nathan/smt
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases 2 Wiki Activity

fix bug with UserName
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Nathan Coad
2024-01-09 21:45:45 +11:00
parent 43aabee7e8
commit 1b1ac50a61
2 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@@ -6,18 +6,20 @@ Build Date: `{BUILDTIME}`
Build Hash: `{SHA1VER}`
Written by Nathan Coad (nathan.coad@dell.com)
## Overview
Provide REST API to store and retrieve secrets with associated username, device name and optionally device class. Secret is stored in sqlite database once encrypted using an AES256 block cipher wrapped in Galois Counter Mode with the standard nonce length.
Provide REST API to store and retrieve secrets with associated username, device name and optionally device class. Secrets are stored in sqlite database once encrypted using an AES256 block cipher wrapped in Galois Counter Mode with the standard nonce length.
All secret operations (Create, Read, Update or Delete) require successful authentication. A JWT token is returned upon login, which must be provided for all other operations.
Multiple user roles are supported, with each user only able to access secrets matching their user role. One exception is the built in administrator role that is able to access all secrets.
Written by Nathan Coad (nathan.coad@dell.com)
Users must be a member of a single group. Groups can have access to multiple safes. Groups can have read-only or read-write access to safes. Only users with an admin role can perform user-related operations such as creating users or groups, or creating/deleting safes. Users and groups can be either locally defined or sourced from LDAP lookups.
## Installation
Only tested on x64 Linux, but code should compile on other platforms.
1. Copy binary to chosen location, eg /srv/smt/smt
2. Create .env file in same directory as binary, populate as per Configuration section below
3. Create systemd service definition

3
models/secret.go
View File

@@ -26,9 +26,10 @@ type Secret struct {
}
// Used for querying all secrets the user has access to
// Since there are some ambiguous column names (eg UserName is present in both users and secrets table), the order of fields in this struct matters
type UserSecret struct {
User
Secret
User
//Group
Permission
}