mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-09-19 17:50:00 +00:00
94e0b746df
* Initial support for google service account keys * Add vendor for vault and encryption * Add change for PR comment * Add doc and improvement fo public key management * adding waiter for compatibility with issue google/google-api-go-client#234 * improvement * Add test with pgp_key * Perform doc anf format * remove test if public_key exists * Add link on doc * correct pr
41 lines
1.3 KiB
Go
41 lines
1.3 KiB
Go
package encryption
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"fmt"
|
|
"strings"
|
|
|
|
"github.com/hashicorp/errwrap"
|
|
"github.com/hashicorp/vault/helper/pgpkeys"
|
|
)
|
|
|
|
// RetrieveGPGKey returns the PGP key specified as the pgpKey parameter, or queries
|
|
// the public key from the keybase service if the parameter is a keybase username
|
|
// prefixed with the phrase "keybase:"
|
|
func RetrieveGPGKey(pgpKey string) (string, error) {
|
|
const keybasePrefix = "keybase:"
|
|
|
|
encryptionKey := pgpKey
|
|
if strings.HasPrefix(pgpKey, keybasePrefix) {
|
|
publicKeys, err := pgpkeys.FetchKeybasePubkeys([]string{pgpKey})
|
|
if err != nil {
|
|
return "", errwrap.Wrapf(fmt.Sprintf("Error retrieving Public Key for %s: {{err}}", pgpKey), err)
|
|
}
|
|
encryptionKey = publicKeys[pgpKey]
|
|
}
|
|
|
|
return encryptionKey, nil
|
|
}
|
|
|
|
// EncryptValue encrypts the given value with the given encryption key. Description
|
|
// should be set such that errors return a meaningful user-facing response.
|
|
func EncryptValue(encryptionKey, value, description string) (string, string, error) {
|
|
fingerprints, encryptedValue, err :=
|
|
pgpkeys.EncryptShares([][]byte{[]byte(value)}, []string{encryptionKey})
|
|
if err != nil {
|
|
return "", "", errwrap.Wrapf(fmt.Sprintf("Error encrypting %s: {{err}}", description), err)
|
|
}
|
|
|
|
return fingerprints[0], base64.StdEncoding.EncodeToString(encryptedValue[0]), nil
|
|
}
|