-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/
-- | Please see the README on GitHub at
-- https://github.com/CollegeVine/confcrypt#readme
@package confcrypt
@version 0.2.3.0
-- | Core types and some small helper functions used to construct
-- ConfCrypt.
module ConfCrypt.Types
-- | The core transformer stack for ConfCrypt. The most important parts are
-- the ReaderT and ResourceT, as ExceptT can be
-- replaced with explicit return type.
type ConfCryptM m ctx = ReaderT (ConfCryptFile, ctx) (ExceptT ConfCryptError (ResourceT m))
-- | The possible errors produced during a confcrypt operation.
data ConfCryptError
ParserError :: Text -> ConfCryptError
NonRSAKey :: ConfCryptError
KeyUnpackingError :: Text -> ConfCryptError
DecryptionError :: Text -> ConfCryptError
AWSDecryptionError :: Text -> ConfCryptError
AWSEncryptionError :: Text -> ConfCryptError
EncryptionError :: Error -> ConfCryptError
MissingLine :: Text -> ConfCryptError
UnknownParameter :: Text -> ConfCryptError
WrongFileAction :: Text -> ConfCryptError
CleanupError :: Text -> ConfCryptError
-- | As indicated in the Readme, a ConfCrypt file
data ConfCryptFile
ConfCryptFile :: Text -> Map ConfCryptElement LineNumber -> [Parameter] -> ConfCryptFile
[fileName] :: ConfCryptFile -> Text
[fileContents] :: ConfCryptFile -> Map ConfCryptElement LineNumber
[parameters] :: ConfCryptFile -> [Parameter]
-- | A parameter consists of both a ParamLine and Schema line
-- from the confcr
data Parameter
Parameter :: Text -> Text -> Maybe SchemaType -> Parameter
[paramName] :: Parameter -> Text
[paramValue] :: Parameter -> Text
[paramType] :: Parameter -> Maybe SchemaType
-- | The syntax used to describe a confcrypt file. A line in a confcrypt
-- file may be one of Schema, ParamLine, or comment. The
-- grammar itself is described in the readme and Parser.
data ConfCryptElement
SchemaLine :: Schema -> ConfCryptElement
CommentLine :: Text -> ConfCryptElement
[cText] :: ConfCryptElement -> Text
ParameterLine :: ParamLine -> ConfCryptElement
-- | Self explanitory
newtype LineNumber
LineNumber :: Int -> LineNumber
-- | Indicates which types a
data SchemaType
-- | Maps to String
CString :: SchemaType
-- | Maps to Int
CInt :: SchemaType
-- | Maps to Bool
CBoolean :: SchemaType
-- | A parsed parameter line from a confcrypt file
data ParamLine
ParamLine :: Text -> Text -> ParamLine
[pName] :: ParamLine -> Text
[pValue] :: ParamLine -> Text
-- | A parsed schema line from a confcrypt file
data Schema
Schema :: Text -> SchemaType -> Schema
[sName] :: Schema -> Text
[sType] :: Schema -> SchemaType
-- | This constraint provides a type-level check that the wrapped key type
-- is local to the current machine. For use with things like RSA keys.
class LocalKey key
-- | This constraint provides a type-level check that the wrapped key type
-- exists off-system inside an externally provided Key Management System
-- (KMS). For use with AWS KMS or Azure KMS.
class KMSKey key
-- | Attempts to unwrap a line from a confcrypt file into a Schema
unWrapSchema :: ConfCryptElement -> Maybe Schema
-- | Checks whether the provided line from a confcrypt file is a
-- Parameter
isParameter :: ConfCryptElement -> Bool
-- | A special purpose Show function for convert
typeToOutputString :: SchemaType -> Text
-- | Convert a parameter into a ParameterLine and SchemaLine
-- if possible.
