Added:

- folders and secrets now being parsed into a usable format.
- Routing configured and tested for both secrets and folders
- Hierarchy of secret structure displayed in sidebar.
- Search box enhanced with new look
- Updated readme
Bug:
- Fix for username being cleared when login type set to anything other than LDAP

README.md

@@ -31,19 +31,19 @@ MIT License.
 
 ## HTTPS
 
-Encryption in transit (HTTPS) is required. These are your secrets. Don't be stupid.
+Encryption in transit (ie. HTTPS) is required. These are your secrets. Don't be stupid.
 
 
 ## Auth backends
 
 Currently LDAP, UserPass and Token auth backends are accepted. Most others are not useful for a GUI, but if you feel otherwise, submit a pull request.
 
 
-# Policies
+# Important Notes about Policies
 
 ## Secret Discovery
 
-Cryptr requires the policies associated with the token to be readable by the token. The purpose for this is to discover what secrets are available to the token. An example ACL for policy named "allsecrets" follows:
+Cryptr requires the policies associated with the token to be readable by the token. The purpose for this is to discover what secrets are available to the token. An example ACL for policy found at `sys/policy/allsecrets` would be as follows:
 
 
 ```
@@ -56,7 +56,7 @@ path "sys/policy/allsecrets" {
 }
 ```
 
-Only read permissions are advised. This policy addition is critical to discovering available secrets. Without this, there is no programatic way for Cryptr to know what secrets it may access. (Also for that matter, there is no way for a human using the CLI to discover secrets either) As such, it is highly recommended to do this for all policies. All policies without this ability will be ignored by Cryptr.
+Only the permission to `read` is advised. **NOTE: This policy addition is _critical_ to discovering available secrets.** Without this, there is no programatic way for Cryptr to know what secrets it should show the user. (Also, for that matter, there is no way for a human using the CLI to discover secrets either except for blinding attempting to `list` potential folders) As such, it is **highly** recommended to do this for all policies. All policies without this ability must, and will, be ignored by Cryptr.
 
 ## Wildcards and Secret Discovery
 
@@ -68,7 +68,7 @@ path "secret/myteam*" {
 }
 ```
 
-With this policy, a user may create secrets such as `secret/myteam-keys` or `secret/myteam/certs`. This is absolutely accepted in Cryptr. However, without an additional policy, neither Cryptr nor a human being on the CLI will be able to *discover* any of these secrets. This is because there is no containing folder upon which to execute a `list` command. The natural next step, then, would be to make an addition to the policy, as follows:
+With this policy, a user may create secrets such as `secret/myteam-keys` or `secret/myteam/certs`. This is absolutely accepted in Vault, however without an additional policy, neither Cryptr nor a human being on the CLI will be able to *discover* any of these secrets. This is because there is no containing folder upon which to execute a `list` command. The natural next step, then, would be to make an addition to the policy, as follows:
 
 ```
 path "secret/myteam*" {
@@ -80,16 +80,24 @@ path "secret/*" {
 }
 ```
 
-But this is _not_ recommended for multiple reasons (the above being one obvious reason). Noted [here](https://www.vaultproject.io/docs/concepts/policies.html#list), `list` command outputs are not filtered by policy. This means all secrets found at `secret/*` will be printed, regardless if the token has rights to use any of them in some way.
+But this is _not_ recommended for multiple reasons (the above being one obvious reason). Noted [here](https://www.vaultproject.io/docs/concepts/policies.html#list), `list` command outputs are not filtered by policy. This means all secrets found at `secret/*` will be listed, regardless if the token has rights to use any of them.
 
-As such, the recommended procedure is to set policies _based on folders_ and not on secrets. ie:
+As such, the recommended procedure for using wildcards in policies is to not use prefixes and suffixes in the path. ie:
 
 ```
+#GOOD
 path "secret/myteam/*" {
  policy = "write"
 }
-```
 
-(Notice the slash prefixing the \*, compared to the code block above) This insures that a user not only may use the secret found in this folder, but know what secrets are available too.
+#BAD
+path "secret/group*" {
+ policy = "write"
+}
+
+#BAD
+path "secret/*group" {
+ policy = "write"
+}
 
