Copyright	(c) 2015-2016 Brendan Hay
License	Mozilla Public License, v. 2.0.
Maintainer	Brendan Hay <brendan.g.hay@gmail.com>
Stability	provisional
Portability	non-portable (GHC extensions)
Safe Haskell	None
Language	Haskell2010

Credentials.DynamoDB

Contents

Table
Operations

Description

Provides the implementation for storage and retrieval of encrypted credentials in DynamoDB. The encryption and decryption is handled by Credentials.KMS.

See the Credentials module for usage information.

Synopsis

Table

newtype DynamoTable Source #

A DynamoDB table reference.

Constructors

DynamoTable
Fields tableName :: Text

Instances

Eq DynamoTable Source #
Methods (==) :: DynamoTable -> DynamoTable -> Bool # (/=) :: DynamoTable -> DynamoTable -> Bool #
Ord DynamoTable Source #
Methods compare :: DynamoTable -> DynamoTable -> Ordering # (<) :: DynamoTable -> DynamoTable -> Bool # (<=) :: DynamoTable -> DynamoTable -> Bool # (>) :: DynamoTable -> DynamoTable -> Bool # (>=) :: DynamoTable -> DynamoTable -> Bool # max :: DynamoTable -> DynamoTable -> DynamoTable # min :: DynamoTable -> DynamoTable -> DynamoTable #
Show DynamoTable Source #
Methods showsPrec :: Int -> DynamoTable -> ShowS # show :: DynamoTable -> String # showList :: [DynamoTable] -> ShowS #
ToText DynamoTable Source #
Methods toText :: DynamoTable -> Text #
FromText DynamoTable Source #
Methods parser :: Parser DynamoTable #
ToByteString DynamoTable Source #
Methods toBS :: DynamoTable -> ByteString #
ToLog DynamoTable Source #
Methods build :: DynamoTable -> Builder #

defaultTable :: DynamoTable Source #

The default DynamoDB table used to store credentials.

Value: credentials

Operations

insert Source #

Arguments

:: (MonadMask m, MonadAWS m, Typeable m)
=> KeyId	The KMS master key ARN or alias.
-> Context	The KMS encryption context.
-> Name	The credential name.
-> ByteString	The unencrypted plaintext.
-> DynamoTable	The DynamoDB table.
-> m Revision

Encrypt and insert a new credential revision with the specified name.

The newly inserted revision is returned.

select Source #

Arguments

:: MonadAWS m
=> Context	The KMS encryption context that was used during insertion.
-> Name	The credential name.
-> Maybe Revision	A revision. If `Nothing`, the latest will be selected.
-> DynamoTable	The DynamoDB table.
-> m (ByteString, Revision)

Select an existing credential, optionally specifying the revision.

The decrypted plaintext and selected revision are returned.

delete Source #

Arguments

:: MonadAWS m
=> Name	The credential name.
-> Revision	The revision to delete.
-> DynamoTable	The DynamoDB table.
-> m ()

Delete the specific credential revision.

truncate Source #

Arguments

:: MonadAWS m
=> Name	The credential name.
-> DynamoTable	The DynamoDB table.
-> m ()

Truncate all of a credential's revisions, so that only the latest revision remains.

revisions Source #

Arguments

:: MonadAWS m
=> DynamoTable	The DynamoDB table.
-> Source m (Name, NonEmpty Revision)

Scan the entire credential database, grouping pages of results into unique credential names and their corresponding revisions.

setup Source #

Arguments

:: MonadAWS m
=> DynamoTable	The DynamoDB table.
-> m Setup

Create the credentials database table.

The returned idempotency flag can be used to notify configuration management tools such as ansible whether about system state.

teardown :: MonadAWS m => DynamoTable -> m () Source #

Delete the credentials database table and all data.

Note: Unless you have DynamoDB backups running, this is a completely irrevocable action.