keystore-0.6.3.1: Managing stores of secret things

Safe HaskellNone
LanguageHaskell2010

Data.KeyStore.PasswordManager

Synopsis

Documentation

data PMConfig p Source

The password manager is used for storing locally the passwords and session tokens of a single user. The password used to encode the store is stored in an environment variable and the passwords and tokens are stored in a file. The file and and environment cariable are specified in the PWConfig record. (The attributes of each password and session list, including the environment variables that they are communicated through, is statically specified with the PW class below.)

Constructors

PMConfig 

Fields

_pmc_location :: FilePath

file in which to store the encrypted passords

_pmc_env_var :: EnvVar

the environmant variable containing the master password used to secure the store

_pmc_keystore_msg :: String

error message to be used on failure to locate the keystore

_pmc_password_msg :: String

error message to be used on failure to locate the master password

_pmc_shell :: IO ()

for firing up an interactive shell on successful login

_pmc_hash_descr :: HashDescription

for generating has descriptions (can use defaultHashDescription here)

_pmc_allow_dumps :: Bool

must be true to enable dump commands

_pmc_dump_prefix :: String

the prefix string to be used in making up the commands from dump scripts

_pmc_sample_script :: Maybe String

the sample script

_pmc_plus_env_var :: PasswordName -> Maybe EnvVar

map the dynamic (plus) passwords to their environment variables

class (Bounded p, Enum p, Eq p, Ord p, Show p) => PW p where Source

The PW class provides all of the information on the bounded enumeration type used to identify the passwords

Minimal complete definition

Nothing

Methods

pwName :: p -> PasswordName Source

the name by which the password is known

parsePwName :: PasswordName -> Maybe p Source

parse a PasswordName into a p

isSession :: p -> Maybe (PasswordText -> Either String SessionDescriptor) Source

whether the passwords is a session and if so a function for extracting the session name from the secret password text

isOneShot :: p -> Bool Source

whether the password is a one-shot password, needing to be primed to be used

enVar :: p -> EnvVar Source

the environment variable where the password is expected to be found by the client/deployment scripts

summarize :: p -> String Source

a brief description of the password in a few words

describe :: p -> String Source

a description of the password

data PW_ p Source

we resort to phantom types when we have no other way of passing PW into a function (see defaultSampleScript)

Constructors

PW_ 

data SessionDescriptor Source

Constructors

SessionDescriptor 

Fields

_sd_name :: SessionName
 
_sd_isOneShot :: Bool
 

Instances

data CollectConfig p Source

the client calls collect to bind the passwords into the environment

Constructors

CollectConfig 

Fields

_cc_optional :: Bool

if True , collect will not report an error if the master password is missing

_cc_active :: [p]

the list of active passwords for this collection

defaultCollectConfig :: PW p => CollectConfig p Source

raise an error if not logged in and collect all of the passwords

data Password Source

Constructors

Password 

Fields

_pw_name :: !PasswordName
 
_pw_text :: !PasswordText
 
_pw_sessions :: !SessionMap
 
_pw_isOneShot :: !Bool
 
_pw_primed :: !Bool
 
_pw_setup :: !UTCTime
 

Instances

newtype PasswordName Source

Constructors

PasswordName 

Fields

_PasswordName :: Text
 

Instances

newtype PasswordText Source

Constructors

PasswordText 

Fields

_PasswordText :: Text
 

Instances

newtype SessionName Source

Constructors

SessionName 

Fields

_SessionName :: Text
 

Instances

newtype EnvVar Source

Constructors

EnvVar 

Fields

_EnvVar :: Text
 

Instances

passwordManager :: PW p => PMConfig p -> [String] -> IO () Source

the password manager CLI: it just needs the config and command line

defaultHashDescription :: Salt -> HashDescription Source

a sample HashDescription generator to help with setting up PMConfig

defaultSampleScript :: PW p => PW_ p -> String -> String Source

sample sample-script generator to help with setting up PMConfig

hashMasterPassword :: PW p => PMConfig p -> String -> PasswordText Source

hashing the master password to create the private key for securing the store

bindMasterPassword :: PW p => PMConfig p -> PasswordText -> IO () Source

bind the master password in the environment

setup Source

Arguments

:: PW p 
=> PMConfig p 
-> Bool

> don't fire up an interactive shell with access to the new store

-> Maybe PasswordText

the master password

-> IO () 

create an empty passowrd store; if the boolean flag is False then an interactive shell is fired up with access to the new store; if no password is specified then one is read from stdin

login :: PW p => PMConfig p -> Bool -> Maybe PasswordText -> IO () Source

launch an interactive shell with access to the password store; if the bool boolean flag is True then it will loop asking for the passwoord until the correct password is typed (or an error ocurrs, possibly from a SIGint); if no PasswordText is specified then one will be read from stdin

passwordValid :: PW p => PMConfig p -> PasswordText -> IO Bool Source

is this the correct master password?

