diff options
Diffstat (limited to 'lockchain-core/src/init.rs')
-rw-r--r-- | lockchain-core/src/init.rs | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/lockchain-core/src/init.rs b/lockchain-core/src/init.rs index 1880599..410974a 100644 --- a/lockchain-core/src/init.rs +++ b/lockchain-core/src/init.rs @@ -2,16 +2,31 @@ use errors::VaultError; use traits::{Body, Vault}; /// Describes the internal permission layout of a vault +/// +/// --- +/// +/// **Important Note** Because lockchain-core doesn't make assumptions about +/// about the existence of a cryptographic layer, the `UserStore` that +/// handles these secrets assumes they are **not** secret! +/// +/// This means that only already encrypted keys should be given to the +/// generator type, because they will be written to disk **as is** by +/// certain backends! +/// +/// It is in the responsibility of the library user to make sure that all +/// cryptographic operations are handled on the client side. Clear-text +/// keys that are given to a generator +/// should be considered **fully compromised** #[derive(Debug, Serialize, Deserialize, Clone)] pub enum VaultType { /// Create an all-powerful root user which can access everything Administrated { - /// Set a root password - secret: String, + /// + secret: Vec<u8>, }, /// Similar to `Administrated` /// but only allows a single-user for a vault - SoloUser { username: String, secret: String }, + SoloUser { username: String, secret: Vec<u8> }, } /// A shared initialisation generator for vaults |