program for inspecting- and editing your keystores. It can also be embedded into your own- deployment app. See the @deploy@ example for details.- .- * @Data.KeyStore.PasswordManager@ provides a password manager which each- user can use to setup their own local password store for holding the- deployment passwords and session tokens used to autheticate the server.- .- * @Data.KeyStore.IO@: this library provides general programatic access to- a keystore through @IO@ primitives. See the source code for the @Sections@- for an example of this module in use.- .- * @Data.KeyStore.KS@: this library provides general programatic access to- a keystore through functional @KS@ primitives. See the source code for- the @IO@ for an exteded example this system in action.- .- * @Data.KeyStore.Types@: This provides access to keystores at the types- level.- .- /Launch Instructions/- .- See the bottom <https://github.com/cdornan/keystore#launch-instructions README>- on GitHub home page for launch instructions for the deploy example.-Data-files:- keystore.manifest- keystore783.manifest- examples/deploy/zshenv/.zshrc- examples/deploy/example-pwstore.dat---Extra-source-files: changelog-Cabal-version: >= 1.14--Source-repository head- type: git- location: https://github.com/cdornan/keystore--flag hpc- default: False--flag stacktrace- default: False--Library- Hs-Source-Dirs: src-- Exposed-modules:- Data.KeyStore- Data.KeyStore.CLI- Data.KeyStore.CLI.Command- Data.KeyStore.IO- Data.KeyStore.IO.IC- Data.KeyStore.KS- Data.KeyStore.KS.Configuration- Data.KeyStore.KS.CPRNG- Data.KeyStore.KS.Crypto- Data.KeyStore.KS.KS- Data.KeyStore.KS.Opt- Data.KeyStore.KS.Packet- Data.KeyStore.PasswordManager- Data.KeyStore.Sections- Data.KeyStore.Types- Data.KeyStore.Types.E- Data.KeyStore.Types.NameAndSafeguard- Data.KeyStore.Types.PasswordStoreModel- Data.KeyStore.Types.PasswordStoreSchema- Data.KeyStore.Types.Schema- Data.KeyStore.Version-- Build-depends:- api-tools >= 0.4 ,- asn1-types >= 0.2.0 ,- asn1-encoding >= 0.8.0 ,- ansi-wl-pprint >= 0.6.7 ,- crypto-pubkey >= 0.2.1 ,- crypto-random >= 0.0.7 ,- aeson >= 0.6.2 ,- aeson-pretty >= 0.7 ,- base >= 4 ,- base64-bytestring >= 1.0 ,- byteable >= 0.1 ,- bytestring >= 0.9 ,- cipher-aes >= 0.2.6 ,- containers >= 0.4 ,- directory >= 1.2 ,- filepath >= 1.3 ,- lens >= 3.9.2 ,- mtl >= 2 ,- old-locale >= 1.0.0.5 ,- optparse-applicative >= 0.11.0 && <0.14 ,- pbkdf >= 1.1.1.0 ,- regex-compat-tdfa >= 0.95.1 ,- safe >= 0.3.3 ,- setenv >= 0.1 ,- text >= 0.11.3 ,- time >= 1.4 ,- unordered-containers >= 0.2.3.0 ,- vector >= 0.10.0.1-- Default-Language: Haskell2010-- GHC-Options:- -Wall -fno-warn-warnings-deprecations---Executable ks- Hs-Source-Dirs: main-- Main-is: ks.hs-- Default-Language: Haskell2010-- Build-depends:- base > 4 && < 5 ,- keystore-- GHC-Options:- -Wall -fno-warn-warnings-deprecations--Executable deploy- Hs-Source-Dirs: examples/deploy-- Main-is: deploy.hs-- Default-Language: Haskell2010-- Other-modules:- Deploy.Cmd- Deploy.Deploy- Deploy.HostSectionKey-- Build-depends:- api-tools >= 0.4 ,- ansi-wl-pprint >= 0.6.7.1 ,- aeson >= 0.6.2 ,- base > 4 && < 5 ,- bytestring >= 0.9 ,- directory >= 1.0 ,- filepath >= 1.1 ,- keystore ,- mtl >= 2 ,- optparse-applicative >= 0.9.0 ,- process >= 1.2.0.0 ,- raw-strings-qq >= 1.0.2 ,- setenv >= 0.1 ,- text >= 0.11 ,- unordered-containers >= 0.2.3.0-- GHC-Options:- -Wall -fno-warn-warnings-deprecations+Name: keystore +Version: 0.8.0.2 +x-revision: 1 +Synopsis: Managing stores of secret things +Homepage: http://github.com/cdornan/keystore +Author: Chris Dornan +Maintainer: chris@chrisdornan.com +Copyright: Chris Dornan +License: BSD3 +License-file: LICENSE +Category: Cryptography +Build-type: Simple +Description: + Writing deployment scripts is a critical yet error-prone activity which we + would rather do in Haskell. One of the most difficult aspect of deployment + scripts is the management