kms: remember if a secret was saved without a master key

So we will be able to decrypt secret stored without a master key if a such key is provided later
2025-12-08 07:10:56 +03:00 · 2020-12-01 22:18:16 +01:00
parent 940836b25b
commit 87b51a6fd5
6 changed files with 144 additions and 5 deletions
--- a/kms/kms.go
+++ b/kms/kms.go
@@ -21,6 +21,7 @@ type SecretProvider interface {
 	GetPayload() string
 	GetKey() string
 	GetAdditionalData() string
+	GetMode() int
 	SetKey(string)
 	SetAdditionalData(string)
 	SetStatus(SecretStatus)
@@ -145,6 +146,7 @@ func (s *Secret) MarshalJSON() ([]byte, error) {
 		Payload:        s.provider.GetPayload(),
 		Key:            s.provider.GetKey(),
 		AdditionalData: s.provider.GetAdditionalData(),
+		Mode:           s.provider.GetMode(),
 	})
 }

@@ -186,6 +188,7 @@ func (s *Secret) Clone() *Secret {
 		Payload:        s.provider.GetPayload(),
 		Key:            s.provider.GetKey(),
 		AdditionalData: s.provider.GetAdditionalData(),
+		Mode:           s.provider.GetMode(),
 	}
 	switch s.provider.Name() {
 	case builtinProviderName:
@@ -249,6 +252,11 @@ func (s *Secret) GetKey() string {
 	return s.provider.GetKey()
 }

+// GetMode returns the secret mode
+func (s *Secret) GetMode() int {
+	return s.provider.GetMode()
+}
+
 // SetAdditionalData sets the given additional data
 func (s *Secret) SetAdditionalData(value string) {
 	s.provider.SetAdditionalData(value)