ex0dus-0x / microkv Goto Github PK

Seems that the type parameter K is not actually used in exists. The compiler cannot infer the type for K, so I must add an explicit type annotation in order to call exists.

We should consider phasing out secstr for our own "secured memory" implementation, with full support for other primitives for isolating memory pages to support different OSes:

• Linux - typical support for mlock and zeroing, but also thinking MFD_SECRET_*, as posed here to further isolate sensitive memory from kernel space and even cache. Have not seen a merge upstream to a new revision yet, but interesting to think about.

• macOS - mlock again, but also potentially pushing support for Secure Enclave storage, which will requiring signing rather than our current symmetric encryption.

• Windows - CryptProtectMemory and SecureZeroMemory for explicit zeroing.

Backing to other native "keyring" implementations (Credential Manager, macOS Keychain) are also interesting and provides security and isolation for free(-ish).

Finish up the client implementation to support spawning a microkv service. Incorporate Dockerfile if necessary.

Thank you for creating this awesome project. The only issue I have is that the current state of the read and write lock are lacking helper functions to be useful. I see the following main issues:

1. microkv uses bincode serialization, when only having the IndexMap (e.g., read or write lock) users would have to do the serialization + encryption themselves
2. making matters worse, external encryption part cannot rely on the stored secret as it is private. So users would need to store it in a second place
3. formatting the namespace strings is private, so users cannot access them and need to build them in the closure themselves (which is not very nice)

I propose we extend the index map in such a way that we have helper functions (that are also used internally by the namespaces). With them, users can use them inside a lock like this

db.lock_write(|mut kv| {
    kv.kv_put(db, "namespace", "key", 1);
}

I created a PR that serves as a proposal to discuss a a possible direction we could go to solve this problem (#15). If this is the way we want to go, I can extend it to the remaining useful functions and we can merge the PR.

I would love to hear your opinion on this issue.

Demonstrate how we can implement some type of consensus, ideally with Raft with microkv. This should work with the CLI application that is currently being implemented, and should demonstrate how the minimal API can be incorporated well within a distributed systems context.

Besides using strong symmetric encryption for cold storage, we could also use threshold-based techniques to try to shard the database for some type of distribution.

The only use of _value is to pass a reference to bincode::serialize. Thus, _value should be of type &V instead of V. The way it is now: if your caller has only a reference then you force your caller to make an unnecessary clone into _value in order to call put.

Right now I'm struggling with opening a database that doesn't end with .kv. I propose to create a new function like

pub fn open_with_path<S: AsRef<str>>(path_to_kv: PathBuf) -> Result<Self>

For example, path to KV can be /home/user/path/dontcare/keyvaluestore.my. This will result in a more generic way of opening the kv store and easier way to pass the path argument from a file selector (for example).