Add descriptive provisioner JWK decryption error messages

Wrap other errors in decryption process with more helpful messaging. This should help users troubleshoot misconfiguration more easily. Fixes #816
2026-01-27 10:18:34 +00:00 · 2022-02-04 17:53:58 -05:00
parent 039d2455d9
commit 11637b5793
1 changed files with 2 additions and 2 deletions
--- a/ca/provisioner.go
+++ b/ca/provisioner.go
@@ -155,11 +155,11 @@ func (p *Provisioner) SSHToken(certType, keyID string, principals []string) (str
 func decryptProvisionerJWK(encryptedKey string, password []byte) (*jose.JSONWebKey, error) {
 	enc, err := jose.ParseEncrypted(encryptedKey)
 	if err != nil {
-		return nil, err
+		return nil, errors.Wrap(err, "error parsing provisioner encrypted key")
 	}
 	data, err := enc.Decrypt(password)
 	if err != nil {
-		return nil, err
+		return nil, errors.Wrap(err, "error decrypting provisioner key with provided password")
 	}
 	jwk := new(jose.JSONWebKey)
 	if err := json.Unmarshal(data, jwk); err != nil {