Pariah Cybersecurity Wiki
DataHandler
Functions
DataHandler.Accounts
DataHandler.AccountsWithSessions
DataHandler.DataEncryptions
DataHandler.DataRequest
DataHandler.DeviceIdentifier
DataHandler.JSONDataHandler
DataHandler.SaltAndHashing
DataHandler.SecretManager
DataHandler
Example Class Used Throughout Examples
Welcome To Pariah Cybersecurity

DataHandler.SecretManager

Handles the creation, reading, deletion overall management of secret vaults.

Types

PublicKeyFile

Represents a reference to an encrypted secret file.

  • Fields:

    • string SecretName (internal set): Logical name of the secret.
    • string SecretPath (internal set): Encrypted path to the secret file.

  • Constructor:

    PublicKeyFile(string secretName, string secretPath)

PublicKeyFileInit

Used to initialize a new secret entry when creating a bank.

  • Fields:

    • string SecretName (internal set): Logical name of the secret.
    • SecureData Value (internal set): Initial secret value.
    • SecureData? SecretPath (internal set): Optional custom directory path.

  • Constructor:
    PublicKeyFileInit(string secretName, SecureData? secretPath, SecureData value)

Methods

CreateBank(string BankDirectory, string BankName, List? PublicKeys, string? PublicDecryptKey)

Creates a “bank” JSON file listing public secrets, and optionally initializes individual secret files.

  • Parameters:

    • BankDirectory: Folder in which to store the bank JSON.
    • BankName: Name of the bank (JSON filename without extension).
    • PublicKeys: Optional list of initial secrets to create.
    • PublicDecryptKey: Optional decryption key (defaults to board serial).

  • Returns: Task

  • Exceptions:

    • Exception if bank already exists or on any file I/O error.

CheckIfBankExists(string BankDirectory, string BankName)

Checks for the existence of the bank JSON file.

  • Parameters:

    • BankDirectory
    • BankName

  • Returns: Task — true if the bank file exists.

GetPublicSecret(string BankDirectory, string BankName, string PublicSecretName, string? PublicDecryptKey, string? SecretDecryptKey)

Retrieves and decrypts a public secret value from a bank.

  • Parameters:

    • BankDirectory, BankName
    • PublicSecretName: Logical name of the secret to retrieve.
    • PublicDecryptKey: Key to decrypt the bank index (defaults to board serial).
    • SecretDecryptKey: Key to decrypt the individual secret (defaults to same as public key).

  • Returns: Task — Decrypted secret value.

  • Exceptions:

    • Exception if secret not found or on decryption errors.

GetSecretRound(string BankDirectory, string BankName, string PublicSecretName, string? PublicDecryptKey)

Reads the “Pneumentations” (rotation count) for a public secret.

  • Parameters: Same as GetPublicSecret minus SecretDecryptKey.

  • Returns: Task — Current rotation count.

AddPublicSecret(string BankDirectory, string BankName, PublicKeyFileInit PublicSecret, string? PublicDecryptKey)

Adds a new secret to an existing bank, creating its file and encrypting its initial value.

  • Parameters:

    • PublicSecret: Initialization data for the new secret.
    • Others as in CreateBank.

  • Returns: Task

DeletePublicSecret(string BankDirectory, string BankName, string PublicSecretName, string? PublicDecryptKey)

Removes a secret entry from both the bank JSON and deletes its file.

  • Parameters:

    • PublicSecretName
    • Others as in GetPublicSecret

  • Returns: Task

GetAllSecretNames(string BankDirectory, string BankName, string? PublicDecryptKey)

Lists all logical secret names in the bank.

  • Returns: Task<List>

RotateSecret(string BankDirectory, string BankName, string PublicSecretName, string? salt, string? PublicDecryptKey, string? newSalt)

Rotates (re-hashes) a secret’s value, updates its “Pneumentations” count, and writes back.

  • Parameters:

    • salt: Existing salt or key for rotation.
    • newSalt: If provided, resets the salt and count.
    • Others as in GetPublicSecret

  • Returns: Task — New rotated secret.

MigratePublicSecrets(string BankDirectory, string BankName, Dictionary<string,(SecureData? OldPassword, SecureData? NewPassword, string NewPath)> secretMigrations, string newBankDirPath, string? NewFileDirectoryPath, SecureData OldPublicDecryptKey, SecureData? NewPublicDecryptKey)

WIP — Re-encrypts and/or moves existing secrets to a new bank directory with optional password/key changes.

  • Parameters:

    • secretMigrations: Map of secret names to old/new key pairs and new file locations.
    • newBankDirPath, NewFileDirectoryPath
    • OldPublicDecryptKey, NewPublicDecryptKey

  • Returns: Task

  • Notes: Not production-ready; use with caution.

Table Of Contents
DataHandler.SecretManager
Types
PublicKeyFile
PublicKeyFileInit
Methods
CreateBank(string BankDirectory, string BankName, List? PublicKeys, string? PublicDecryptKey)
CheckIfBankExists(string BankDirectory, string BankName)
GetPublicSecret(string BankDirectory, string BankName, string PublicSecretName, string? PublicDecryptKey, string? SecretDecryptKey)
GetSecretRound(string BankDirectory, string BankName, string PublicSecretName, string? PublicDecryptKey)
AddPublicSecret(string BankDirectory, string BankName, PublicKeyFileInit PublicSecret, string? PublicDecryptKey)
DeletePublicSecret(string BankDirectory, string BankName, string PublicSecretName, string? PublicDecryptKey)
GetAllSecretNames(string BankDirectory, string BankName, string? PublicDecryptKey)
RotateSecret(string BankDirectory, string BankName, string PublicSecretName, string? salt, string? PublicDecryptKey, string? newSalt)
MigratePublicSecrets(string BankDirectory, string BankName, Dictionary<string,(SecureData? OldPassword, SecureData? NewPassword, string NewPath)> secretMigrations, string newBankDirPath, string? NewFileDirectoryPath, SecureData OldPublicDecryptKey, SecureData? NewPublicDecryptKey)