52 lines
932 B
Go
52 lines
932 B
Go
//go:build !noawskms
|
|
// +build !noawskms
|
|
|
|
package kms
|
|
|
|
import (
|
|
// we import awskms here to be able to disable AWS KMS support using a build tag
|
|
_ "gocloud.dev/secrets/awskms"
|
|
|
|
"github.com/drakkan/sftpgo/version"
|
|
)
|
|
|
|
type awsSecret struct {
|
|
baseGCloudSecret
|
|
}
|
|
|
|
func init() {
|
|
version.AddFeature("+awskms")
|
|
}
|
|
|
|
func newAWSSecret(base baseSecret, url, masterKey string) SecretProvider {
|
|
return &awsSecret{
|
|
baseGCloudSecret{
|
|
baseSecret: base,
|
|
url: url,
|
|
masterKey: masterKey,
|
|
},
|
|
}
|
|
}
|
|
|
|
func (s *awsSecret) Name() string {
|
|
return awsProviderName
|
|
}
|
|
|
|
func (s *awsSecret) IsEncrypted() bool {
|
|
return s.Status == SecretStatusAWS
|
|
}
|
|
|
|
func (s *awsSecret) Encrypt() error {
|
|
if err := s.baseGCloudSecret.Encrypt(); err != nil {
|
|
return err
|
|
}
|
|
s.Status = SecretStatusAWS
|
|
return nil
|
|
}
|
|
|
|
func (s *awsSecret) Decrypt() error {
|
|
if !s.IsEncrypted() {
|
|
return errWrongSecretStatus
|
|
}
|
|
return s.baseGCloudSecret.Decrypt()
|
|
}
|