From 210da8f70552774265b480f0eb477939b8512391 Mon Sep 17 00:00:00 2001
From: Violet Hynes <violet.hynes@hashicorp.com>
Date: Wed, 9 Oct 2024 15:43:49 -0400
Subject: [PATCH] Fix data race around static secret capability manager
 (#28653)

* Fix data race around static secret capability manager

* Actually, clone the map
---
 .../cache/static_secret_capability_manager.go                 | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/command/agentproxyshared/cache/static_secret_capability_manager.go b/command/agentproxyshared/cache/static_secret_capability_manager.go
index b4dc3b2bd0..6d5e00098d 100644
--- a/command/agentproxyshared/cache/static_secret_capability_manager.go
+++ b/command/agentproxyshared/cache/static_secret_capability_manager.go
@@ -143,8 +143,10 @@ func (sscm *StaticSecretCapabilityManager) StartRenewingCapabilities(indexToRene
 
 		capabilitiesIndex.IndexLock.RLock()
 		token := capabilitiesIndex.Token
-		indexReadablePathsMap := capabilitiesIndex.ReadablePaths
+		indexReadablePathsMap := map[string]struct{}{}
+		maps.Copy(indexReadablePathsMap, capabilitiesIndex.ReadablePaths)
 		capabilitiesIndex.IndexLock.RUnlock()
+
 		indexReadablePaths := maps.Keys(indexReadablePathsMap)
 
 		client, err := sscm.client.Clone()