úÎ!~rʼ      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»<(c) 2018 Chris Coffey (c) 2018 CollegeVineMIT Chris Coffey experimentalportableNone$&',79=>?@ACPk$â confcrypt¶This constraint provides a type-level check that the wrapped key type exists off-system inside an externally provided Key Management System (KMS). For use with AWS KMS or Azure KMS. confcryptŠThis constraint provides a type-level check that the wrapped key type is local to the current machine. For use with things like RSA keys. confcryptIndicates which types a confcryptMaps to ¼ confcryptMaps to ½ confcryptMaps to ¾ confcryptSelf explanitory confcrypt*A parsed schema line from a confcrypt file  confcrypt-A parsed parameter line from a confcrypt file confcryptA parameter consists of both a   and  line from the confcr confcryptWThe syntax used to describe a confcrypt file. A line in a confcrypt file may be one of ,  @, or comment. The grammar itself is described in the readme and  . confcrypt,As indicated in the Readme, a ConfCrypt file confcrypt:The possible errors produced during a confcrypt operation.+ confcryptKThe core transformer stack for ConfCrypt. The most important parts are the ¿ and À , as the Á and Â1 can both be replaced with explicit return types., confcryptA special purpose à function for convert- confcryptConvert a parameter into a  and  if possible.. confcrypt<Checks whether the provided line from a confcrypt file is a / confcrypt7Attempts to unwrap a line from a confcrypt file into a 1 confcrypt In order to2 confcryptÇthis implementation means that there can only be a single parameter or schema with the same name. Attempting to add multiple with the same name is undefined behavior and will result in missing data.0  !"#$%&'()*+,-./0+ !"#$%&'()*  /.,-None$&',79=>?@ACPk,õW confcryptConfcrypt reqires the pair of [ and Ä) to run any operations in an AWS context.[ confcrypt.Wraps a KMS key id. For more on KMS keys, see Ghttps://docs.aws.amazon.com/kms/latest/developerguide/crypto-intro.html^ confcrypt Load the W}. It first checks for configuration in environment variables, then a local config file. The discovery logic is described in AWsWXYZ[\]^WXYZ[\]^<(c) 2018 Chris Coffey (c) 2018 CollegeVineMIT Chris Coffey experimentalportableNone$&',79=>?@ACPk3©b confcrypt Parse raw Text into a .,Duplicates are removed by virtue of using a Mapµ. This means the behavior for having duplciate parameter names is officially undefined, but as implemented the last parameter read will be preserved. DO NOT RELY ON THIS BEHAVIOR!bb<(c) 2018 Chris Coffey (c) 2018 CollegeVineMIT Chris Coffey experimentalportableNone$&',79=>?@ACPkD c confcryptHRepresents a KMS key remotely managed by a third party service provider.e confcrypt_The interface for encrypting a value is simply a function from a key + plaintext -> ciphertext.f confcrypt?Encrypts a value and either returns the ciphertext or throws a g confcrypt#Decrypts an encrypted block of texth confcrypt_Given a key and some encrypted ciphertext, returns either the decrypted plaintext or raises a j confcryptXThis class provides the ability to extract specific parts of a keypair from a given RSA KeyPairl confcryptFRepresents the textual contents of any key stored on the local machinen confcryptÉGiven a file on disk that contains the textual representation of an RSA private key (as generated by openssh or ssh-keygen), extract the key from the file and project it into the type of key required.o confcryptHA private function to actually unpack the RSA key. Only used for testingcdefghijklmnopjklmcdipefghno<(c) 2018 Chris Coffey (c) 2018 CollegeVineMIT Chris Coffey experimentalportableNone$&',79=>?@ACPkI € confcryptEPrinted out on request as an example or starting point for new users. confcryptThe standard empty config‚ confcryptExtracts the plaintext from € into a populated config€‚€‚<(c) 2018 Chris Coffey (c) 2018 CollegeVineMIT Chris Coffey experimentalportableNone$&',79=>?@ACPkPムconfcryptAApply all validation rules, accumulating the errors across rules.„ confcrypt_For each (Schema, Parameter) pair, confirm that the parameter's value type matches the schema.… confcrypt7Raise an error if there are parameters without a schema† confcrypt6Raise an error if there are schema without a parameterƒ„…†ƒ„…†None$&',79=>?@ACPkpï ‡ confcryptDumps the contents of ‚K to the output buffer. This is the same example config used in the readme.‰ confcryptRun all of the rules in    on this file.‹ confcrypt­Removes a particular parameter and schema from the config file. This does not require an encryption key because the lines may simply be deleted based on the parameter name.Ž confcrypt±Modify the value or type of a parameter in-place. This should result in a diff touching only the impacted lines. Very important that this property holds to make reviews easier.