diff options
Diffstat (limited to 'secrets/vault_client.go')
-rw-r--r-- | secrets/vault_client.go | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/secrets/vault_client.go b/secrets/vault_client.go index b84b344..9d4b772 100644 --- a/secrets/vault_client.go +++ b/secrets/vault_client.go | |||
@@ -3,6 +3,7 @@ package secrets | |||
3 | import ( | 3 | import ( |
4 | "container/heap" | 4 | "container/heap" |
5 | "context" | 5 | "context" |
6 | "encoding/base64" | ||
6 | "encoding/json" | 7 | "encoding/json" |
7 | "errors" | 8 | "errors" |
8 | "fmt" | 9 | "fmt" |
@@ -436,6 +437,37 @@ func (c *VaultClient) WriteSecret(ctx context.Context, suffix string, in any) er | |||
436 | return nil | 437 | return nil |
437 | } | 438 | } |
438 | 439 | ||
440 | func (c *VaultClient) Encrypt(ctx context.Context, suffix string, data []byte) (string, error) { | ||
441 | s, err := c.logical.WriteWithContext( | ||
442 | ctx, | ||
443 | path.Join("transit/encrypt", suffix), | ||
444 | map[string]any{"plaintext": base64.StdEncoding.EncodeToString(data)}, | ||
445 | ) | ||
446 | if err != nil { | ||
447 | return "", fmt.Errorf("Encrypt: unable to write to vault: %w", err) | ||
448 | } | ||
449 | |||
450 | return s.Data["ciphertext"].(string), nil | ||
451 | } | ||
452 | |||
453 | func (c *VaultClient) Decrypt(ctx context.Context, suffix, data string) ([]byte, error) { | ||
454 | s, err := c.logical.WriteWithContext( | ||
455 | ctx, | ||
456 | path.Join("transit/decrypt", suffix), | ||
457 | map[string]any{"ciphertext": data}, | ||
458 | ) | ||
459 | if err != nil { | ||
460 | return nil, fmt.Errorf("Decrypt: unable to write to vault: %w", err) | ||
461 | } | ||
462 | |||
463 | d, err := base64.StdEncoding.DecodeString(s.Data["plaintext"].(string)) | ||
464 | if err != nil { | ||
465 | return nil, fmt.Errorf("Decrypt: unable to base64 decode plaintext: %w", err) | ||
466 | } | ||
467 | |||
468 | return d, nil | ||
469 | } | ||
470 | |||
439 | func (c *VaultClient) Destroy(h Handle) error { | 471 | func (c *VaultClient) Destroy(h Handle) error { |
440 | c.Lock() | 472 | c.Lock() |
441 | defer c.Unlock() | 473 | defer c.Unlock() |