must hold lock
()
| 76 | |
| 77 | // must hold lock |
| 78 | func readSecretsFromFile() (map[string]string, error) { |
| 79 | configDir := wavebase.GetWaveConfigDir() |
| 80 | secretsPath := filepath.Join(configDir, SecretsFileName) |
| 81 | |
| 82 | encryptedData, err := os.ReadFile(secretsPath) |
| 83 | if err != nil { |
| 84 | if !os.IsNotExist(err) { |
| 85 | log.Printf("secretstore: could not read secrets file: %v\n", err) |
| 86 | } |
| 87 | if err := getLinuxStorageBackend(); err != nil { |
| 88 | log.Printf("secretstore: could not get linux storage backend: %v\n", err) |
| 89 | } |
| 90 | return make(map[string]string), nil |
| 91 | } |
| 92 | |
| 93 | rpcClient := wshclient.GetBareRpcClient() |
| 94 | ctx, cancel := context.WithTimeout(context.Background(), EncryptionTimeout*time.Millisecond) |
| 95 | defer cancel() |
| 96 | |
| 97 | decryptData := wshrpc.CommandElectronDecryptData{ |
| 98 | CipherText: string(encryptedData), |
| 99 | } |
| 100 | rpcOpts := &wshrpc.RpcOpts{ |
| 101 | Route: wshutil.ElectronRoute, |
| 102 | Timeout: EncryptionTimeout, |
| 103 | } |
| 104 | |
| 105 | result, err := wshclient.ElectronDecryptCommand(rpcClient, decryptData, rpcOpts) |
| 106 | if err != nil { |
| 107 | return nil, fmt.Errorf("failed to decrypt secrets: %w", err) |
| 108 | } |
| 109 | |
| 110 | if ctx.Err() != nil { |
| 111 | return nil, fmt.Errorf("decryption timeout: %w", ctx.Err()) |
| 112 | } |
| 113 | |
| 114 | if result.StorageBackend != "" { |
| 115 | linuxStorageBackend = result.StorageBackend |
| 116 | } |
| 117 | |
| 118 | var decryptedSecrets map[string]string |
| 119 | if err := json.Unmarshal([]byte(result.PlainText), &decryptedSecrets); err != nil { |
| 120 | return nil, fmt.Errorf("failed to parse secrets: %w", err) |
| 121 | } |
| 122 | |
| 123 | return decryptedSecrets, nil |
| 124 | } |
| 125 | |
| 126 | func initSecretStore() error { |
| 127 | lock.Lock() |
no test coverage detected