1 files changed, 32 insertions, 0 deletions
diff --git a/secrets/vault_client.go b/secrets/vault_client.go
index b84b344..9d4b772 100644
--- a/secrets/vault_client.go
+++ b/secrets/vault_client.go
@@ -3,6 +3,7 @@ package secrets
 import (
        "container/heap"
        "context"
+        "encoding/base64"
        "encoding/json"
        "errors"
        "fmt"
@@ -436,6 +437,37 @@ func (c *VaultClient) WriteSecret(ctx context.Context, suffix string, in any) er
        return nil
 }
+func (c *VaultClient) Encrypt(ctx context.Context, suffix string, data []byte) (string, error) {
+        s, err := c.logical.WriteWithContext(
+                ctx,
+                path.Join("transit/encrypt", suffix),
+                map[string]any{"plaintext": base64.StdEncoding.EncodeToString(data)},
+        )
+        if err != nil {
+                return "", fmt.Errorf("Encrypt: unable to write to vault: %w", err)
+        }
+        return s.Data["ciphertext"].(string), nil
+}
+func (c *VaultClient) Decrypt(ctx context.Context, suffix, data string) ([]byte, error) {
+        s, err := c.logical.WriteWithContext(
+                ctx,
+                path.Join("transit/decrypt", suffix),
+                map[string]any{"ciphertext": data},
+        )
+        if err != nil {
+                return nil, fmt.Errorf("Decrypt: unable to write to vault: %w", err)
+        }
+        d, err := base64.StdEncoding.DecodeString(s.Data["plaintext"].(string))
+        if err != nil {
+                return nil, fmt.Errorf("Decrypt: unable to base64 decode plaintext: %w", err)
+        }
+        return d, nil
+}
 func (c *VaultClient) Destroy(h Handle) error {
        c.Lock()
        defer c.Unlock()

diff --git a/secrets/vault_client.go b/secrets/vault_client.go index b84b344..9d4b772 100644 --- a/secrets/vault_client.go +++ b/secrets/vault_client.go
@@ -3,6 +3,7 @@ package secrets
3	import (	3	import (
4	"container/heap"	4	"container/heap"
5	"context"	5	"context"
		6	"encoding/base64"
6	"encoding/json"	7	"encoding/json"
7	"errors"	8	"errors"
8	"fmt"	9	"fmt"
@@ -436,6 +437,37 @@ func (c *VaultClient) WriteSecret(ctx context.Context, suffix string, in any) er
436	return nil	437	return nil
437	}	438	}
438		439
		440	func (c *VaultClient) Encrypt(ctx context.Context, suffix string, data []byte) (string, error) {
		441	s, err := c.logical.WriteWithContext(
		442	ctx,
		443	path.Join("transit/encrypt", suffix),
		444	map[string]any{"plaintext": base64.StdEncoding.EncodeToString(data)},
		445	)
		446	if err != nil {
		447	return "", fmt.Errorf("Encrypt: unable to write to vault: %w", err)
		448	}
		449
		450	return s.Data["ciphertext"].(string), nil
		451	}
		452
		453	func (c *VaultClient) Decrypt(ctx context.Context, suffix, data string) ([]byte, error) {
		454	s, err := c.logical.WriteWithContext(
		455	ctx,
		456	path.Join("transit/decrypt", suffix),
		457	map[string]any{"ciphertext": data},
		458	)
		459	if err != nil {
		460	return nil, fmt.Errorf("Decrypt: unable to write to vault: %w", err)
		461	}
		462
		463	d, err := base64.StdEncoding.DecodeString(s.Data["plaintext"].(string))
		464	if err != nil {
		465	return nil, fmt.Errorf("Decrypt: unable to base64 decode plaintext: %w", err)
		466	}
		467
		468	return d, nil
		469	}
		470
439	func (c *VaultClient) Destroy(h Handle) error {	471	func (c *VaultClient) Destroy(h Handle) error {
440	c.Lock()	472	c.Lock()
441	defer c.Unlock()	473	defer c.Unlock()