of credentials: they cannot be stored in the + VCS like almost everything else, but need to be organised and accessed + while under lock and key. This is the problem that keystore is trying to solve: + flexible, secure and well-typed deployment scripts. + . + /All Haskell/ + . + This package is written purely in Haskell and all of the cryptographic packages + it relies upon are written in Haskell. + . + /JSON Format/ + . + It stores everything in a JSON format that has proven to be stable. We can can + use <http://hackage.haskell.org/package/api-tools migrations> in future + should the store need to be reorganized. + . + /Simple and Flexible Underlying Model/ + . + * /Named Keys/: every key has an name within the store that is associated + with some secret data. If the secret data for that key is to be stored then + it must identify another key in the store that will be used to encrypt the + data. (Some keys -- the passwords -- will typically be auto-loaded from + environment variables.) + * *Functional model*: keys can be deleted and added again but the design + encourages the retention of the history. The old keys remain available + but deployment scripts will naturally select the latest version of a key. + When a key is rotated this merely loads a new generation for the rotated + key. + . + * /Simple Metadata/: oher information, such as the identity of the key + with its originating system (e.g., the identifier of an AWS IAM key) + and some arbitrary textual information (the 'comment') may be associated + with a key and accessible without recourse to the key or password needed + to access the secret information. + . + * /PKS/: the seret may be a RSA provate key with the public key stored + separately in the cler. + * *MFA*: a secret may be protected with multiple named keys, all of which + will be needed to recover the secret text. + . + * /Hashing/: all keys can be hashed with an appropriate PBKDF-2 function + and the hashes stored in the clear. These hashes may be sued to verify + passwords but also can be inserted directly into configuration files + for deployment. Precise control of the PBKDF-2 hash paramers is + avaiable. + . + * /Hierarchical Organization/: keys can be stored in different sections + with each key being protected by a master key for that section. Sections + can be configured to store the master keys of other sections thereby + gaining acces to all of the keys in those sections and the keys they + have access to. + . + * /Systems Integration/: keys can automatically loaded from Environment + variables. Typically a keystore session will start by settingb up an + environment variable for the deployment section corresponding for + the node that you need to deploy to. This will provide access to + precisely the keys whose secrets you need to carry out the deployment + and no more. It only needs access to the hashes of admin keys then they + can be placed in separate higher-level @admin@ sections. Provided care + is taken preparing the environment you will not deploy to the wrong host + (e.g., a live server rather than a staging server, or the wrong live + server) because those keys will not be accessible. + . + * /Configuration Control/: the parameters controling the encryption and + hashing functions can be set up independently in each section of the + store, allowing for heavier hashing to be used on live servers and + light hashing to be used on development and staging servers where + authentication needs to be quick. + . + * /Keystore Integrity/: the keystore can be signed and every operation + made to check that the keystore matches its signature (and the public + signing key matches an independent copy on the client). + . + * /External Crypto Operations/: keys in the keystore can be used to sign + or encrypt external obejcts (provided they can be loaded into memory). + . + /The Layers/ + . + The