-The one exception to this recommendation is if a policy is created and applied to one secret only (no wildcard). In this case, the secret may be discovered by referencing the policy, so long as the policy complies with the above section, Policies.
+```

app/elements/elements.html

@@ -17,6 +17,7 @@
 <link rel="import" href="../bower_components/paper-item/paper-item.html">
 <link rel="import" href="../bower_components/paper-material/paper-material.html">
 <link rel="import" href="../bower_components/paper-menu/paper-menu.html">
+<link rel="import" href="../bower_components/paper-menu/paper-submenu.html">
 <link rel="import" href="../bower_components/paper-menu-button/paper-menu-button.html">
 <link rel="import" href="../bower_components/paper-scroll-header-panel/paper-scroll-header-panel.html">
 <link rel="import" href="../bower_components/paper-styles/typography.html">

app/elements/folder-structure.html

@@ -16,6 +16,7 @@
  }
  paper-menu {
  min-height: 36px;
+ padding: 0px;
  --paper-menu-selected-item: {
  color: var(--primary-color);
  }
@@ -24,7 +25,7 @@
  }
  }
  paper-menu iron-icon {
- margin-right: 20px;
+ margin-right: 10px;
  opacity: 0.54;
  }
  paper-menu a {
@@ -47,16 +48,21 @@
  }
  </style>
  <template>
- <paper-menu attr-for-selected="data-route" selected="[[route]]">
- <a data-route="all" href="{{baseUrl}}all" class="noselect">
- <iron-icon icon="folder-open"></iron-icon>
- <span>All</span>
- </a>
-
- <template is="dom-repeat" items="{{secrets}}">
- <a data-route="{{item.location}}" href="{{baseUrl}}folder/{{item.location}}" class="noselect">
- <iron-icon icon="folder-open"></iron-icon>
- <span>{{item.location}}</span>
+ <paper-menu attr-for-selected="data-route" selected="{{route}}" class="menu-content">
+ <template is="dom-repeat" items="{{secrets}}" filter="filterFolders">
+ <paper-submenu attr-for-selected="data-route" selected="{{route}}">
+ <a data-route="{{item.type}}/{{item.location}}" href="{{baseUrl}}folder/{{item.location}}" class="noselect menu-trigger" style="padding-left: {{indent}}px">
+ <iron-icon icon="folder-open"></iron-icon>
+ <span>{{item.name}}</span>
+ </a>
+ <paper-menu class="menu-content">
+ <folder-structure secrets="[[secrets]]" route="{{route}}" base-url="{{baseUrl}}" base-folder="{{item.location}}" indent="{{spacing}}"></folder-structure>
+ </paper-menu>
+ </paper-submenu>
+ </template>
+ <template is="dom-repeat" items="{{secrets}}" filter="filterSecrets">
+ <a data-route="{{item.type}}/{{item.location}}" href="{{baseUrl}}secret/{{item.location}}" class="noselect">
+ <span style="padding-left: {{indent}}px">{{item.name}}</span>
  </a>
  </template>
  </paper-menu>
@@ -69,7 +75,24 @@
  route: String,
  baseURL: String,
  secrets: Array,
- baseFolder: String
+ baseFolder: String,
+ baseUrl: String,
+ spacing: Number,
+ indent: {
+ type: Number,
+ observer: 'watchIndent'
+ }
+ },
+ watchIndent: function(){
+ this.spacing = this.indent + 20;
+ },
+ filterFolders: function(item) {
+ if (item.parent == this.baseFolder) return item.type == 'folder';
+ else return false;
+ },
+ filterSecrets: function(item) {
+ if (item.parent == this.baseFolder) return item.type == 'secret';
+ else return false;
  }
  });
  </script>

app/elements/login-form.html

@@ -302,7 +302,6 @@
  if (this.status == 'none') this.$.modal.open();
  },
  _watchSelected: function() {
- this.username = '';
  this.password = '';
  this.token = '';
  this._persistData();

app/elements/routing.html

@@ -25,7 +25,10 @@
  });
 
  page('/folder/*', function(data) {
- app.route = data.params[0];
+ app.route = 'folder/' + data.params[0];
+ });
+ page('/secret/*', function(data) {
+ app.route = 'secret/' + data.params[0];
  });
 
