(ctx context.Context)
| 171 | } |
| 172 | |
| 173 | func (key *MasterKey) ensureKeyHasVersion(ctx context.Context) error { |
| 174 | if key.Version != "" { |
| 175 | // Nothing to do |
| 176 | return nil |
| 177 | } |
| 178 | |
| 179 | token, err := key.getTokenCredential() |
| 180 | |
| 181 | if err != nil { |
| 182 | log.WithFields(logrus.Fields{"key": key.Name, "version": key.Version}).Info("Encryption failed") |
| 183 | return fmt.Errorf("failed to get Azure token credential to retrieve key version: %w", err) |
| 184 | } |
| 185 | |
| 186 | c, err := azkeys.NewClient(key.VaultURL, token, key.clientOptions) |
| 187 | if err != nil { |
| 188 | log.WithFields(logrus.Fields{"key": key.Name, "version": key.Version}).Info("Encryption failed") |
| 189 | return fmt.Errorf("failed to construct Azure Key Vault client to retrieve key version: %w", err) |
| 190 | } |
| 191 | |
| 192 | kdetail, err := c.GetKey(ctx, key.Name, key.Version, nil) |
| 193 | if err != nil { |
| 194 | log.WithFields(logrus.Fields{"key": key.Name, "version": key.Version}).Info("Encryption failed") |
| 195 | return fmt.Errorf("failed to fetch Azure Key to retrieve key version: %w", err) |
| 196 | } |
| 197 | key.Version = kdetail.Key.KID.Version() |
| 198 | |
| 199 | log.WithFields(logrus.Fields{"key": key.Name, "version": key.Version}).Info("Version fetch succeeded") |
| 200 | return nil |
| 201 | } |
| 202 | |
| 203 | // EncryptContext takes a SOPS data key, encrypts it with Azure Key Vault, and stores |
| 204 | // the result in the EncryptedKey field. |
no test coverage detected