passwordValid' :: PW p => PMConfig p -> FilePath -> PasswordText -> IO (Maybe PasswordStore) Source

is this the correct master password for this keystore? Return the decrypted keystore if so.

isStorePresent :: PW p => PMConfig p -> IO Bool Source

is the password store there?

amLoggedIn :: PW p => PMConfig p -> IO Bool Source

are we currently logged in?

isBound :: PW p => PMConfig p -> p -> Maybe SessionName -> IO Bool Source

is the password/session bound to a value in the store?

import_ :: PW p => PMConfig p -> FilePath -> Maybe PasswordText -> IO () Source

import the contents of another keystore into the current keystore

load :: PW p => PMConfig p -> p -> Maybe PasswordText -> IO () Source

loads a password into the store; if this is a session password and the boolean ss is True then the session will be reset to this password also; if no PasswordText is specified then one will be read from stdin

loadPlus :: PW p => PMConfig p -> PasswordName -> Maybe PasswordText -> IO () Source

load a dynamic password into the Password store

psComment :: PW p => PMConfig p -> PasswordStoreComment -> IO () Source

set the comment for the password store

collect :: PW p => PMConfig p -> CollectConfig p -> IO () Source

collect the available passwords listed in CollectConfig from the store and bind them in their designated environmants variables

prime :: PW p => PMConfig p -> Bool -> Maybe p -> IO () Source

prime a one-shot password so that it will be availabe on the next collection (probably for a deployment); if no password is specified then they are all primed

select :: PW p => PMConfig p -> Maybe p -> SessionName -> IO () Source

select a different session for use

deletePassword :: PW p => PMConfig p -> p -> IO () Source

delete a password from the store

deletePasswordPlus :: PW p => PMConfig p -> PasswordName -> IO () Source

delete a password from the store

deleteSession :: PW p => PMConfig p -> Maybe p -> SessionName -> IO () Source

delete a session from the store

status :: PW p => PMConfig p -> Bool -> IO () Source

print a status line; if q is True then don't output anything and exit with fail code 1 if not logged in

prompt :: PW p => PMConfig p -> IO () Source

print a status apropriate for a prompt

passwords :: PW p => PMConfig p -> Bool -> IO () Source

list the passwords, one per line; if a is set then all passwords will be listed, otherwise just the primed passwords will be listed

passwordsPlus :: PW p => PMConfig p -> Bool -> IO () Source

list all of the dynamic (+) passwords

sessions Source

Arguments

:: PW p 
=> PMConfig p 
-> Bool

list active sessions only

-> Bool

list only the session identifiers

-> Maybe p

if specified, then only the sessions on this password

-> IO () 

list the sessions, one per line; if p is specified then all of the sessions are listed for that password

infoPassword Source

Arguments

:: PW p 
=> PMConfig p 
-> Bool

True => show the password secret text

-> p

the password to show

-> IO () 

print the info, including the text descriton, for an individual passowrd

infoPassword_ :: PW p => PMConfig p -> Bool -> p -> IO Doc Source

get the info on a password

infoPasswordPlus :: PW p => PMConfig p -> Bool -> PasswordName -> IO () Source

print the info for a dynamic (+) password

infoPasswordPlus_ :: PW p => PMConfig p -> Bool -> PasswordName -> IO Doc Source

get the info on a dynamic (+) password

dump :: PW p => PMConfig p -> Bool -> IO () Source

dump the store in a s script that can be used to reload it

collectShell :: PW p => PMConfig p -> IO () Source

collect the passowrds, bthem into the environmant and launch an interacive shell

passwordManager' :: PW p => PMConfig p -> PMCommand p -> IO () Source

run a password manager command abstracy syntax command

data PMCommand p Source

the abstract syntax for the passowd manager commands

Constructors

PMCD_version 
PMCD_setup Bool (Maybe PasswordText) 
PMCD_login Bool (Maybe PasswordText) 
PMCD_import FilePath (Maybe PasswordText) 
PMCD_load p (Maybe PasswordText) 
PMCD_load_plus PasswordName (Maybe PasswordText) 
PMCD_comment PasswordStoreComment 
PMCD_prime Bool p 
PMCD_prime_all Bool 
PMCD_select (Maybe p) SessionName 
PMCD_delete_password p 
PMCD_delete_password_plus PasswordName 
PMCD_delete_session (Maybe p) SessionName 
PMCD_status Bool 
PMCD_prompt 
PMCD_passwords Bool 
PMCD_passwords_plus Bool 
PMCD_session Bool 
PMCD_sessions Bool (Maybe p) 
PMCD_info Bool p 
PMCD_info_plus Bool PasswordName 
PMCD_dump Bool 
PMCD_collect 
PMCD_sample_script 

Instances

Show p => Show (PMCommand p) 

pmCommandParser :: PW p => PMConfig p -> Parser (PMCommand p) Source