parameterToLines :: Parameter -> (ParamLine, Maybe Schema)
instance Control.DeepSeq.NFData ConfCrypt.Types.ConfCryptFile
instance GHC.Generics.Generic ConfCrypt.Types.ConfCryptFile
instance GHC.Show.Show ConfCrypt.Types.ConfCryptFile
instance Control.DeepSeq.NFData ConfCrypt.Types.Parameter
instance GHC.Generics.Generic ConfCrypt.Types.Parameter
instance GHC.Show.Show ConfCrypt.Types.Parameter
instance GHC.Classes.Ord ConfCrypt.Types.Parameter
instance GHC.Classes.Eq ConfCrypt.Types.Parameter
instance Control.DeepSeq.NFData ConfCrypt.Types.ConfCryptElement
instance GHC.Generics.Generic ConfCrypt.Types.ConfCryptElement
instance GHC.Show.Show ConfCrypt.Types.ConfCryptElement
instance Control.DeepSeq.NFData ConfCrypt.Types.Schema
instance GHC.Generics.Generic ConfCrypt.Types.Schema
instance GHC.Show.Show ConfCrypt.Types.Schema
instance GHC.Classes.Ord ConfCrypt.Types.Schema
instance GHC.Classes.Eq ConfCrypt.Types.Schema
instance GHC.Read.Read ConfCrypt.Types.SchemaType
instance Control.DeepSeq.NFData ConfCrypt.Types.SchemaType
instance GHC.Generics.Generic ConfCrypt.Types.SchemaType
instance GHC.Show.Show ConfCrypt.Types.SchemaType
instance GHC.Classes.Ord ConfCrypt.Types.SchemaType
instance GHC.Classes.Eq ConfCrypt.Types.SchemaType
instance Control.DeepSeq.NFData ConfCrypt.Types.LineNumber
instance GHC.Generics.Generic ConfCrypt.Types.LineNumber
instance GHC.Show.Show ConfCrypt.Types.LineNumber
instance GHC.Classes.Ord ConfCrypt.Types.LineNumber
instance GHC.Classes.Eq ConfCrypt.Types.LineNumber
instance Control.DeepSeq.NFData ConfCrypt.Types.ParamLine
instance GHC.Generics.Generic ConfCrypt.Types.ParamLine
instance GHC.Show.Show ConfCrypt.Types.ParamLine
instance GHC.Classes.Ord ConfCrypt.Types.ParamLine
instance GHC.Classes.Eq ConfCrypt.Types.ParamLine
instance GHC.Classes.Ord ConfCrypt.Types.ConfCryptError
instance GHC.Classes.Eq ConfCrypt.Types.ConfCryptError
instance GHC.Generics.Generic ConfCrypt.Types.ConfCryptError
instance GHC.Show.Show ConfCrypt.Types.ConfCryptError
instance GHC.Classes.Eq ConfCrypt.Types.ConfCryptElement
instance GHC.Classes.Ord ConfCrypt.Types.ConfCryptElement
instance GHC.Classes.Ord Crypto.PubKey.RSA.Types.Error
module ConfCrypt.Providers.AWS
-- | Confcrypt reqires the pair of KMSKeyId and Env to run
-- any operations in an AWS context.
data AWSCtx
AWSCtx :: Env -> KMSKeyId -> AWSCtx
[env] :: AWSCtx -> Env
[kmsKey] :: AWSCtx -> KMSKeyId
-- | Wraps a KMS key id. For more on KMS keys, see
-- https://docs.aws.amazon.com/kms/latest/developerguide/crypto-intro.html
newtype KMSKeyId
KMSKeyId :: Text -> KMSKeyId
[keyId] :: KMSKeyId -> Text
-- | Load the AWSCtx. It first checks for configuration in
-- environment variables, then a local config file. The discovery logic
-- is described in AWs
loadAwsCtx :: (MonadIO m, MonadCatch m) => KMSKeyId -> m AWSCtx
instance GHC.Classes.Eq ConfCrypt.Providers.AWS.KMSKeyId
instance GHC.Show.Show ConfCrypt.Providers.AWS.KMSKeyId
instance Network.AWS.Env.HasEnv (ConfCrypt.Types.ConfCryptFile, ConfCrypt.Providers.AWS.AWSCtx)
module ConfCrypt.Parser
-- | Duplicates are removed by virtue of using a Map. This means
-- the behavior for having duplciate parameter names is officially
-- undefined, but as implemented the last parameter read will be
-- preserved. DO NOT RELY ON THIS BEHAVIOR!
