MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-10 22:10:12 -05:00
Code Issues Packages Projects Releases Wiki Activity

avoid parsing MINIO_KMS_MASTER_KEY as base64 (#12149)

Browse Source 
This commit reverts a change that added support for
parsing base64-encoded keys set via `MINIO_KMS_MASTER_KEY`.

The env. variable `MINIO_KMS_MASTER_KEY` is deprecated and
should ONLY support parsing existing keys - not the new format.

Any new deployment should use `MINIO_KMS_SECRET_KEY`. The legacy
env. variable `MINIO_KMS_MASTER_KEY` will be removed at some point
in time.

Signed-off-by: Andreas Auernhammer <aead@mail.de>
This commit is contained in:
Andreas Auernhammer
2021-04-25 20:04:31 +02:00
committed by GitHub
parent 4eb9b6eaf8
commit f7feff8665
2 changed files with 14 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
cmd/common-main.go
View File

@@ -332,9 +332,6 @@ func handleCommonEnvVars() {
globalActiveCred = cred
}
if env.IsSet(config.EnvKMSSecretKey) && env.IsSet(config.EnvKESEndpoint) {
logger.Fatal(errors.New("ambigious KMS configuration"), fmt.Sprintf("The environment contains %q as well as %q", config.EnvKMSSecretKey, config.EnvKESEndpoint))
}
switch {
case env.IsSet(config.EnvKMSSecretKey) && env.IsSet(config.EnvKESEndpoint):
logger.Fatal(errors.New("ambigious KMS configuration"), fmt.Sprintf("The environment contains %q as well as %q", config.EnvKMSSecretKey, config.EnvKESEndpoint))
@@ -342,34 +339,24 @@ func handleCommonEnvVars() {
logger.Fatal(errors.New("ambigious KMS configuration"), fmt.Sprintf("The environment contains %q as well as %q", config.EnvKMSMasterKey, config.EnvKESEndpoint))
}
parseMasterKey := func(key string) error {
KMS, err := kms.Parse(env.Get(key, ""))
if err != nil {
v := strings.SplitN(env.Get(key, ""), ":", 2)
if len(v) != 2 {
return errors.New("invalid " + key)
}
secretKey, err := hex.DecodeString(v[1])
if err != nil {
return err
}
KMS, err = kms.New(v[0], secretKey)
if err != nil {
return err
}
}
GlobalKMS = KMS
return nil
}
if env.IsSet(config.EnvKMSSecretKey) {
if err = parseMasterKey(config.EnvKMSSecretKey); err != nil {
GlobalKMS, err = kms.Parse(config.EnvKMSSecretKey)
if err != nil {
logger.Fatal(err, "Unable to parse the KMS secret key inherited from the shell environment")
}
} else if env.IsSet(config.EnvKMSMasterKey) {
logger.LogIf(GlobalContext, errors.New("legacy KMS configuration"),
fmt.Sprintf("The environment variable %q is deprecated and will be removed in the future", config.EnvKMSMasterKey))
if err = parseMasterKey(config.EnvKMSMasterKey); err != nil {
logger.LogIf(GlobalContext, errors.New("legacy KMS configuration"), fmt.Sprintf("The environment variable %q is deprecated and will be removed in the future", config.EnvKMSMasterKey))
v := strings.SplitN(env.Get(config.EnvKMSMasterKey, ""), ":", 2)
if len(v) != 2 {
logger.Fatal(errors.New("invalid "+config.EnvKMSMasterKey), "Unable to parse the KMS secret key inherited from the shell environment")
}
secretKey, err := hex.DecodeString(v[1])
if err != nil {
logger.Fatal(err, "Unable to parse the KMS secret key inherited from the shell environment")
}
GlobalKMS, err = kms.New(v[0], secretKey)
if err != nil {
logger.Fatal(err, "Unable to parse the KMS secret key inherited from the shell environment")
}
}