introduce new package pkg/kms (#12019)

This commit introduces a new package `pkg/kms`. It contains basic types and functions to interact with various KMS implementations. This commit also moves KMS-related code from `cmd/crypto` to `pkg/kms`. Now, it is possible to implement a KMS-based config data encryption in the `pkg/config` package.
2025-11-25 12:06:10 -05:00 · 2021-04-15 17:47:33 +02:00
parent 1456f9f090
commit 885c170a64
24 changed files with 1176 additions and 274 deletions
--- a/cmd/crypto/sse-kms.go
+++ b/cmd/crypto/sse-kms.go
@@ -96,11 +96,11 @@ func (s3 ssekms) UnsealObjectKey(kms KMS, metadata map[string]string, bucket, ob
 	if _, ok := ctx[bucket]; !ok {
 		ctx[bucket] = path.Join(bucket, object)
 	}
-	unsealKey, err := kms.UnsealKey(keyID, kmsKey, ctx)
+	unsealKey, err := kms.DecryptKey(keyID, kmsKey, ctx)
 	if err != nil {
 		return key, err
 	}
-	err = key.Unseal(unsealKey, sealedKey, s3.String(), bucket, object)
+	err = key.Unseal(unsealKey[:], sealedKey, s3.String(), bucket, object)
 	return key, err
 }