fix: use key.Ciphertext for DecryptKey in KeyStatus (#12313)

enhance GlobalKMS.Stat() for kes to actually perform a network call to check Version() of kes and also implicitly that its reachable.
2025-11-24 03:27:44 -05:00 · 2021-05-18 07:22:31 -07:00
parent 267f12a2a1
commit c6b7dc012a
2 changed files with 8 additions and 5 deletions
--- a/pkg/kms/kes.go
+++ b/pkg/kms/kes.go
@@ -22,6 +22,7 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"errors"
+	"time"

 	"github.com/minio/kes"
 )
@@ -79,6 +80,11 @@ var _ KMS = (*kesClient)(nil) // compiler check
 // Stat returns the current KES status containing a
 // list of KES endpoints and the default key ID.
 func (c *kesClient) Stat() (Status, error) {
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+	if _, err := c.client.Version(ctx); err != nil {
+		return Status{}, err
+	}
 	var endpoints = make([]string, len(c.client.Endpoints))
 	copy(endpoints, c.client.Endpoints)
 	return Status{