MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-02-28 13:59:15 -05:00
Code Issues Packages Projects Releases Wiki Activity

vault: disable Hashicorp Vault with opt-in (#11711)

Browse Source 
This commit disables the Hashicorp Vault
support but provides a way to temp. enable
it via the `MINIO_KMS_VAULT_DEPRECATION=off`

Vault support has been deprecated long ago
and this commit just requires users to take
action if they maintain a Vault integration.
This commit is contained in:
Andreas Auernhammer 2021-03-09 09:02:35 +01:00 committed by GitHub
parent 8ecffdb7a7
commit 209fe61dcc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/crypto/config.go
View File

@ -18,6 +18,7 @@ import (
"errors"
"math/rand"
"net/http"
"os"
"reflect"
"strconv"
"strings"
@ -410,6 +411,9 @@ func NewKMS(cfg KMSConfig) (kms KMS, err error) {
} else if cfg.Vault.Enabled && cfg.Kes.Enabled {
return kms, errors.New("Ambiguous KMS configuration: vault configuration and kes configuration are provided at the same time")
} else if cfg.Vault.Enabled {
if v, ok := os.LookupEnv("MINIO_KMS_VAULT_DEPRECATION"); !ok || v != "off" { // TODO(aead): Remove once Vault support has been removed
return kms, errors.New("Hashicorp Vault is deprecated and will be removed Oct. 2021. To temporarily enable Hashicorp Vault support, set MINIO_KMS_VAULT_DEPRECATION=off")
}
kms, err = NewVault(cfg.Vault)
if err != nil {
return kms, err