keystore package has several layers. Most users + will probably need only the top "batteries-included" layer: + . + * @Data.KeyStore.Sections@: this provides a high-level model that allows + a flexible hierarchical keystore to be set up relatively easily. + See the 'deploy' example for details. + . + * @Data.KeyStore.CLI@ : This provides a stanalone program for inspecting + and editing your keystores. It can also be embedded into your own + deployment app. See the @deploy@ example for details. + . + * @Data.KeyStore.PasswordManager@ provides a password manager which each + user can use to setup their own local password store for holding the + deployment passwords and session tokens used to autheticate the server. + . + * @Data.KeyStore.IO@: this library provides general programatic access to + a keystore through @IO@ primitives. See the source code for the @Sections@ + for an example of this module in use. + . + * @Data.KeyStore.KS@: this library provides general programatic access to + a keystore through functional @KS@ primitives. See the source code for + the @IO@ for an exteded example this system in action. + . + * @Data.KeyStore.Types@: This provides access to keystores at the types + level. + . + /Launch Instructions/ + . + See the bottom <https://github.com/cdornan/keystore#launch-instructions README> + on GitHub home page for launch instructions for the deploy example. +Data-files: + keystore.manifest + keystore783.manifest + examples/deploy/zshenv/.zshrc + examples/deploy/example-pwstore.dat + + +Extra-source-files: changelog +Cabal-version: >= 1.14 + +Source-repository head + type: git + location: https://github.com/cdornan/keystore + +flag hpc + default: False + +flag stacktrace + default: False + +Library + Hs-Source-Dirs: src + + Exposed-modules: + Data.KeyStore + Data.KeyStore.CLI + Data.KeyStore.CLI.Command + Data.KeyStore.IO + Data.KeyStore.IO.IC + Data.KeyStore.KS + Data.KeyStore.KS.Configuration + Data.KeyStore.KS.CPRNG + Data.KeyStore.KS.Crypto + Data.KeyStore.KS.KS + Data.KeyStore.KS.Opt + Data.KeyStore.KS.Packet + Data.KeyStore.PasswordManager + Data.KeyStore.Sections + Data.KeyStore.Types + Data.KeyStore.Types.E + Data.KeyStore.Types.NameAndSafeguard + Data.KeyStore.Types.PasswordStoreModel + Data.KeyStore.Types.PasswordStoreSchema + Data.KeyStore.Types.Schema + Data.KeyStore.Version + + Build-depends: + api-tools >= 0.4 , + asn1-types >= 0.2.0 , + asn1-encoding >= 0.8.0 , + ansi-wl-pprint >= 0.6.7 , + crypto-pubkey >= 0.2.1 , + crypto-random >= 0.0.7 , + aeson >= 1 , + aeson-pretty >= 0.7 , + base >= 4 , + base64-bytestring >= 1.0 , + byteable >= 0.1 , + bytestring >= 0.9 , + cipher-aes >= 0.2.6 , + containers >= 0.4 , + directory >= 1.2 , + filepath >= 1.3 , + lens >= 3.9.2 , + mtl >= 2 , + old-locale >= 1.0.0.5 , + optparse-applicative >= 0.11.0 && <0.14 , + pbkdf >= 1.1.1.0 , + regex-compat-tdfa >= 0.95.1 , + safe >= 0.3.3 , + setenv >= 0.1 , + text >= 0.11.3 , + time >= 1.4 , + unordered-containers >= 0.2.3.0 , + vector >= 0.10.0.1 + + Default-Language: Haskell2010 + + GHC-Options: + -Wall -fno-warn-warnings-deprecations + + +Executable ks + Hs-Source-Dirs: main + + Main-is: ks.hs + + Default-Language: Haskell2010 + + Build-depends: + base > 4 && < 5 , + keystore + + GHC-Options: + -Wall -fno-warn-warnings-deprecations + +Executable deploy + Hs-Source-Dirs: examples/deploy + + Main-is: deploy.hs + + Default-Language: Haskell2010 + + Other-modules: + Deploy.Cmd + Deploy.Deploy + Deploy.HostSectionKey + + Build-depends: + api-tools >= 0.4 , + ansi-wl-pprint >= 0.6.7.1 , + aeson >= 0.6.2 , + base > 4 && < 5 , + bytestring >= 0.9 , + directory >= 1.0 , + filepath >= 1.1 , + keystore , + mtl >= 2 , + optparse-applicative >= 0.9.0 , + process >= 1.2.0.0 , + raw-strings-qq >= 1.0.2 , + setenv >= 0.1 , + text >= 0.11 , + unordered-containers >= 0.2.3.0 + + GHC-Options: + -Wall -fno-warn-warnings-deprecations