Skip to content
This repository has been archived by the owner on Oct 6, 2019. It is now read-only.
Tony Cai edited this page Aug 1, 2017 · 8 revisions

Philosophy

Goldfish aims to be more than a glorified REST client. It aims to provide functionality that vault API does not easily provide. Writing scripts to manage vault seems unwieldy when they can be rolled into goldfish.

Goldfish also aims to reduce the amount of human interaction needed for root token actions. Instead of requiring unseal admins to gather and achieve a quorum, they can instead approve/reject requests in goldfish vault UI.

Persistence

Goldfish's entire persistence layer resides in vault. Goldfish stores time-sensitive information in vault wrapped tokens, and stores generic information inside its token's cubbyhole. Thus, if goldfish's memory is not compromised, the entire persistence layer is as secure as vault itself.

Auditing

Goldfish policy contains a minimal number of privileges (one transit key and one generic endpoint). This means that every action a user performs on goldfish is audit-able by virtue of vault's audit pipeline. This ensures that every activity is traceable, and that each user is no more privileged than they would be if goldfish was not active.

Packages

Goldfish uses these 3 packages primarily:

  • main: this is where server.go lives. API endpoints are declared here
  • handlers: this package defines the handler functions that the API endpoints are directed to
  • vault: this package connects handler functions to vault specific actions

Authentication Pipeline

  1. User sends token in logon http request (userpass and other methods are also supported)
  2. Goldfish verifies user's token by checking if it is valid
    • valid = user is able to lookup-self (included in default policy)
  3. If token is valid, goldfish encrypts token with transit key, and returns the cipher in response
  4. The user's browser stores the returned cipher in localStorage
  5. The user's browser will pass the cipher from localStorage as a header X-Vault-Token in future requests to goldfish
  6. Upon receiving future requests, goldfish will decrypt the cipher with transit key first, then see if the token is valid again
Clone this wiki locally