d888b3e138
This patchset adds support for globally encrypted secrets. Documents with a "site" layer will be encrypted/decrypted with the standard PEGLEG_PASSPHRASE and PEGLEG_SALT environment variables. If any secrets exist for the site with a schema of "global_passphrase" or "global_salt" their values will be captured and used to decrypt any secrets that do not belong to "site" layer. If the global keys do not exist, Pegleg will default to using site keys. Expected usage: 1. Set site passphrase/salt environment variables 2. Select a global passphrase and salt 3. Use Pegleg's "wrap" command to wrap and encrypt the global keys 4. Encrypt or wrap documents with "global" layer 5. Provide Pegleg path to decrypt In the case of (4) and (5) Pegleg will determine the correct keys to use automatically Change-Id: I5de6d63573619b346fe011628ae21e053e0711f6 |
||
|---|---|---|
| .. | ||
| unit | ||
| __init__.py | ||