parseConfCrypt :: FilePath -> Text -> Either ConfCryptError ConfCryptFile
-- | This exposes the interface and instances for handling
-- encryption/decryption. The interface for each operation is
-- intentionally split.
module ConfCrypt.Encryption
-- | This class provides the ability to extract specific parts of a keypair
-- from a given RSA KeyPair
class KeyProjection key
project :: KeyProjection key => KeyPair -> key
-- | Represents the textual contents of any key stored on the local machine
data TextKey key
[TextKey] :: LocalKey key => key -> TextKey key
-- | Represents a KMS key remotely managed by a third party service
-- provider.
data RemoteKey key
[RemoteKey] :: KMSKey key => key -> RemoteKey key
data Encrypted
renderEncrypted :: Encrypted -> Text
-- | The interface for encrypting a value is simply a function from a key +
-- plaintext -> ciphertext.
class (Monad m, MonadError ConfCryptError m) => MonadEncrypt m k
-- | Encrypts a value and either returns the ciphertext or throws a
-- ConfCryptError
encryptValue :: MonadEncrypt m k => k -> Text -> m Text
-- | Decrypts an encrypted block of text
class (Monad m, MonadError ConfCryptError m) => MonadDecrypt m k
-- | Given a key and some encrypted ciphertext, returns either the
-- decrypted plaintext or raises a ConfCryptError
decryptValue :: MonadDecrypt m k => k -> Text -> m Text
-- | Given a file on disk that contains the textual representation of an
-- RSA private key (as generated by openssh or ssh-keygen), extract the
-- key from the file and project it into the type of key required.
loadRSAKey :: (MonadIO m, Monad m, MonadError ConfCryptError m, KeyProjection key) => FilePath -> m key
-- | A private function to actually unpack the RSA key. Only used for
-- testing
unpackPrivateRSAKey :: MonadError ConfCryptError m => ByteString -> m KeyPair
instance GHC.Show.Show ConfCrypt.Encryption.Encrypted
instance GHC.Classes.Eq ConfCrypt.Encryption.Encrypted
instance ConfCrypt.Encryption.MonadDecrypt (ConfCrypt.Types.ConfCryptM GHC.Types.IO (ConfCrypt.Encryption.RemoteKey ConfCrypt.Providers.AWS.AWSCtx)) (ConfCrypt.Encryption.RemoteKey ConfCrypt.Providers.AWS.AWSCtx)
instance ConfCrypt.Encryption.MonadEncrypt (ConfCrypt.Types.ConfCryptM GHC.Types.IO (ConfCrypt.Encryption.RemoteKey ConfCrypt.Providers.AWS.AWSCtx)) (ConfCrypt.Encryption.RemoteKey ConfCrypt.Providers.AWS.AWSCtx)
instance (GHC.Base.Monad m, Crypto.Random.Types.MonadRandom m, Control.Monad.Error.Class.MonadError ConfCrypt.Types.ConfCryptError m) => ConfCrypt.Encryption.MonadEncrypt m Crypto.PubKey.RSA.Types.PublicKey
instance (Crypto.Random.Types.MonadRandom m, Control.Monad.Error.Class.MonadError ConfCrypt.Types.ConfCryptError m, GHC.Base.Monad m) => ConfCrypt.Encryption.MonadEncrypt m (ConfCrypt.Encryption.TextKey Crypto.PubKey.RSA.Types.PublicKey)
instance (GHC.Base.Monad m, Control.Monad.Error.Class.MonadError ConfCrypt.Types.ConfCryptError m) => ConfCrypt.Encryption.MonadDecrypt m Crypto.PubKey.RSA.Types.PrivateKey
instance (Control.Monad.Error.Class.MonadError ConfCrypt.Types.ConfCryptError m, GHC.Base.Monad m) => ConfCrypt.Encryption.MonadDecrypt m (ConfCrypt.Encryption.TextKey Crypto.PubKey.RSA.Types.PrivateKey)
instance ConfCrypt.Encryption.KeyProjection Crypto.PubKey.RSA.Types.PublicKey
instance ConfCrypt.Encryption.KeyProjection Crypto.PubKey.RSA.Types.PrivateKey
instance ConfCrypt.Types.LocalKey Crypto.PubKey.RSA.Types.PublicKey
instance ConfCrypt.Types.LocalKey Crypto.PubKey.RSA.Types.PrivateKey
instance Crypto.Random.Types.MonadRandom m => Crypto.Random.Types.MonadRandom (ConfCrypt.Types.ConfCryptM m k)
instance Crypto.Random.Types.MonadRandom m => Crypto.Random.Types.MonadRandom (Control.Monad.Trans.Except.ExceptT e m)
instance ConfCrypt.Types.KMSKey ConfCrypt.Providers.AWS.AWSCtx
module ConfCrypt.Default
-- | Printed out on request as an example or starting point for new users.
