tongsuo-project / rustyvault Goto Github PK
View Code? Open in Web Editor NEWA rusted vault that can do many awesome secrets management stuff...
License: Apache License 2.0
A rusted vault that can do many awesome secrets management stuff...
License: Apache License 2.0
报错信息如下:
error[E0599]: no method named `tag_length` found for struct `RefMut<'_, CipherCtx>` in the current scope
--> src/storage/barrier_aes_gcm.rs:249:35
|
249 | let tag_size = cipher_ctx.tag_length();
| ^^^^^^^^^^ help: there is a method with a similar name: `set_tag_length`
error[E0599]: no method named `tag_length` found for struct `RefMut<'_, CipherCtx>` in the current scope
--> src/storage/barrier_aes_gcm.rs:290:35
|
290 | let tag_size = cipher_ctx.tag_length();
| ^^^^^^^^^^ help: there is a method with a similar name: `set_tag_length`
For more information about this error, try `rustc --explain E0599`.
error: could not compile `rusty_vault` due to 2 previous errors
环境版本:
rustc 1.69.0 (84c898d65 2023-04-16)
Cargo.lock
中,openssl
的版本是:
155 [[package]]
156 name = "openssl"
157 version = "0.10.59"
158 source = "registry+https://github.com/rust-lang/crates.io-index"
159 checksum = "7a257ad03cd8fb16ad4172fedf8094451e1af1c4b70097636ef2eac9a5f0cc33"
测试过1.72
版本的rust
,也是同样的报错。
Currently, the CA of the PKI module only supports import, and needs to support the generation of root CA certificate
对于架构设计的几个想法:
Surface
可以改为 Interface
层,接口层是比较通用的说法,容易被多数人理解REST API
接口,需要有个 Daemon
存在于应用中,这个 Module
中需要画出来,当然将来也可以提供各种 PRC
调用的接口endpoint
给开发者使用Configuration Parese
是 HTTP Daemon 和 CLI 的基本功能,不必在 Interface 层表示这里涉及到一个需要明确的问题:
RustyValut
是一个应用还是一个库? 如果是一个应用,那么内部功能需要封装成crate
给上层管理层级调用
The ACL feature is not yet supported and needs to be supported
The mlock
system call family can prevent memory pages from being swapped out to disk or other long term storage. In case an adversary has the opportunity to get access to the long term storage, he or she can investigate the pages and may dig out the sensitive data in it. Using mlock
can make the sensitive data in short-term memory only and this makes it more difficult for the adversary to get access to the memory pages and even so, the adversary usually has no adequate time to get the investigation done.
In order to make RustyVault better, we decided to build a separate documentation site for RustyVault alone to display and maintain the documentation. The documentation site will be maintained in a separate /docs
directory and can be run independently.
TODO
The PKI module needs to support the generation of intermediate CA certificate
Currently, only root_token is supported, and new tokens need to be issued by password login
如题,通过增加 rust-toolchain
文件指定工具链版本,以及通过 rustfmt.toml
提供代码风格检查。这样可以帮助其他开发者快速上手项目。
rust-toolchain 示例:
nightly-2022-12-15
rustfmt.toml 示例:
edition = "2021"
condense_wildcard_suffixes = true
group_imports = "StdExternalCrate"
imports_granularity = "Crate"
license_template_path = "etc/license.template"
newline_style = "Unix"
reorder_imports = true
report_fixme = "Unnumbered"
trailing_comma = "Vertical"
use_field_init_shorthand = true
use_small_heuristics = "Max"
merge_derives = false
comment_width = 120
Currently, only local file storage is supported, and you need to support etcd storage
Modern compiler doesn't guarantee all code is executed as expected. For instance, zeroizing a piece of memory could be omitted due to optimization purpose by compilers. This will cause problems in security oriented applications like RustyVault. The sensitive data in RustyVault, for instance the encryption key for barrier usage, should be zeroized after they are dropped.
A crate called zeroize
can do this job well: https://docs.rs/zeroize/1.4.0/zeroize/index.html
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.