EncryptContext takes a SOPS data key, encrypts it with HuaweiCloud KMS and stores the result in the EncryptedKey field.
(ctx context.Context, dataKey []byte)
| 140 | // EncryptContext takes a SOPS data key, encrypts it with HuaweiCloud KMS and stores the result |
| 141 | // in the EncryptedKey field. |
| 142 | func (key *MasterKey) EncryptContext(ctx context.Context, dataKey []byte) error { |
| 143 | client, err := key.createKMSClient(ctx) |
| 144 | if err != nil { |
| 145 | log.WithField("keyID", key.KeyID).Info("Encryption failed") |
| 146 | return fmt.Errorf("failed to create HuaweiCloud KMS client: %w", err) |
| 147 | } |
| 148 | |
| 149 | plaintext := base64.StdEncoding.EncodeToString(dataKey) |
| 150 | encryptAlgorithm := model.GetEncryptDataRequestBodyEncryptionAlgorithmEnum().SYMMETRIC_DEFAULT |
| 151 | |
| 152 | request := &model.EncryptDataRequest{ |
| 153 | Body: &model.EncryptDataRequestBody{ |
| 154 | KeyId: key.KeyUUID, |
| 155 | PlainText: plaintext, |
| 156 | EncryptionAlgorithm: &encryptAlgorithm, |
| 157 | }, |
| 158 | } |
| 159 | |
| 160 | response, err := client.EncryptData(request) |
| 161 | if err != nil { |
| 162 | log.WithField("keyID", key.KeyID).Info("Encryption failed") |
| 163 | return fmt.Errorf("failed to encrypt sops data key with HuaweiCloud KMS: %w", err) |
| 164 | } |
| 165 | |
| 166 | if response.CipherText == nil { |
| 167 | return fmt.Errorf("encryption response missing ciphertext") |
| 168 | } |
| 169 | key.EncryptedKey = *response.CipherText |
| 170 | log.WithField("keyID", key.KeyID).Info("Encryption succeeded") |
| 171 | return nil |
| 172 | } |
| 173 | |
| 174 | // EncryptIfNeeded encrypts the provided SOPS data key, if it has not been |
| 175 | // encrypted yet. |
no test coverage detected