MCPcopy
hub / github.com/getsops/sops / decryptKey

Function decryptKey

sops.go:930–959  ·  view source on GitHub ↗

decryptKey tries to decrypt the contents of the provided MasterKey with any of the key services, returning as soon as one key service succeeds.

(key keys.MasterKey, svcs []keyservice.KeyServiceClient)

Source from the content-addressed store, hash-verified

928// decryptKey tries to decrypt the contents of the provided MasterKey with any
929// of the key services, returning as soon as one key service succeeds.
930func decryptKey(key keys.MasterKey, svcs []keyservice.KeyServiceClient) ([]byte, error) {
931 svcKey := keyservice.KeyFromMasterKey(key)
932 var part []byte
933 decryptErr := decryptKeyError{
934 keyName: key.ToString(),
935 }
936 for _, svc := range svcs {
937 // All keys in a key group encrypt the same part, so as soon
938 // as we decrypt it successfully with one key, we need to
939 // proceed with the next group
940 var err error
941 if part == nil {
942 var rsp *keyservice.DecryptResponse
943 rsp, err = svc.Decrypt(
944 context.Background(),
945 &keyservice.DecryptRequest{
946 Ciphertext: key.EncryptedDataKey(),
947 Key: &svcKey,
948 })
949 if err == nil {
950 part = rsp.Plaintext
951 }
952 }
953 decryptErr.errs = append(decryptErr.errs, err)
954 }
955 if part != nil {
956 return part, nil
957 }
958 return nil, &decryptErr
959}
960
961// GetDataKey retrieves the data key from the first MasterKey in the Metadata's KeySources that's able to return it,
962// using the local KeyService

Callers 1

decryptKeyGroupFunction · 0.85

Calls 4

KeyFromMasterKeyFunction · 0.92
ToStringMethod · 0.65
DecryptMethod · 0.65
EncryptedDataKeyMethod · 0.65

Tested by

no test coverage detected