sftpgo/kms/vault.go

52 lines
955 B
Go
Raw Normal View History

// +build !novaultkms
2020-11-30 20:46:34 +00:00
package kms
import (
// we import hashivault here to be able to disable Vault support using a build tag
_ "gocloud.dev/secrets/hashivault"
"github.com/drakkan/sftpgo/version"
2020-11-30 20:46:34 +00:00
)
type vaultSecret struct {
baseGCloudSecret
}
func init() {
version.AddFeature("+vaultkms")
}
2020-11-30 20:46:34 +00:00
func newVaultSecret(base baseSecret, url, masterKey string) SecretProvider {
return &vaultSecret{
baseGCloudSecret{
baseSecret: base,
url: url,
masterKey: masterKey,
},
}
}
func (s *vaultSecret) Name() string {
return vaultProviderName
}
func (s *vaultSecret) IsEncrypted() bool {
return s.Status == SecretStatusVaultTransit
}
func (s *vaultSecret) Encrypt() error {
if err := s.baseGCloudSecret.Encrypt(); err != nil {
return err
}
s.Status = SecretStatusVaultTransit
return nil
}
func (s *vaultSecret) Decrypt() error {
if !s.IsEncrypted() {
return errWrongSecretStatus
}
return s.baseGCloudSecret.Decrypt()
}