dev.enola.common.secret.auto.InsecureUnencryptedYamlFileSecretManager

All Implemented Interfaces:: SecretManager

public class InsecureUnencryptedYamlFileSecretManager extends YamlSecretManager

InsecureUnencryptedYamlFileSecretManager is a SecretManager implementation that stores secrets in an unencrypted YAML file. You should ideally really not use this in the real world. It's used by AutoSecretManager as a "fallback" for auto-configuration when no other SecretManager can be used.

As a precaution, it checks that the file permissions are set to be readable and writeable only by the user, but not their primary group, or even world (chmod 600). The implementation of this check is theoretically vulnerable to Time-of-check to time-of-use (TOCTOU) race conditions, where an attacker could change the file permissions between this check and the subsequent file read/write operation, but it is good enough for this purpose.

Method Summary

Methods inherited from class dev.enola.common.secret.yaml.YamlSecretManager
delete, load, save, store

Methods inherited from class dev.enola.common.secret.InMemorySecretManager
getAll, getOptional

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface dev.enola.common.secret.SecretManager
get

Class InsecureUnencryptedYamlFileSecretManager

Method Summary

Methods inherited from class dev.enola.common.secret.yaml.YamlSecretManager

Methods inherited from class dev.enola.common.secret.InMemorySecretManager

Methods inherited from class java.lang.Object

Methods inherited from interface dev.enola.common.secret.SecretManager