defaultConf :: Text
-- | Extracts the plaintext from defaultConf into a populated config
defaultLines :: ConfCryptFile
-- | The standard empty config
emptyConfCryptFile :: ConfCryptFile
module ConfCrypt.Validation
-- | Apply all validation rules, accumulating the errors across rules.
runAllRules :: (Monad m, MonadDecrypt m key, MonadReader (ConfCryptFile, key) m) => m [Text]
-- | For each (Schema, Parameter) pair, confirm that the parameter's value
-- type matches the schema.
parameterTypesMatchSchema :: (Monad m, MonadDecrypt m key) => key -> ConfCryptFile -> m [Text]
-- | Raise an error if there are parameters without a schema
logMissingSchemas :: Monad m => ConfCryptFile -> m [Text]
-- | Raise an error if there are schema without a parameter
logMissingParameters :: Monad m => ConfCryptFile -> m [Text]
module ConfCrypt.Commands
-- | All confcrypt commands can be generalized into an evaluate
-- call. In reality, instances likely need to provide some environment,
-- although that's not required as everything could be contained as
-- record fields of the command argument itself.
class Monad m => Command a m
evaluate :: Command a m => a -> m [Text]
-- | Read and return the full contents of an encrypted file. Provides
-- support for using a local RSA key or an externl KMS service
data ReadConfCrypt
ReadConfCrypt :: ReadConfCrypt
-- | Used to get the decrypted value of a single encrypted config parameter
data GetConfCrypt
GetConfCrypt :: Text -> GetConfCrypt
[gName] :: GetConfCrypt -> Text
-- | Used to add a new config parameter to the file
data AddConfCrypt
AddConfCrypt :: Text -> Text -> SchemaType -> AddConfCrypt
[aName] :: AddConfCrypt -> Text
[aValue] :: AddConfCrypt -> Text
[aType] :: AddConfCrypt -> SchemaType
-- | Modify the value or type of a parameter in-place. This should result
-- in a diff touching only the impacted lines. Very important that this
-- property holds to make reviews easier.
data EditConfCrypt
EditConfCrypt :: Text -> Text -> SchemaType -> EditConfCrypt
[eName] :: EditConfCrypt -> Text
[eValue] :: EditConfCrypt -> Text
[eType] :: EditConfCrypt -> SchemaType
-- | Removes a particular parameter and schema from the config file. This
-- does not require an encryption key because the lines may simply be
-- deleted based on the parameter name.
data DeleteConfCrypt
DeleteConfCrypt :: Text -> DeleteConfCrypt
[dName] :: DeleteConfCrypt -> Text
-- | Run all of the rules in Validation on this file.
data ValidateConfCrypt
ValidateConfCrypt :: ValidateConfCrypt
-- | Dumps the contents of defaultLines to the output buffer. This
-- is the same example config used in the readme.
