sneak/secret
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
108 Commits 2 Branches 0 Tags 7 MiB
63cc06b93c
Commit Graph

16 Commits

Author SHA1 Message Date
sneak
63cc06b93c Fix DecryptWithIdentity to return LockedBuffer 
- Changed DecryptWithIdentity to return *memguard.LockedBuffer instead of []byte
- Updated all callers throughout the codebase to handle LockedBuffer
- This ensures decrypted data is protected in memory immediately after decryption
- Fixed all usages in vault, secret, version, and unlocker implementations
- Removed duplicate buffer creation and unnecessary memory clearing
 2025-07-15 09:04:34 +02:00
sneak
8ec3fc877d Fix GetValue methods to return LockedBuffer internally 
- Changed Secret.GetValue and Version.GetValue to return *memguard.LockedBuffer
- Updated all internal callers to handle LockedBuffer properly
- For backward compatibility, vault.GetSecret still returns []byte but makes a copy
- This ensures secret values are protected in memory during decryption
- Updated tests to handle LockedBuffer returns
- Fixed CLI getSecretValue to use LockedBuffer throughout
 2025-07-15 08:59:23 +02:00
sneak
819902f385 Fix gpgEncryptDefault to accept LockedBuffer for data parameter 
- Changed GPGEncryptFunc signature to accept *memguard.LockedBuffer instead of []byte
- Updated gpgEncryptDefault implementation to use LockedBuffer
- Updated all callers including tests to pass LockedBuffer
- This ensures GPG encryption data is protected in memory
- Fixed linter issue with line length
 2025-07-15 08:46:33 +02:00
sneak
292564c6e7 Fix storeInKeychain to accept LockedBuffer for data parameter 
- Changed storeInKeychain to accept *memguard.LockedBuffer instead of []byte
- Updated caller in CreateKeychainUnlocker to create LockedBuffer before storing
- This ensures keychain data is protected in memory before being stored
- Added proper buffer cleanup with defer Destroy()
 2025-07-15 08:44:09 +02:00
sneak
e82d428b05 Remove deprecated Secret.Save function 
- Removed unused deprecated Save(value []byte, force bool) function
- This function accepted unprotected secret data which was a security issue
- All code now uses vault.AddSecret directly with LockedBuffer
- Updated TODO.md to reflect completion of this security fix
 2025-07-15 08:40:35 +02:00
sneak
7596049828 uses protected memory buffers now for all secrets in ram 2025-07-15 08:32:33 +02:00
sneak
e5b18202f3 Fix revive package stuttering errors 
- Rename SecretMetadata to Metadata in secret package
- Rename SecretVersion to Version in secret package
- Update NewSecretVersion to NewVersion function
- Update all references across the codebase including:
  - vault package aliases
  - CLI usage
  - test files
  - method receivers and signatures
 2025-06-20 08:48:17 -07:00
sneak
434b73d834 Fix intrange and G101 linting issues 
- Convert for loops to use Go 1.22+ integer ranges in generate.go and helpers.go
- Disable G101 false positives for test vectors and environment variable names
- Add file-level gosec disable for bip85_test.go containing BIP85 test vectors
- Add targeted nolint comments for legitimate test data and constants
 2025-06-20 08:08:01 -07:00
sneak
f59ee4d2d6 'unlock keys' renamed to 'unlockers' 2025-05-30 07:29:02 -07:00
sneak
34d6870e6a feat: add derivation index to vault metadata for unique keys - Add VaultMetadata fields: DerivationIndex, LongTermKeyHash, MnemonicHash - Implement GetNextDerivationIndex() to track and increment indices for same mnemonics - Update init and import commands to use proper derivation indices - Add ComputeDoubleSHA256() for hash calculations - Save vault metadata on creation with all derivation information - Add comprehensive tests for metadata functionality. This ensures multiple vaults using the same mnemonic will derive different long-term keys by using incremented derivation indices. The mnemonic is double SHA256 hashed and stored to track which vaults share mnemonics. Fixes TODO item #5 2025-05-29 16:23:29 -07:00
sneak
8cc15fde3d latest 2025-05-29 13:02:39 -07:00
sneak
1b8ea9695b feat: implement debug logging system (#5) - Added debug.go with structured logging using log/slog - Supports GODEBUG=berlin.sneak.pkg.secret flag - JSON output for non-TTY stderr, colorized output for TTY - Added Debug(), DebugF(), and DebugWith() functions - Early return when debug is disabled for performance - Added comprehensive tests for debug functionality - Integrated debug logging into CLI init and vault operations - Removed completed TODO item #5 2025-05-29 06:25:50 -07:00
sneak
9f0f5cc8a1 todo list items 2025-05-29 06:19:41 -07:00
sneak
89a8af2aa1 docs 2025-05-29 06:14:19 -07:00
sneak
659b5ba508 refactor: rename SEP to Keychain and reorganize import commands - Renamed sepunlock.go to keychainunlock.go - Changed all SEP types to Keychain types (SEPUnlockKey -> KeychainUnlockKey) - Updated type string from 'macos-sep' to 'keychain' - Moved 'secret import' to 'secret vault import' for mnemonic imports - Added new 'secret import <secret-name> --source <filename>' for file imports - Updated README to replace all 'Secure Enclave' references with 'macOS Keychain' - Updated directory structure diagrams and examples - Fixed linter error in MarkFlagRequired call - All tests passing, linter clean 2025-05-29 06:07:15 -07:00
sneak
c526b68f58 docs: comprehensive README.md and TODO.md for 1.0 release - Updated README.md with detailed documentation of all commands, architecture, and storage system - Added comprehensive TODO.md with critical, important, and trivial items for 1.0 release - Documented three-layer key hierarchy and vault system - Included examples, security considerations, and cross-platform notes - Identified key bugs including missing cobra usage printing after errors - Categorized 50+ items by priority with timeline estimates 2025-05-29 05:58:21 -07:00