MCPcopy
hub / github.com/getsops/sops / DecryptContext

Method DecryptContext

hcvault/keysource.go:280–302  ·  view source on GitHub ↗

DecryptContext decrypts the EncryptedKey field with Vault Transit and returns the result.

(ctx context.Context)

Source from the content-addressed store, hash-verified

278
279// DecryptContext decrypts the EncryptedKey field with Vault Transit and returns the result.
280func (key *MasterKey) DecryptContext(ctx context.Context) ([]byte, error) {
281 fullPath := key.decryptPath()
282
283 client, err := vaultClient(key.VaultAddress, key.token, key.httpClient)
284 if err != nil {
285 log.WithField("Path", fullPath).Info("Decryption failed")
286 return nil, err
287 }
288
289 secret, err := client.Logical().WriteWithContext(ctx, fullPath, decryptPayload(key.EncryptedKey))
290 if err != nil {
291 log.WithField("Path", fullPath).Info("Decryption failed")
292 return nil, fmt.Errorf("failed to decrypt sops data key from Vault transit backend '%s': %w", fullPath, err)
293 }
294 dataKey, err := dataKeyFromSecret(secret)
295 if err != nil {
296 log.WithField("Path", fullPath).Info("Decryption failed")
297 return nil, fmt.Errorf("failed to decrypt sops data key from Vault transit backend '%s': %w", fullPath, err)
298 }
299
300 log.WithField("Path", fullPath).Info("Decryption successful")
301 return dataKey, nil
302}
303
304// NeedsRotation returns whether the data key needs to be rotated or not.
305func (key *MasterKey) NeedsRotation() bool {

Callers 1

DecryptMethod · 0.95

Calls 4

decryptPathMethod · 0.95
vaultClientFunction · 0.85
decryptPayloadFunction · 0.85
dataKeyFromSecretFunction · 0.85

Tested by

no test coverage detected