MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-07 12:52:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

support autogenerated credentials for KMS_SECRET_KEY properly (#21223)

Browse Source 
we had a chicken and egg problem with this feature even
when used with kes the credentials generation would
not work in correct sequence causing setup/deployment
disruptions.

This PR streamlines all of this properly to ensure that
this functionality works as advertised.
This commit is contained in:
Harshavardhana
2025-04-21 09:23:51 -07:00
committed by GitHub
parent e2ed696619
commit 43aa8e4259
6 changed files with 132 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
internal/kms/secret-key.go
View File

@@ -211,8 +211,11 @@ func (s secretKey) Decrypt(_ context.Context, req *DecryptRequest) ([]byte, erro
return plaintext, nil
}
func (secretKey) MAC(context.Context, *MACRequest) ([]byte, error) {
return nil, ErrNotSupported
// MAC generate hmac for the request
func (s secretKey) MAC(_ context.Context, req *MACRequest) ([]byte, error) {
mac := hmac.New(sha256.New, s.key)
mac.Write(req.Message)
return mac.Sum(make([]byte, 0, mac.Size())), nil
}
// parseCiphertext parses and converts a ciphertext into