feat: Add `AdministrativeSecretHandling`

Signed-off-by: David Runge <dvzrv@archlinux.org>

feat: Add `AdministrativeSecretHandling`
b4694b80 · David Runge · 910d0258 · b4694b80 · b4694b80
Verified Commit b4694b80 authored 3 months ago by David Runge
--- a/nethsm-config/src/config.rs
+++ b/nethsm-config/src/config.rs
@@ -1448,6 +1448,46 @@ impl Config {
    }
 }

+/// The handling of administrative secrets.
+///
+/// Administrative secrets may be handled in different ways (e.g. persistent or non-persistent).
+#[derive(Clone, Copy, Debug, Default, Deserialize, Eq, PartialEq, Serialize)]
+#[serde(rename_all = "kebab-case")]
+pub enum AdministrativeSecretHandling {
+    /// The administrative secrets are handled in a plaintext file in a non-volatile directory.
+    ///
+    /// ## Warning
+    ///
+    /// This variant should only be used in non-production test setups, as it implies the
+    /// persistence of unencrypted administrative secrets on a file system.
+    Plaintext,
+
+    /// The administrative secrets are handled in a file encrypted using [systemd-creds] in a
+    /// non-volatile directory.
+    ///
+    /// ## Warning
+    ///
+    /// This variant should only be used in non-production test setups, as it implies the
+    /// persistence of (host-specific) encrypted administrative secrets on a file system, that
+    /// could be extracted if the host is compromised.
+    ///
+    /// [systemd-creds]: https://man.archlinux.org/man/systemd-creds.1
+    SystemdCreds,
+
+    /// The administrative secrets are handled using [Shamir's Secret Sharing] (SSS).
+    ///
+    /// This variant is the default for production use, as the administrative secrets are only ever
+    /// exposed on a volatile filesystem for the time of their use.
+    /// The secrets are only made available to the system as shares of a shared secret, split using
+    /// SSS.
+    /// This way no holder of a share is aware of the administrative secrets and the system only
+    /// for as long as it needs to use the administrative secrets.
+    ///
+    /// [Shamir's Secret Sharing]: https://en.wikipedia.org/wiki/Shamir%27s_secret_sharing
+    #[default]
+    ShamirsSecretSharing,
+}
+
 /// A configuration for parallel use of connections with a set of system and NetHSM users.
 ///
 /// This configuration type is meant to be used in a read-only fashion and does not support tracking

--- a/nethsm-config/src/lib.rs
+++ b/nethsm-config/src/lib.rs
@@ -55,6 +55,7 @@ mod mapping;
 mod prompt;

 pub use config::{
+    AdministrativeSecretHandling,
    Config,
    ConfigInteractivity,
    ConfigName,