Display whether escrowed secret is newly created or not

[aysiu]

Details of PR

This obviously isn't necessary for core functionality, but it is just more interesting information to get back when escrowing a key (is it a new key, or are you just escrowing the old one again?).

Testing Done

First time escrowing returns true for newly_created:

NAMEOFHOST:~$ curl -d "serial=ACTUALSERIALNUMB&secret_type=recovery_key&recovery_password=NEWRECOVERYKEY2&username=ACTUALUSERNAME"  http://localhost:8000/checkin/
{"serial": "ACTUALSERIALNUMB", "username": "ACTUALUSERNAME", "rotation_required": false, "newly_created": true}

Subsequent escrows return false:

NAMEOFHOST:~$ curl -d "serial=ACTUALSERIALNUMB&secret_type=recovery_key&recovery_password=NEWRECOVERYKEY2&username=ACTUALUSERNAME"  http://localhost:8000/checkin/
{"serial": "ACTUALSERIALNUMB", "username": "ACTUALUSERNAME", "rotation_required": false, "newly_created": false}
NAMEOFHOST:~$ curl -d "serial=ACTUALSERIALNUMB&secret_type=recovery_key&recovery_password=NEWRECOVERYKEY2&username=ACTUALUSERNAME"  http://localhost:8000/checkin/
{"serial": "ACTUALSERIALNUMB", "username": "ACTUALUSERNAME", "rotation_required": false, "newly_created": false}

Same happens for another key:

NAMEOFHOST:~$ curl -d "serial=ACTUALSERIALNUMB&secret_type=recovery_key&recovery_password=NEWRECOVERYKEY3&username=ACTUALUSERNAME"  http://localhost:8000/checkin/
{"serial": "ACTUALSERIALNUMB", "username": "ACTUALUSERNAME", "rotation_required": false, "newly_created": true}
NAMEOFHOST:~$ curl -d "serial=ACTUALSERIALNUMB&secret_type=recovery_key&recovery_password=NEWRECOVERYKEY3&username=ACTUALUSERNAME"  http://localhost:8000/checkin/
{"serial": "ACTUALSERIALNUMB", "username": "ACTUALUSERNAME", "rotation_required": false, "newly_created": false}

In total, only two key entries:

[grahamgilbert]

I like the idea, but I don’t love the key name you’ve chosen. What is newly created? I’d suggest secret_saved instead.

[aysiu]

I like the idea, but I don’t love the key name you’ve chosen. What is newly created? I’d suggest secret_saved instead.

Good point. I hear what you're saying, but I think secret_saved could potentially alarm people who think the secrets aren't being saved. Yes, technically, if it's an existing secret, it won't be re-saved, but I can see new users of Crypt perhaps panicking that secret_saved: false means their Crypt setup is broken somehow.

What do you think about new_secret_added or new_secret_escrowed?

[grahamgilbert]

Either of those seem reasonable to me.

[aysiu]

Thanks! Just pushed another commit.

Testing Done...

First curl says it's a new secret escrowed...

NAMEOFHOST:~$ curl -d "serial=ACTUALSERIALNUMB&secret_type=recovery_key&recovery_password=NEWRECOVERYKEY4&username=ACTUALUSERNAME"  http://localhost:8000/checkin/
{"serial": "ACTUALSERIALNUMB", "username": "ACTUALUSERNAME", "rotation_required": false, "new_secret_escrowed": true}

Subsequent curls say it's not a new secret escrowed:

NAMEOFHOST:~$ curl -d "serial=ACTUALSERIALNUMB&secret_type=recovery_key&recovery_password=NEWRECOVERYKEY4&username=ACTUALUSERNAME"  http://localhost:8000/checkin/
{"serial": "ACTUALSERIALNUMB", "username": "ACTUALUSERNAME", "rotation_required": false, "new_secret_escrowed": false}
NAMEOFHOST:~$ curl -d "serial=ACTUALSERIALNUMB&secret_type=recovery_key&recovery_password=NEWRECOVERYKEY4&username=ACTUALUSERNAME"  http://localhost:8000/checkin/
{"serial": "ACTUALSERIALNUMB", "username": "ACTUALUSERNAME", "rotation_required": false, "new_secret_escrowed": false}