MCPcopy
hub / github.com/getsops/sops / dataKeyFromSecret

Function dataKeyFromSecret

hcvault/keysource.go:376–393  ·  view source on GitHub ↗

dataKeyFromSecret attempts to extract the data key from the data of the provided secret.

(secret *api.Secret)

Source from the content-addressed store, hash-verified

374// dataKeyFromSecret attempts to extract the data key from the data of the
375// provided secret.
376func dataKeyFromSecret(secret *api.Secret) ([]byte, error) {
377 if secret == nil || secret.Data == nil {
378 return nil, fmt.Errorf("transit backend is empty")
379 }
380 decrypted, ok := secret.Data["plaintext"]
381 if !ok {
382 return nil, fmt.Errorf("no decrypted data")
383 }
384 plaintext, ok := decrypted.(string)
385 if !ok {
386 return nil, fmt.Errorf("decrypted plaintext data cannot be cast to string")
387 }
388 dataKey, err := base64.StdEncoding.DecodeString(plaintext)
389 if err != nil {
390 return nil, fmt.Errorf("cannot decode base64 plaintext into data key bytes")
391 }
392 return dataKey, nil
393}
394
395// vaultClient returns a new Vault client, configured with the given address
396// and token.

Callers 3

DecryptContextMethod · 0.85
TestMasterKey_EncryptFunction · 0.85
Test_dataKeyFromSecretFunction · 0.85

Calls

no outgoing calls

Tested by 2

TestMasterKey_EncryptFunction · 0.68
Test_dataKeyFromSecretFunction · 0.68