Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-06 14:20:55 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
6d313f6d8f7c01b1ba090cb3a5920ed9a94a2883
sftpgo/kms/aws/aws.go
Nicola Murino 776dffcf12 kms: improve modularity
2021-07-13 21:17:21 +02:00

68 lines
1.3 KiB
Go
Raw Blame History

// +build !noawskms
package aws
import (
// we import awskms here to be able to disable AWS KMS support using a build tag
_ "gocloud.dev/secrets/awskms"
"github.com/drakkan/sftpgo/v2/kms"
"github.com/drakkan/sftpgo/v2/kms/gocloud"
"github.com/drakkan/sftpgo/v2/version"
)
const encryptedStatus = kms.SecretStatusAWS
type awsSecret struct {
gocloud.Secret
}
func init() {
version.AddFeature("+awskms")
kms.RegisterSecretProvider(kms.SchemeAWS, encryptedStatus, newAWSSecret)
}
func newAWSSecret(base kms.BaseSecret, url, masterKey string) kms.SecretProvider {
return &awsSecret{
gocloud.Secret{
BaseSecret: base,
URL: url,
MasterKey: masterKey,
},
}
}
func (s *awsSecret) Name() string {
return "AWS"
}
func (s *awsSecret) IsEncrypted() bool {
return s.Status == encryptedStatus
}
func (s *awsSecret) Encrypt() error {
if err := s.Secret.Encrypt(); err != nil {
return err
}
s.Status = encryptedStatus
return nil
}
func (s *awsSecret) Decrypt() error {
if !s.IsEncrypted() {
return kms.ErrWrongSecretStatus
}
return s.Secret.Decrypt()
}
func (s *awsSecret) Clone() kms.SecretProvider {
baseSecret := kms.BaseSecret{
Status: s.Status,
Payload: s.Payload,
Key: s.Key,
AdditionalData: s.AdditionalData,
Mode: s.Mode,
}
return newAWSSecret(baseSecret, s.URL, s.MasterKey)
}
Reference in New Issue View Git Blame Copy Permalink