MCPcopy Index your code
hub / github.com/getsops/sops / EncryptContext

Method EncryptContext

hckms/keysource.go:142–172  ·  view source on GitHub ↗

EncryptContext takes a SOPS data key, encrypts it with HuaweiCloud KMS and stores the result in the EncryptedKey field.

(ctx context.Context, dataKey []byte)

Source from the content-addressed store, hash-verified

140// EncryptContext takes a SOPS data key, encrypts it with HuaweiCloud KMS and stores the result
141// in the EncryptedKey field.
142func (key *MasterKey) EncryptContext(ctx context.Context, dataKey []byte) error {
143 client, err := key.createKMSClient(ctx)
144 if err != nil {
145 log.WithField("keyID", key.KeyID).Info("Encryption failed")
146 return fmt.Errorf("failed to create HuaweiCloud KMS client: %w", err)
147 }
148
149 plaintext := base64.StdEncoding.EncodeToString(dataKey)
150 encryptAlgorithm := model.GetEncryptDataRequestBodyEncryptionAlgorithmEnum().SYMMETRIC_DEFAULT
151
152 request := &model.EncryptDataRequest{
153 Body: &model.EncryptDataRequestBody{
154 KeyId: key.KeyUUID,
155 PlainText: plaintext,
156 EncryptionAlgorithm: &encryptAlgorithm,
157 },
158 }
159
160 response, err := client.EncryptData(request)
161 if err != nil {
162 log.WithField("keyID", key.KeyID).Info("Encryption failed")
163 return fmt.Errorf("failed to encrypt sops data key with HuaweiCloud KMS: %w", err)
164 }
165
166 if response.CipherText == nil {
167 return fmt.Errorf("encryption response missing ciphertext")
168 }
169 key.EncryptedKey = *response.CipherText
170 log.WithField("keyID", key.KeyID).Info("Encryption succeeded")
171 return nil
172}
173
174// EncryptIfNeeded encrypts the provided SOPS data key, if it has not been
175// encrypted yet.

Callers 1

EncryptMethod · 0.95

Calls 1

createKMSClientMethod · 0.95

Tested by

no test coverage detected