Table Of Contents

Previous topic

9.2. Logging

Next topic

9.4. LDAPServer

9.3. CredentialStore

The CredentialStore service implements retrieving and decrypting of credentials from a configured local credential store.

9.3.1. Configuration example

[credential_store]
# Name of the local credential store configured in SPS for hosting sensitive
# configuration data. For more information, read the "Store sensitive
# plugin data securely" section in the documentation.
; name=<name-of-credential-store-policy-that-hosts-sensitive-data>

9.3.1.1. Acquiring a CredentialStore

from safeguard.sessions.plugin import PluginConfiguration
from safeguard.sessions.plugin import CredentialStore

class Plugin:
   def __init__(self, configuration):
       self.__config = PluginConfiguration(configuration)
       self.__cred_store = CredentialStore.from_config(self.__config)
class safeguard.sessions.plugin.credential_store.CredentialStore(database, decryptor)

The CredentialStore class represents access to a local credential store.

Do not instantiate a CredentialStore with its constructor, rather use the from_config() method.

classmethod from_config(plugin_configuration, section='credential_store', name=None)

The from_config() class method creates an instance of CredentialStore from a given plugin configuration.

Parameters
  • plugin_configuration (PluginConfiguration) – plugin configuration object

  • section (str) – name of the section where the credential store name is stored

  • name (str) – name of the credential store policy

Returns

credential store service instance

Return type

CredentialStore

get_all()

The get_all() method retrieves all decrypted credentials from the credential store.

Returns

list of tuples of members (user, host, credential)

Return type

list

Raises

RequiredConfigurationSettingNotFound

get_credentials(host, user)

The get_credentials() method retrieves all the decrypted credentials for a given host and user pair.

Parameters
  • host (str) – host name to retrieve credentials for

  • user (str) – user name to retrieve credentials for

Returns

list of unfiltered, decrypted credentials

Return type

list

Raises

RequiredConfigurationSettingNotFound

get_passwords(host, user)

The get_passwords() method retrieves all the decrypted passwords for a given host and user pair.

Parameters
  • host (str) – host name retrieve passwords for

  • user (str) – user name retrieve passwords for

Returns

list of unfiltered, decrypted passwords

Return type

list

Raises

RequiredConfigurationSettingNotFound

get_keys(host, user)

The get_keys() method retrieves all the decrypted SSH Keys for a given host and user pair.

Parameters
  • host (str) – host name retrieve SSH Keys for

  • user (str) – user name retrieve SSH Keys for

Returns

list of unfiltered, decrypted SSH Keys

Return type

list

Raises

RequiredConfigurationSettingNotFound

get_certificates(host, user)

The get_certificates() method retrieves all the decrypted X509 Key for a given host and user pair.

Parameters
  • host (str) – host name retrieve X509 Key for

  • user (str) – user name retrieve X509 Key for

Returns

list of unfiltered, decrypted X509 Key

Return type

list

Raises

RequiredConfigurationSettingNotFound

9.3.2. Exceptions

exception safeguard.sessions.plugin.credential_store_exceptions.LocalCredentialStoreNotFound(credstore_name)

The LocalCredentialStoreNotFound exception is raised when the configured local credential store cannot be found.