diff options
author | Mike Crute <mike@crute.us> | 2022-11-15 21:29:24 -0800 |
---|---|---|
committer | Mike Crute <mike@crute.us> | 2022-11-15 21:29:24 -0800 |
commit | 52c9284f03a1731d163ee8dd68fdbc31a7253cb4 (patch) | |
tree | 41e057861802a7b34819ff9314841f8332691b0d | |
parent | 6e4a03e9cac2e774208a9189a4af646e69a658a8 (diff) | |
download | golib-52c9284f03a1731d163ee8dd68fdbc31a7253cb4.tar.bz2 golib-52c9284f03a1731d163ee8dd68fdbc31a7253cb4.tar.xz golib-52c9284f03a1731d163ee8dd68fdbc31a7253cb4.zip |
vault: add support for RSA keysvault/v0.2.6
-rw-r--r-- | vault/client.go | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/vault/client.go b/vault/client.go index afc1868..bef65d4 100644 --- a/vault/client.go +++ b/vault/client.go | |||
@@ -2,6 +2,9 @@ package vault | |||
2 | 2 | ||
3 | import ( | 3 | import ( |
4 | "context" | 4 | "context" |
5 | "crypto/rsa" | ||
6 | "crypto/x509" | ||
7 | "encoding/base64" | ||
5 | "encoding/json" | 8 | "encoding/json" |
6 | "fmt" | 9 | "fmt" |
7 | "os" | 10 | "os" |
@@ -48,6 +51,37 @@ func (s *VaultSecret) VaultSecret() *VaultSecret { | |||
48 | return s | 51 | return s |
49 | } | 52 | } |
50 | 53 | ||
54 | // VaultRSAKey holds a base64 encoded RSA private key in PKCS8 format | ||
55 | // (effectively PEM encoding without the headers and line-breaks). It | ||
56 | // can decode this into a private key. | ||
57 | type VaultRSAKey struct { | ||
58 | Key string `json:"key"` | ||
59 | s *VaultSecret | ||
60 | } | ||
61 | |||
62 | func (k *VaultRSAKey) RSAPrivateKey() (*rsa.PrivateKey, error) { | ||
63 | der, err := base64.StdEncoding.DecodeString(k.Key) | ||
64 | if err != nil { | ||
65 | return nil, err | ||
66 | } | ||
67 | |||
68 | pr, err := x509.ParsePKCS8PrivateKey(der) | ||
69 | if err != nil { | ||
70 | return nil, err | ||
71 | } | ||
72 | |||
73 | pk, ok := pr.(*rsa.PrivateKey) | ||
74 | if !ok { | ||
75 | return nil, fmt.Errorf("RSAPrivateKey: parsed key is not an rsa.PrivateKey") | ||
76 | } | ||
77 | |||
78 | return pk, nil | ||
79 | } | ||
80 | |||
81 | func (k *VaultRSAKey) VaultSecret() *VaultSecret { | ||
82 | return k.s | ||
83 | } | ||
84 | |||
51 | type VaultApiKey struct { | 85 | type VaultApiKey struct { |
52 | Key string `json:"key"` | 86 | Key string `json:"key"` |
53 | s *VaultSecret | 87 | s *VaultSecret |