Encrypt takes a SOPS data key, encrypts it with the Recipient, and stores the result in the EncryptedKey field.
(dataKey []byte)
| 161 | // Encrypt takes a SOPS data key, encrypts it with the Recipient, and stores |
| 162 | // the result in the EncryptedKey field. |
| 163 | func (key *MasterKey) Encrypt(dataKey []byte) error { |
| 164 | if key.parsedRecipient == nil { |
| 165 | parsedRecipient, err := parseRecipient(key.Recipient) |
| 166 | if err != nil { |
| 167 | log.WithField("recipient", key.parsedRecipient).Info("Encryption failed") |
| 168 | return err |
| 169 | } |
| 170 | key.parsedRecipient = parsedRecipient |
| 171 | } |
| 172 | |
| 173 | var buffer bytes.Buffer |
| 174 | aw := armor.NewWriter(&buffer) |
| 175 | w, err := age.Encrypt(aw, key.parsedRecipient) |
| 176 | if err != nil { |
| 177 | log.WithField("recipient", key.parsedRecipient).Info("Encryption failed") |
| 178 | return fmt.Errorf("failed to create writer for encrypting sops data key with age: %w", err) |
| 179 | } |
| 180 | if _, err := w.Write(dataKey); err != nil { |
| 181 | log.WithField("recipient", key.parsedRecipient).Info("Encryption failed") |
| 182 | return fmt.Errorf("failed to encrypt sops data key with age: %w", err) |
| 183 | } |
| 184 | if err := w.Close(); err != nil { |
| 185 | log.WithField("recipient", key.parsedRecipient).Info("Encryption failed") |
| 186 | return fmt.Errorf("failed to close writer for encrypting sops data key with age: %w", err) |
| 187 | } |
| 188 | if err := aw.Close(); err != nil { |
| 189 | log.WithField("recipient", key.parsedRecipient).Info("Encryption failed") |
| 190 | return fmt.Errorf("failed to close armored writer: %w", err) |
| 191 | } |
| 192 | |
| 193 | key.SetEncryptedDataKey(buffer.Bytes()) |
| 194 | log.WithField("recipient", key.parsedRecipient).Info("Encryption succeeded") |
| 195 | return nil |
| 196 | } |
| 197 | |
| 198 | // EncryptIfNeeded encrypts the provided SOPS data key, if it has not been |
| 199 | // encrypted yet. |