dataKeyFromSecret attempts to extract the data key from the data of the provided secret.
(secret *api.Secret)
| 374 | // dataKeyFromSecret attempts to extract the data key from the data of the |
| 375 | // provided secret. |
| 376 | func dataKeyFromSecret(secret *api.Secret) ([]byte, error) { |
| 377 | if secret == nil || secret.Data == nil { |
| 378 | return nil, fmt.Errorf("transit backend is empty") |
| 379 | } |
| 380 | decrypted, ok := secret.Data["plaintext"] |
| 381 | if !ok { |
| 382 | return nil, fmt.Errorf("no decrypted data") |
| 383 | } |
| 384 | plaintext, ok := decrypted.(string) |
| 385 | if !ok { |
| 386 | return nil, fmt.Errorf("decrypted plaintext data cannot be cast to string") |
| 387 | } |
| 388 | dataKey, err := base64.StdEncoding.DecodeString(plaintext) |
| 389 | if err != nil { |
| 390 | return nil, fmt.Errorf("cannot decode base64 plaintext into data key bytes") |
| 391 | } |
| 392 | return dataKey, nil |
| 393 | } |
| 394 | |
| 395 | // vaultClient returns a new Vault client, configured with the given address |
| 396 | // and token. |
no outgoing calls