“ confcrypt.Used to add a new config parameter to the file˜ confcryptFUsed to get the decrypted value of a single encrypted config parameter› confcrypt|Read and return the full contents of an encrypted file. Provides support for using a local RSA key or an externl KMS service confcrypt2All confcrypt commands can be generalized into an ž¶ call. In reality, instances likely need to provide some environment, although that's not required as everything could be contained as record fields of the command argument itself.In reality the return type of  evalutate is Text6, this needs to be cleaned up in the upcoming version.Ÿ confcryptRCommands may perform one of the following operations to a line of a confcrypt file£ confcryptZGiven a known file state and some edits, apply the edits and produce the new file contents¤ confcryptWrites the provided ³ (provided as a Map) to the output buffer in line-number order. This allows for producing an easily diffable output and makes in-place edits easy to spot in source control diffs.Å confcryptÿ:Because the encrypted results are stored as UTF8 text, its possible for an encrypted value to embed end-of-line (eol) characters into the output value. This means rather than relying on eol as our delimeter we need to explicitly wrap encrypted values in something very unlikely to occur w/in an encrypted value.£ confcryptinitial file state confcryptedits confcrypt%new file, with edits applied in-place‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤ž›œ˜™š“”•–—Ž‘’‹Œ‰Š‡ˆŸ ¡¢£¤ Safe$&',79=>?@ACPkr¥ÆÇÈÉÊËÌÍÎ  !"##$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^__`abbcdefghiijklmnopqqrstuvwxyz{|}~€‚ƒ„…†‡ˆ‰Š‹‹ŒŒŽ‘’““”•–——˜™™š›œžŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¼½¿ÀÁÂÃÄÅÀÆÇÀÈɹÊËÌÍÎÏ Ð Ñ Ò Ó Ô Õ Ö ×Ø(confcrypt-0.1.0.3-HTKSTr1TBe1BmQ6kc05ZmiConfCrypt.TypesConfCrypt.Providers.AWSConfCrypt.ParserConfCrypt.EncryptionConfCrypt.DefaultConfCrypt.ValidationConfCrypt.Commands ConfcryptParser ConfCrypt ValidationPaths_confcryptKMSKeyLocalKey SchemaTypeCStringCIntCBoolean LineNumberSchemasNamesType ParamLinepNamepValue Parameter paramName paramValue paramTypeConfCryptElement SchemaLine CommentLine ParameterLinecText ConfCryptFilefileName fileContents parametersConfCryptError ParserError NonRSAKeyKeyUnpackingErrorDecryptionErrorAWSDecryptionErrorAWSEncryptionErrorEncryptionError MissingLineUnknownParameterWrongFileAction CleanupError ConfCryptMtypeToOutputStringparameterToLines isParameter unWrapSchema $fOrdError$fOrdConfCryptElement$fEqConfCryptElement$fShowConfCryptError$fGenericConfCryptError$fEqConfCryptError$fOrdConfCryptError $fEqParamLine$fOrdParamLine$fShowParamLine$fGenericParamLine$fNFDataParamLine$fEqLineNumber$fOrdLineNumber$fShowLineNumber$fGenericLineNumber$fNFDataLineNumber$fEqSchemaType$fOrdSchemaType$fShowSchemaType$fGenericSchemaType$fNFDataSchemaType$fReadSchemaType $fEqSchema $fOrdSchema $fShowSchema$fGenericSchema$fNFDataSchema$fShowConfCryptElement$fGenericConfCryptElement$fNFDataConfCryptElement $fEqParameter$fOrdParameter$fShowParameter$fGenericParameter$fNFDataParameter$fShowConfCryptFile$fGenericConfCryptFile$fNFDataConfCryptFileAWSCtxenvkmsKeyKMSKeyIdkeyId loadAwsCtx $fHasEnv(,)$fShowKMSKeyId $fEqKMSKeyIdparseConfCrypt RemoteKey MonadEncrypt encryptValue MonadDecrypt decryptValue Encrypted KeyProjectionprojectTextKey loadRSAKeyunpackPrivateRSAKeyrenderEncrypted$fKMSKeyAWSCtx$fMonadRandomExceptT$fMonadRandomReaderT$fLocalKeyPrivateKey$fLocalKeyPublicKey$fKeyProjectionPrivateKey$fKeyProjectionPublicKey$fMonadDecryptmTextKey$fMonadDecryptmPrivateKey$fMonadEncryptmTextKey$fMonadEncryptmPublicKey$fMonadEncryptReaderTRemoteKey$fMonadDecryptReaderTRemoteKey $fEqEncrypted$fShowEncrypted defaultConfemptyConfCryptFile defaultLines runAllRulesparameterTypesMatchSchemalogMissingSchemaslogMissingParameters NewConfCryptValidateConfCryptDeleteConfCryptdName EditConfCrypteNameeValueeType AddConfCryptaNameaValueaType GetConfCryptgName ReadConfCryptCommandevaluate FileActionAddEditRemovegenNewFileStatewriteFullContentsToBuffer$fCommandReadConfCryptReaderT$fCommandGetConfCryptReaderT$fCommandAddConfCryptReaderT$fCommandEditConfCryptReaderT$fCommandDeleteConfCryptReaderT!$fCommandValidateConfCryptReaderT$fCommandNewConfCryptReaderT$fEqGetConfCrypt$fReadGetConfCrypt$fShowGetConfCrypt$fGenericGetConfCrypt$fEqAddConfCrypt$fReadAddConfCrypt$fShowAddConfCrypt$fGenericAddConfCrypt$fEqEditConfCrypt$fReadEditConfCrypt$fShowEditConfCrypt$fGenericEditConfCrypt$fEqDeleteConfCrypt$fReadDeleteConfCrypt$fShowDeleteConfCrypt$fGenericDeleteConfCryptbaseGHC.BaseStringghc-prim GHC.TypesIntBooltransformers-0.5.5.0Control.Monad.Trans.ReaderReaderT&resourcet-1.2.2-6aHFYK7cYsT6IDIL0wEb5U%Control.Monad.Trans.Resource.Internal ResourceTControl.Monad.Trans.Writer.LazyWriterTControl.Monad.Trans.ExceptExceptTGHC.ShowShow%amazonka-1.6.0-KzJpaKqE4prLM1DRXETsH7Network.AWS.EnvEnvwrapEncryptedValueversion getBinDir getLibDir getDynLibDir getDataDir getLibexecDir getSysconfDirgetDataFileName