-
Notifications
You must be signed in to change notification settings - Fork 165
Home
Goldfish aims to be more than a glorified REST client. It aims to provide functionality that vault API does not easily provide. Writing scripts to manage vault seems unwieldy when they can be rolled into goldfish.
Goldfish also aims to reduce the amount of human interaction needed for root token actions. Instead of requiring unseal admins to gather and achieve a quorum, they can instead approve/reject requests in goldfish vault UI.
Goldfish's entire persistence layer resides in vault. Goldfish stores time-sensitive information in vault wrapped tokens, and stores generic information inside its token's cubbyhole. Thus, if goldfish's memory is not compromised, the entire persistence layer is as secure as vault itself.
Goldfish policy contains a minimal number of privileges (one transit key and one generic endpoint). This means that every action a user performs on goldfish is audit-able by virtue of vault's audit pipeline. This ensures that every activity is traceable, and that each user is no more privileged than they would be if goldfish was not active.
Goldfish uses these 3 packages primarily:
-
main
: this is whereserver.go
lives. API endpoints are declared here -
handlers
: this package defines the handler functions that the API endpoints are directed to -
vault
: this package connects handler functions to vault specific actions
- User sends token in logon http request (userpass and other methods are also supported)
- Goldfish verifies user's token by checking if it is valid
-
valid
= user is able to lookup-self (included in default policy)
-
- If token is valid, goldfish encrypts token with transit key, and returns the cipher in response
- The user's browser stores the returned cipher in localStorage
- The user's browser will pass the cipher from localStorage as a header
X-Vault-Token
in future requests to goldfish - Upon receiving future requests, goldfish will decrypt the cipher with transit key first, then see if the token is valid again