Lib.rs

FilesystemStreambed
#secret-store #encryption #streambed #edge #autonomous #systems #confidant

streambed-confidant

Confidant is a small library that implements a file-system-based secret store

by Christopher Hunt and 2 contributors

6 releases

0.11.1 Sep 13, 2024
0.11.0 Aug 16, 2024
0.10.2 Aug 13, 2024
0.9.1 Oct 18, 2023

#940 in Filesystem

24 downloads per month
Used in streambed-confidant-cli

Apache-2.0

54KB
901 lines

confidant

Confidant is a small library that implements a file-system-based secret store function for autonomous systems that often live at the edge of a wider network.

Confidant implements the Streambed secret store API and stored secrets are encrypted.

An quick introduction

Nothing beats code for a quick introduction! Here is an example of writing a secret and retrieving it. Please refer to the various tests for more complete examples.

// Let's set up the correct permissions for where all secrets will live
fs::set_permissions(&confidant_dir, PermissionsExt::from_mode(0o700))
    .await
    .unwrap();

let ss = FileSecretStore::new(
    confidant_dir.clone(),
    &[0; crypto::KEY_SIZE], // A key to encrypt the stored secrets with
    Duration::from_secs(1), // Timeout for unauthorized secrets before we try again
    10, // The number of secrets we cache
    None, // A data field to be used to indicate a TTL - if any
);

let mut data = HashMap::new();
data.insert("key".to_string(), "value".to_string());
let data = SecretData { data };

// Write the secret out.
assert!(ss.create_secret("some.secret", data.clone()).await.is_ok());

// Read the secret
assert!(ss.get_secret("some.secret").await.unwrap().is_some());

Why confidant?

The primary functional use-cases of confidant are:

  • retrieve and store a user's secrets (user meaning operating system user); and
  • share secrets with other users.

The primary operational use-cases of confidant are:

  • to be hosted by resource-constrained devices, typically with less than 128MiB memory and 8GB of storage.

What is confidant?

No networking

Confidant has no notion of what a network is and relies on the file system along with operating system permissions

No authentication or authorization

...over and above what the operating system provides.

The Vault model

Confidant is modelled with the same concepts as Hashicorp Vault. Services using confidant may therefore lend themselves to portability toward Vault.

How is confidant implemented?

Confidant is implemented as a library avoiding the need for a server process. Please note that we had no requirements to serve Windows and wanted to leverage Unix file permissions explicitly. When a secret is written is to written with the same mode as the directory given to Confidant when instantiated. This then ensures that the same permissions, including ACLs, are passed to each secret file.

The file system is used to store secrets and the host operating system permissions, including users, groups and ACLs, are leverage. Tokio is used for file read/write operations so that any stalled operations permit other tasks to continue running. Postcard is used for serialization as it is able to conveniently represent in-memory structures and is optimized for resource-constrained targets.

A TTL cache is maintained so that IO is minimized for those secrets that are often retrieved.

When should you not use confidant

When you have Hashicorp Vault.

Dependencies

~8–16MB
~199K SLoC