encryptedKeyFromSecret attempts to extract the encrypted key from the data of the provided secret.
(secret *api.Secret)
| 349 | // encryptedKeyFromSecret attempts to extract the encrypted key from the data |
| 350 | // of the provided secret. |
| 351 | func encryptedKeyFromSecret(secret *api.Secret) (string, error) { |
| 352 | if secret == nil || secret.Data == nil { |
| 353 | return "", fmt.Errorf("transit backend is empty") |
| 354 | } |
| 355 | encrypted, ok := secret.Data["ciphertext"] |
| 356 | if !ok { |
| 357 | return "", fmt.Errorf("no encrypted data") |
| 358 | } |
| 359 | encryptedKey, ok := encrypted.(string) |
| 360 | if !ok { |
| 361 | return "", fmt.Errorf("encrypted ciphertext cannot be cast to string") |
| 362 | } |
| 363 | return encryptedKey, nil |
| 364 | } |
| 365 | |
| 366 | // decryptPayload returns the payload for a decrypt request of the |
| 367 | // encryptedKey. |
no outgoing calls