MCPcopy Index your code
hub / github.com/getsops/sops / createKMSConfig

Method createKMSConfig

kms/keysource.go:392–423  ·  view source on GitHub ↗

createKMSConfig returns an AWS config with the credentialsProvider of the MasterKey, or the default configuration sources.

(ctx context.Context)

Source from the content-addressed store, hash-verified

390// createKMSConfig returns an AWS config with the credentialsProvider of the
391// MasterKey, or the default configuration sources.
392func (key MasterKey) createKMSConfig(ctx context.Context) (*aws.Config, error) {
393 re := regexp.MustCompile(arnRegex)
394 matches := re.FindStringSubmatch(key.Arn)
395 if matches == nil {
396 return nil, fmt.Errorf("no valid ARN found in '%s'", key.Arn)
397 }
398 region := matches[1]
399
400 cfg, err := config.LoadDefaultConfig(ctx, func(lo *config.LoadOptions) error {
401 // Use the credentialsProvider if present, otherwise default to reading credentials
402 // from the environment.
403 if key.credentialsProvider != nil {
404 lo.Credentials = key.credentialsProvider
405 }
406 if key.AwsProfile != "" {
407 lo.SharedConfigProfile = key.AwsProfile
408 }
409 lo.Region = region
410 if key.httpClient != nil {
411 lo.HTTPClient = key.httpClient
412 }
413 return nil
414 })
415 if err != nil {
416 return nil, fmt.Errorf("could not load AWS config: %w", err)
417 }
418
419 if key.Role != "" {
420 return key.createSTSConfig(ctx, &cfg)
421 }
422 return &cfg, nil
423}
424
425// createClient creates a new AWS KMS client with the provided config.
426func (key MasterKey) createClient(config *aws.Config) *kms.Client {

Callers 4

EncryptContextMethod · 0.95
DecryptContextMethod · 0.95
createTestKMSClientFunction · 0.80

Calls 1

createSTSConfigMethod · 0.95

Tested by 2

createTestKMSClientFunction · 0.64