  page('/search', function() {

app/elements/search-box.html

@@ -13,15 +13,17 @@
  }
  </style>
  <template>
- <paper-item>
- <iron-icon icon="search" style="padding-right: 10px; -webkit-app-region: no-drag;"></iron-icon>
- <iron-a11y-keys target="[[targetsearch]]" keys="esc" on-keys-pressed="_clear"></iron-a11y-keys>
- <iron-a11y-keys target="[[targetsearch]]" keys="enter" on-keys-pressed="_enterKey"></iron-a11y-keys>
- <iron-a11y-keys target="[[targetbody]]" keys="meta+f alt+f ctrl+f" on-keys-pressed="_focusSearch"></iron-a11y-keys>
- <paper-input id="searchinput" value="{{query}}" label="Search" no-label-float class="noselect" style="-webkit-app-region: no-drag;"></paper-input>
- <!-- Todo: Make the search box expand on click to add animation -->
- <paper-icon-button id="clearbutton" icon="highlight-off" on-tap="_clear" class="noselect" style="display: none; cursor: pointer; color: #AAA; -webkit-app-region: no-drag;"></paper-input>
- </paper-item>
+ <div class="container">
+ <paper-item>
+ <iron-icon icon="search" style="padding-right: 10px; -webkit-app-region: no-drag;"></iron-icon>
+ <iron-a11y-keys target="[[targetsearch]]" keys="esc" on-keys-pressed="_clear"></iron-a11y-keys>
+ <iron-a11y-keys target="[[targetsearch]]" keys="enter" on-keys-pressed="_enterKey"></iron-a11y-keys>
+ <iron-a11y-keys target="[[targetbody]]" keys="meta+f alt+f ctrl+f" on-keys-pressed="_focusSearch"></iron-a11y-keys>
+ <paper-input id="searchinput" value="{{query}}" label="Search" no-label-float class="noselect" style="-webkit-app-region: no-drag;"></paper-input>
+ <!-- Todo: Make the search box expand on click -->
+ <paper-icon-button id="clearbutton" icon="highlight-off" on-tap="_clear" class="noselect" style="display: none; cursor: pointer; color: #AAA; -webkit-app-region: no-drag;"></paper-input>
+ </paper-item>
+ </div>
  </template>
 
  <script>

app/elements/secrets-init.html

@@ -76,7 +76,10 @@
  _addSecret: function(location) {
  var type = location.endsWith('/') ? 'folder' : 'secret';
  if (type == 'folder') {location = location.substring(0, location.length - 1);}
- var tempsecret = {location: location, value: {}, type: type}
+ var splitter = location.lastIndexOf('/');
+ var name = location.substring(splitter + 1);
+ var base = location.substring(0, splitter);
+ var tempsecret = {location: location, value: {}, type: type, parent: base, name: name}
  this.push('secrets', tempsecret);
  },
 

app/index.html

@@ -26,7 +26,7 @@
  <span class="menu-name noselect">Cryptr</span>
  </paper-toolbar>
 
- <span id="drawerMenuText" class="noselect">Home</span>
+ <span id="drawerMenuText" class="noselect">HOME</span>
  <paper-menu attr-for-selected="data-route" selected="{{route}}">
  <a data-route="home" href="{{baseUrl}}" class="noselect">
  <iron-icon icon="dashboard"></iron-icon>
@@ -40,8 +40,10 @@
  </template>
  </paper-menu>
 
- <span id="drawerMenuText" class="noselect">Folders</span>
- <folder-structure secrets="[[secrets]]" route="{{route}}" base-url="{{baseUrl}}" base-folder="/"></folder-structure>
+ <span id="drawerMenuText" class="noselect">SECRETS</span>
+ <!-- <paper-menu attr-for-selected="data-route" selected="[[route]]"> -->
+ <folder-structure secrets="[[secrets]]" route="{{route}}" base-url="{{baseUrl}}" base-folder="secret" indent="35"></folder-structure>
+ <!-- </paper-menu> -->
  </paper-scroll-header-panel>
 
  <!-- Main Area -->
@@ -66,12 +68,9 @@ <h2 class="page-title">Dashboard</h2>
  </paper-material>
  </section>
 
- <section data-route="all" style="height: 100%">
- <secrets-manager data="{{data}}"></secrets-manager>
- </section>
  <template is="dom-repeat" items="{{secrets}}">
- <section data-route="{{item.location}}" style="height: 100%">
- This is a test: {{item.location}}
+ <section data-route="{{item.type}}/{{item.location}}" style="height: 100%">
+ This is a test: {{item.type}} {{item.name}}
  </section>
  </template>
  </iron-pages>