scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-30 02:02:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Undo additions to the barrier encryption count if persisting those encryptions fails (#29506)

Browse Source 
* Undo additions to the barrier encryption count if persisting those encryptions fails

* changelog
This commit is contained in:
Scott Miller
2025-02-05 13:22:53 -06:00
committed by GitHub
parent 0c76cb83e1
commit 0a2049ca6a
2 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
changelog/29506.txt Normal file
View File

@@ -0,0 +1,3 @@
```release-note:bug
core: Fix bug when if failing to persist the barrier keyring to track encryption counts, the number of outstanding encryptions remains added to the count, overcounting encryptions.
```

2
vault/barrier_aes_gcm.go
View File

@@ -1281,6 +1281,8 @@ func (b *AESGCMBarrier) persistEncryptions(ctx context.Context) error {
newKeyring := b.keyring.Clone() newKeyring := b.keyring.Clone()
err := b.persistKeyringBestEffort(ctx, newKeyring) err := b.persistKeyringBestEffort(ctx, newKeyring)
if err != nil { if err != nil {
// because Keys are pointer addressed, we need to undo the update to the Encryption count here
activeKey.Encryptions -= uint64(newEncs)
return err return err
} }
b.UnaccountedEncryptions.Sub(newEncs) b.UnaccountedEncryptions.Sub(newEncs)