2020-12-02 08:44:18 +00:00
|
|
|
// +build !nogcpkms
|
|
|
|
|
2020-11-30 20:46:34 +00:00
|
|
|
package kms
|
|
|
|
|
2020-12-02 08:44:18 +00:00
|
|
|
import (
|
|
|
|
// we import gcpkms here to be able to disable GCP KMS support using a build tag
|
|
|
|
_ "gocloud.dev/secrets/gcpkms"
|
|
|
|
|
|
|
|
"github.com/drakkan/sftpgo/version"
|
2020-11-30 20:46:34 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
type gcpSecret struct {
|
|
|
|
baseGCloudSecret
|
|
|
|
}
|
|
|
|
|
2020-12-02 08:44:18 +00:00
|
|
|
func init() {
|
|
|
|
version.AddFeature("+gcpkms")
|
|
|
|
}
|
|
|
|
|
2020-11-30 20:46:34 +00:00
|
|
|
func newGCPSecret(base baseSecret, url, masterKey string) SecretProvider {
|
|
|
|
return &gcpSecret{
|
|
|
|
baseGCloudSecret{
|
|
|
|
baseSecret: base,
|
|
|
|
url: url,
|
|
|
|
masterKey: masterKey,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *gcpSecret) Name() string {
|
|
|
|
return gcpProviderName
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *gcpSecret) IsEncrypted() bool {
|
|
|
|
return s.Status == SecretStatusGCP
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *gcpSecret) Encrypt() error {
|
|
|
|
if err := s.baseGCloudSecret.Encrypt(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
s.Status = SecretStatusGCP
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *gcpSecret) Decrypt() error {
|
|
|
|
if !s.IsEncrypted() {
|
|
|
|
return errWrongSecretStatus
|
|
|
|
}
|
|
|
|
return s.baseGCloudSecret.Decrypt()
|
|
|
|
}
|