mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-09 16:17:01 +02:00
Code Issues Projects Releases Wiki Activity

Use hmac-sha256 for protecting secrets in audit entries

Browse Source
This commit is contained in:
Jeff Mitchell 2015-09-19 11:29:31 -04:00
parent 49ec196016
commit 743e7f99b6
2 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
audit/hashstructure_test.go
View File

@ -140,10 +140,14 @@ func TestHash(t *testing.T) {
}, },
} }
localSalt, err := salt.NewSalt(nil, &salt.Config{ inmemStorage := &logical.InmemStorage{}
HMAC: sha256.New, inmemStorage.Put(&logical.StorageEntry{
HMACType: "hmac-sha256", Key: "salt",
StaticSalt: "foo", Value: []byte("foo"),
})
localSalt, err := salt.NewSalt(inmemStorage, &salt.Config{
HMAC: sha256.New,
HMACType: "hmac-sha256",
}) })
if err != nil { if err != nil {
t.Fatalf("Error instantiating salt: %s", err) t.Fatalf("Error instantiating salt: %s", err)

1
vault/audit.go
View File

@ -207,7 +207,6 @@ func (c *Core) newAuditBackend(t string, view logical.Storage, conf map[string]s
return nil, fmt.Errorf("unknown backend type: %s", t) return nil, fmt.Errorf("unknown backend type: %s", t)
} }
salter, err := salt.NewSalt(view, &salt.Config{ salter, err := salt.NewSalt(view, &salt.Config{
HashFunc: salt.SHA256Hash,
HMAC: sha256.New, HMAC: sha256.New,
HMACType: "hmac-sha256", HMACType: "hmac-sha256",
}) })