1 use anyhow
::{bail, Error}
;
11 tools
::fs
::open_file_locked
,
16 tape_encryption_keys
::{
18 generate_tape_encryption_key
,
27 TAPE_ENCRYPTION_KEY_FINGERPRINT_SCHEMA
,
28 PROXMOX_CONFIG_DIGEST_SCHEMA
,
34 tools
::format
::as_fingerprint
,
42 description
: "The list of tape encryption keys (with config digest).",
44 items
: { type: TapeKeyMetadata }
,
47 /// List existing keys
51 mut rpcenv
: &mut dyn RpcEnvironment
,
52 ) -> Result
<Vec
<TapeKeyMetadata
>, Error
> {
54 let (key_map
, digest
) = load_key_configs()?
;
56 let mut list
= Vec
::new();
58 for (fingerprint
, item
) in key_map
{
59 list
.push(TapeKeyMetadata
{
61 fingerprint
: as_fingerprint(fingerprint
.bytes()),
65 rpcenv
["digest"] = proxmox
::tools
::digest_to_hex(&digest
).into();
74 description
: "A secret password.",
78 description
: "Password restore hint.",
85 schema
: TAPE_ENCRYPTION_KEY_FINGERPRINT_SCHEMA
,
88 /// Create a new encryption key
92 _rpcenv
: &mut dyn RpcEnvironment
93 ) -> Result
<Fingerprint
, Error
> {
95 let (key
, key_config
) = generate_tape_encryption_key(password
.as_bytes())?
;
97 let fingerprint
= key_config
.fingerprint
.clone().unwrap();
99 insert_key(key
, key_config
, hint
)?
;
110 schema
: TAPE_ENCRYPTION_KEY_FINGERPRINT_SCHEMA
,
114 schema
: PROXMOX_CONFIG_DIGEST_SCHEMA
,
119 /// Remove a encryption key from the database
121 /// Please note that you can no longer access tapes using this key.
123 fingerprint
: Fingerprint
,
124 digest
: Option
<String
>,
125 _rpcenv
: &mut dyn RpcEnvironment
,
126 ) -> Result
<(), Error
> {
128 let _lock
= open_file_locked(
130 std
::time
::Duration
::new(10, 0),
134 let (mut config_map
, expected_digest
) = load_key_configs()?
;
135 let (mut key_map
, _
) = load_keys()?
;
137 if let Some(ref digest
) = digest
{
138 let digest
= proxmox
::tools
::hex_to_digest(digest
)?
;
139 crate::tools
::detect_modified_configuration_file(&digest
, &expected_digest
)?
;
142 match config_map
.get(&fingerprint
) {
143 Some(_
) => { config_map.remove(&fingerprint); }
,
144 None
=> bail
!("tape encryption key '{}' does not exist.", fingerprint
),
146 save_key_configs(config_map
)?
;
148 key_map
.remove(&fingerprint
);
154 const ITEM_ROUTER
: Router
= Router
::new()
155 //.get(&API_METHOD_READ_KEY_METADATA)
156 //.put(&API_METHOD_UPDATE_KEY_METADATA)
157 .delete(&API_METHOD_DELETE_KEY
);
159 pub const ROUTER
: Router
= Router
::new()
160 .get(&API_METHOD_LIST_KEYS
)
161 .post(&API_METHOD_CREATE_KEY
)
162 .match_all("fingerprint", &ITEM_ROUTER
);