Home Explore Help
Register Sign In
Apq
/
sftpgo
mirror of https://github.com/drakkan/sftpgo.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: a67276ccc2
Branches Tags
sftpgo
/
kms
/
vault.go

vault.go 955 B
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051 
  1. // +build !novaultkms
    2. 

  2. 

  3. package kms
    4. 

  4. 

  5. import (
    6. 

  6. 	// we import hashivault here to be able to disable Vault support using a build tag
    7. 

  7. 	_ "gocloud.dev/secrets/hashivault"
    8. 

  8. 

  9. 	"github.com/drakkan/sftpgo/version"
    10. 

  10. )
    11. 

  11. 

  12. type vaultSecret struct {
    13. 

  13. 	baseGCloudSecret
    14. 

  14. }
    15. 

  15. 

  16. func init() {
    17. 

  17. 	version.AddFeature("+vaultkms")
    18. 

  18. }
    19. 

  19. 

  20. func newVaultSecret(base baseSecret, url, masterKey string) SecretProvider {
    21. 

  21. 	return &vaultSecret{
    22. 

  22. 		baseGCloudSecret{
    23. 

  23. 			baseSecret: base,
    24. 

  24. 			url:        url,
    25. 

  25. 			masterKey:  masterKey,
    26. 

  26. 		},
    27. 

  27. 	}
    28. 

  28. }
    29. 

  29. 

  30. func (s *vaultSecret) Name() string {
    31. 

  31. 	return vaultProviderName
    32. 

  32. }
    33. 

  33. 

  34. func (s *vaultSecret) IsEncrypted() bool {
    35. 

  35. 	return s.Status == SecretStatusVaultTransit
    36. 

  36. }
    37. 

  37. 

  38. func (s *vaultSecret) Encrypt() error {
    39. 

  39. 	if err := s.baseGCloudSecret.Encrypt(); err != nil {
    40. 

  40. 		return err
    41. 

  41. 	}
    42. 

  42. 	s.Status = SecretStatusVaultTransit
    43. 

  43. 	return nil
    44. 

  44. }
    45. 

  45. 

  46. func (s *vaultSecret) Decrypt() error {
    47. 

  47. 	if !s.IsEncrypted() {
    48. 

  48. 		return errWrongSecretStatus
    49. 

  49. 	}
    50. 

  50. 	return s.baseGCloudSecret.Decrypt()
    51. 

  51. }
    52.