data NewConfCrypt
NewConfCrypt :: NewConfCrypt
-- | Commands may perform one of the following operations to a line of a
-- confcrypt file
data FileAction
Add :: FileAction
Edit :: FileAction
Remove :: FileAction
-- | Given a known file state and some edits, apply the edits and produce
-- the new file contents
genNewFileState :: (Monad m, MonadError ConfCryptError m) => Map ConfCryptElement LineNumber -> [(ConfCryptElement, FileAction)] -> m (Map ConfCryptElement LineNumber)
-- | Writes the provided ConfCryptFile (provided as a Map) to the
-- output buffer in line-number order. This allows for producing an
-- easily diffable output and makes in-place edits easy to spot in source
-- control diffs.
writeFullContentsToBuffer :: Monad m => Bool -> Map ConfCryptElement LineNumber -> m [Text]
instance GHC.Generics.Generic ConfCrypt.Commands.DeleteConfCrypt
instance GHC.Show.Show ConfCrypt.Commands.DeleteConfCrypt
instance GHC.Read.Read ConfCrypt.Commands.DeleteConfCrypt
instance GHC.Classes.Eq ConfCrypt.Commands.DeleteConfCrypt
instance GHC.Generics.Generic ConfCrypt.Commands.EditConfCrypt
instance GHC.Show.Show ConfCrypt.Commands.EditConfCrypt
instance GHC.Read.Read ConfCrypt.Commands.EditConfCrypt
instance GHC.Classes.Eq ConfCrypt.Commands.EditConfCrypt
instance GHC.Generics.Generic ConfCrypt.Commands.AddConfCrypt
instance GHC.Show.Show ConfCrypt.Commands.AddConfCrypt
instance GHC.Read.Read ConfCrypt.Commands.AddConfCrypt
instance GHC.Classes.Eq ConfCrypt.Commands.AddConfCrypt
instance GHC.Generics.Generic ConfCrypt.Commands.GetConfCrypt
instance GHC.Show.Show ConfCrypt.Commands.GetConfCrypt
instance GHC.Read.Read ConfCrypt.Commands.GetConfCrypt
instance GHC.Classes.Eq ConfCrypt.Commands.GetConfCrypt
instance GHC.Base.Monad m => ConfCrypt.Commands.Command ConfCrypt.Commands.NewConfCrypt (ConfCrypt.Types.ConfCryptM m ())
instance (GHC.Base.Monad m, ConfCrypt.Encryption.MonadDecrypt (ConfCrypt.Types.ConfCryptM m key) key) => ConfCrypt.Commands.Command ConfCrypt.Commands.ValidateConfCrypt (ConfCrypt.Types.ConfCryptM m key)
instance GHC.Base.Monad m => ConfCrypt.Commands.Command ConfCrypt.Commands.DeleteConfCrypt (ConfCrypt.Types.ConfCryptM m ())
instance (GHC.Base.Monad m, Crypto.Random.Types.MonadRandom m, ConfCrypt.Encryption.MonadEncrypt (ConfCrypt.Types.ConfCryptM m key) key) => ConfCrypt.Commands.Command ConfCrypt.Commands.EditConfCrypt (ConfCrypt.Types.ConfCryptM m key)
instance (GHC.Base.Monad m, Crypto.Random.Types.MonadRandom m, ConfCrypt.Encryption.MonadEncrypt (ConfCrypt.Types.ConfCryptM m key) key) => ConfCrypt.Commands.Command ConfCrypt.Commands.AddConfCrypt (ConfCrypt.Types.ConfCryptM m key)
instance (GHC.Base.Monad m, ConfCrypt.Encryption.MonadDecrypt (ConfCrypt.Types.ConfCryptM m key) key) => ConfCrypt.Commands.Command ConfCrypt.Commands.GetConfCrypt (ConfCrypt.Types.ConfCryptM m key)
instance (GHC.Base.Monad m, ConfCrypt.Encryption.MonadDecrypt (ConfCrypt.Types.ConfCryptM m key) key) => ConfCrypt.Commands.Command ConfCrypt.Commands.ReadConfCrypt (ConfCrypt.Types.ConfCryptM m key)