NewMasterKeyFromURL takes an Azure Key Vault key URL, and returns a new MasterKey. The URL format is {vaultUrl}/keys/{keyName}/{keyVersion}.
(url string)
| 94 | // NewMasterKeyFromURL takes an Azure Key Vault key URL, and returns a new |
| 95 | // MasterKey. The URL format is {vaultUrl}/keys/{keyName}/{keyVersion}. |
| 96 | func NewMasterKeyFromURL(url string) (*MasterKey, error) { |
| 97 | url = strings.TrimSpace(url) |
| 98 | re := regexp.MustCompile("^(https://[^/]+)/keys/([^/]+)(/[^/]*)?$") |
| 99 | parts := re.FindStringSubmatch(url) |
| 100 | if len(parts) < 3 { |
| 101 | return nil, fmt.Errorf("could not parse %q into a valid Azure Key Vault MasterKey %v", url, parts) |
| 102 | } |
| 103 | // Blank key versions are supported in Azure Key Vault, as they default to the latest |
| 104 | // version of the key. We need to put the actual version in the sops metadata block though |
| 105 | var key *MasterKey |
| 106 | if len(parts[3]) > 1 { |
| 107 | key = newMasterKey(parts[1], parts[2], parts[3][1:]) |
| 108 | } else { |
| 109 | key = newMasterKey(parts[1], parts[2], "") |
| 110 | } |
| 111 | err := key.ensureKeyHasVersion(context.Background()) |
| 112 | return key, err |
| 113 | } |
| 114 | |
| 115 | // MasterKeysFromURLs takes a comma separated list of Azure Key Vault URLs, |
| 116 | // and returns a slice of new MasterKeys. |