Table Of Contents

Previous topic

6.2. Logging

Next topic

6.4. LDAPServer

6.3. CredentialStore

The CredentialStore service implements retrieving and decrypting of credentials from a configured local credential store.

6.3.1. Configuration example

[credential_store]
# Name of the local credential store configured in SPS for hosting sensitive
# configuration data. For more information, read the "Store sensitive
# plugin data securely" section in the documentation.
; name=<name-of-credential-store-policy-that-hosts-sensitive-data>

6.3.1.1. Acquiring a CredentialStore

from safeguard.sessions.plugin import PluginConfiguration
from safeguard.sessions.plugin import CredentialStore

class Plugin:
   def __init__(self, configuration):
       self.__config = PluginConfiguration(configuration)
       self.__cred_store = CredentialStore.from_config(self.__config)
class safeguard.sessions.plugin.credential_store.CredentialStore(database, decryptor)

The CredentialStore class represents access to a local credential store.

Do not instantiate a CredentialStore with its constructor, rather use the from_config() method.

classmethod from_config(plugin_configuration, section='credential_store', name=None)

The from_config() class method creates an instance of CredentialStore from a given plugin configuration.

Parameters:
  • plugin_configuration (PluginConfiguration) – plugin configuration object
  • section (str) – name of the section where the credential store name is stored
  • name (str) – name of the credential store policy
Returns:

credential store service instance
Return type:

CredentialStore
get_all()

The get_all() method retrieves all decrypted credentials from the credential store.

Returns:list of tuples of members (user, host, credential)
Return type:list
Raises:RequiredConfigurationSettingNotFound
get_credentials(host, user)

The get_credentials() method retrieves all the decrypted credentials for a given host and user pair.

Parameters:
  • host (str) – host name to retrieve credentials for
  • user (str) – user name to retrieve credentials for
Returns:

list of unfiltered, decrypted credentials
Return type:

list
Raises:

RequiredConfigurationSettingNotFound
get_passwords(host, user)

The get_passwords() method retrieves all the decrypted passwords for a given host and user pair.

Parameters:
  • host (str) – host name retrieve passwords for
  • user (str) – user name retrieve passwords for
Returns:

list of unfiltered, decrypted passwords
Return type:

list
Raises:

RequiredConfigurationSettingNotFound
get_keys(host, user)

The get_keys() method retrieves all the decrypted SSH Keys for a given host and user pair.

Parameters:
  • host (str) – host name retrieve SSH Keys for
  • user (str) – user name retrieve SSH Keys for
Returns:

list of unfiltered, decrypted SSH Keys
Return type:

list
Raises:

RequiredConfigurationSettingNotFound
get_certificates(host, user)

The get_certificates() method retrieves all the decrypted X509 Key for a given host and user pair.

Parameters:
  • host (str) – host name retrieve X509 Key for
  • user (str) – user name retrieve X509 Key for
Returns:

list of unfiltered, decrypted X509 Key
Return type:

list
Raises:

RequiredConfigurationSettingNotFound

6.3.2. Exceptions

exception safeguard.sessions.plugin.credential_store_exceptions.LocalCredentialStoreNotFound(credstore_name)

The LocalCredentialStoreNotFound exception is raised when the configured local credential store cannot be found.