Use hmac-sha256 for protecting secrets in audit entries

2025-10-31 18:48:08 +00:00 · 2015-09-19 11:29:31 -04:00
parent 49ec196016
commit 743e7f99b6
2 changed files with 8 additions and 5 deletions
--- a/audit/hashstructure_test.go
+++ b/audit/hashstructure_test.go
@@ -140,10 +140,14 @@ func TestHash(t *testing.T) {
 		},
 	}

-	localSalt, err := salt.NewSalt(nil, &salt.Config{
-		HMAC:       sha256.New,
-		HMACType:   "hmac-sha256",
-		StaticSalt: "foo",
+	inmemStorage := &logical.InmemStorage{}
+	inmemStorage.Put(&logical.StorageEntry{
+		Key:   "salt",
+		Value: []byte("foo"),
+	})
+	localSalt, err := salt.NewSalt(inmemStorage, &salt.Config{
+		HMAC:     sha256.New,
+		HMACType: "hmac-sha256",
 	})
 	if err != nil {
 		t.Fatalf("Error instantiating salt: %s", err)
--- a/vault/audit.go
+++ b/vault/audit.go
@@ -207,7 +207,6 @@ func (c *Core) newAuditBackend(t string, view logical.Storage, conf map[string]s
 		return nil, fmt.Errorf("unknown backend type: %s", t)
 	}
 	salter, err := salt.NewSalt(view, &salt.Config{
-		HashFunc: salt.SHA256Hash,
 		HMAC:     sha256.New,
 		HMACType: "hmac-sha256",
 	})