MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-07 21:02:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: allow parsing keys in both new and old format (#12144)

Browse Source 
Bonus fix fallback to decrypt previously
encrypted content as well using older master
key ciphertext format.

Signed-off-by: Harshavardhana <harsha@minio.io>
This commit is contained in:
Harshavardhana
2021-04-24 19:05:25 -07:00
committed by GitHub
parent 5d954ea228
commit f420996dfa
3 changed files with 119 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
cmd/common-main.go
View File

@@ -341,28 +341,37 @@ func handleCommonEnvVars() {
case env.IsSet(config.EnvKMSMasterKey) && env.IsSet(config.EnvKESEndpoint):
logger.Fatal(errors.New("ambigious KMS configuration"), fmt.Sprintf("The environment contains %q as well as %q", config.EnvKMSMasterKey, config.EnvKESEndpoint))
}
if env.IsSet(config.EnvKMSSecretKey) {
KMS, err := kms.Parse(env.Get(config.EnvKMSSecretKey, ""))
if err != nil {
logger.Fatal(err, "Unable to parse the KMS secret key inherited from the shell environment")
}
GlobalKMS = KMS
} else if env.IsSet(config.EnvKMSMasterKey) {
logger.LogIf(GlobalContext, errors.New("legacy KMS configuration"), fmt.Sprintf("The environment variable %q is deprecated and will be removed in the future", config.EnvKMSMasterKey))
v := strings.SplitN(env.Get(config.EnvKMSMasterKey, ""), ":", 2)
if len(v) != 2 {
logger.Fatal(errors.New("invalid "+config.EnvKMSMasterKey), "Unable to parse the KMS secret key inherited from the shell environment")
}
secretKey, err := hex.DecodeString(v[1])
parseMasterKey := func(key string) error {
KMS, err := kms.Parse(env.Get(key, ""))
if err != nil {
logger.Fatal(err, "Unable to parse the KMS secret key inherited from the shell environment")
}
KMS, err := kms.New(v[0], secretKey)
if err != nil {
logger.Fatal(err, "Unable to parse the KMS secret key inherited from the shell environment")
v := strings.SplitN(env.Get(key, ""), ":", 2)
if len(v) != 2 {
return errors.New("invalid " + key)
}
secretKey, err := hex.DecodeString(v[1])
if err != nil {
return err
}
KMS, err = kms.New(v[0], secretKey)
if err != nil {
return err
}
}
GlobalKMS = KMS
return nil
}
if env.IsSet(config.EnvKMSSecretKey) {
if err = parseMasterKey(config.EnvKMSSecretKey); err != nil {
logger.Fatal(err, "Unable to parse the KMS secret key inherited from the shell environment")
}
} else if env.IsSet(config.EnvKMSMasterKey) {
logger.LogIf(GlobalContext, errors.New("legacy KMS configuration"),
fmt.Sprintf("The environment variable %q is deprecated and will be removed in the future", config.EnvKMSMasterKey))
if err = parseMasterKey(config.EnvKMSMasterKey); err != nil {
logger.Fatal(err, "Unable to parse the KMS secret key inherited from the shell environment")
}
}
if env.IsSet(config.EnvKESEndpoint) {
kesEndpoints, err := crypto.ParseKESEndpoints(env.Get(config.EnvKESEndpoint, ""))