| Copyright | (c) 2015-2016 Brendan Hay |
|---|---|
| License | Mozilla Public License, v. 2.0. |
| Maintainer | Brendan Hay <brendan.g.hay@gmail.com> |
| Stability | provisional |
| Portability | non-portable (GHC extensions) |
| Safe Haskell | None |
| Language | Haskell2010 |
Credentials.DynamoDB
Contents
Description
Provides the implementation for storage and retrieval of encrypted credentials in DynamoDB. The encryption and decryption is handled by Credentials.KMS.
See the Credentials module for usage information.
- newtype DynamoTable = DynamoTable {
- tableName :: Text
- defaultTable :: DynamoTable
- insert :: (MonadMask m, MonadAWS m, Typeable m) => KeyId -> Context -> Name -> ByteString -> DynamoTable -> m Revision
- select :: MonadAWS m => Context -> Name -> Maybe Revision -> DynamoTable -> m (ByteString, Revision)
- delete :: MonadAWS m => Name -> Revision -> DynamoTable -> m ()
- truncate :: MonadAWS m => Name -> DynamoTable -> m ()
- revisions :: MonadAWS m => DynamoTable -> Source m (Name, NonEmpty Revision)
- setup :: MonadAWS m => DynamoTable -> m Setup
- teardown :: MonadAWS m => DynamoTable -> m ()
Table
newtype DynamoTable Source
A DynamoDB table reference.
Constructors
| DynamoTable | |
Fields
| |
Instances
| Eq DynamoTable Source | |
| Ord DynamoTable Source | |
| Show DynamoTable Source | |
| ToText DynamoTable Source | |
| FromText DynamoTable Source | |
| ToLog DynamoTable Source | |
| ToByteString DynamoTable Source |
defaultTable :: DynamoTable Source
The default DynamoDB table used to store credentials.
Value: credentials
Operations
Arguments
| :: (MonadMask m, MonadAWS m, Typeable m) | |
| => KeyId | The KMS master key ARN or alias. |
| -> Context | The KMS encryption context. |
| -> Name | The credential name. |
| -> ByteString | The unencrypted plaintext. |
| -> DynamoTable | The DynamoDB table. |
| -> m Revision |
Encrypt and insert a new credential revision with the specified name.
The newly inserted revision is returned.
Arguments
| :: MonadAWS m | |
| => Context | The KMS encryption context that was used during insertion. |
| -> Name | The credential name. |
| -> Maybe Revision | A revision. If |
| -> DynamoTable | The DynamoDB table. |
| -> m (ByteString, Revision) |
Select an existing credential, optionally specifying the revision.
The decrypted plaintext and selected revision are returned.
Arguments
| :: MonadAWS m | |
| => Name | The credential name. |
| -> Revision | The revision to delete. |
| -> DynamoTable | The DynamoDB table. |
| -> m () |
Delete the specific credential revision.
Arguments
| :: MonadAWS m | |
| => Name | The credential name. |
| -> DynamoTable | The DynamoDB table. |
| -> m () |
Truncate all of a credential's revisions, so that only the latest revision remains.
Arguments
| :: MonadAWS m | |
| => DynamoTable | The DynamoDB table. |
| -> Source m (Name, NonEmpty Revision) |
Scan the entire credential database, grouping pages of results into unique credential names and their corresponding revisions.
Arguments
| :: MonadAWS m | |
| => DynamoTable | The DynamoDB table. |
| -> m Setup |
Create the credentials database table.
The returned idempotency flag can be used to notify configuration management tools such as ansible whether about system state.
teardown :: MonadAWS m => DynamoTable -> m () Source
Delete the credentials database table and all data.
Note: Unless you have DynamoDB backups running, this is a completely irrevocable action.