mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-11-02 11:38:02 +00:00
SealInterface
This commit is contained in:
Jeff Mitchell
@@ -4,6 +4,7 @@ import (
|
||||
"encoding/hex"
|
||||
"net/http"
|
||||
|
||||
"github.com/hashicorp/errwrap"
|
||||
"github.com/hashicorp/vault/vault"
|
||||
)
|
||||
|
||||
@@ -41,14 +42,28 @@ func handleSysInitPut(core *vault.Core, w http.ResponseWriter, r *http.Request)
|
||||
}
|
||||
|
||||
// Initialize
|
||||
result, err := core.Initialize(&vault.SealConfig{
|
||||
barrierConfig := &vault.SealConfig{
|
||||
SecretShares: req.SecretShares,
|
||||
SecretThreshold: req.SecretThreshold,
|
||||
StoredShares: req.StoredShares,
|
||||
PGPKeys: req.PGPKeys,
|
||||
})
|
||||
if err != nil {
|
||||
respondError(w, http.StatusBadRequest, err)
|
||||
return
|
||||
}
|
||||
|
||||
recoveryConfig := &vault.SealConfig{
|
||||
SecretShares: req.RecoveryShares,
|
||||
SecretThreshold: req.RecoveryThreshold,
|
||||
PGPKeys: req.RecoveryPGPKeys,
|
||||
}
|
||||
|
||||
result, initErr := core.Initialize(barrierConfig, recoveryConfig)
|
||||
if initErr != nil {
|
||||
if !errwrap.ContainsType(initErr, new(vault.NonFatalError)) {
|
||||
respondError(w, http.StatusBadRequest, initErr)
|
||||
return
|
||||
} else {
|
||||
// Add a warnings field? The error will be logged in the vault log
|
||||
// already.
|
||||
}
|
||||
}
|
||||
|
||||
// Encode the keys
|
||||
@@ -57,21 +72,35 @@ func handleSysInitPut(core *vault.Core, w http.ResponseWriter, r *http.Request)
|
||||
keys = append(keys, hex.EncodeToString(k))
|
||||
}
|
||||
|
||||
respondOk(w, &InitResponse{
|
||||
resp := &InitResponse{
|
||||
Keys: keys,
|
||||
RootToken: result.RootToken,
|
||||
})
|
||||
}
|
||||
|
||||
if len(result.RecoveryShares) > 0 {
|
||||
resp.RecoveryKeys = make([]string, 0, len(result.RecoveryShares))
|
||||
for _, k := range result.RecoveryShares {
|
||||
resp.RecoveryKeys = append(resp.RecoveryKeys, hex.EncodeToString(k))
|
||||
}
|
||||
}
|
||||
|
||||
respondOk(w, resp)
|
||||
}
|
||||
|
||||
type InitRequest struct {
|
||||
SecretShares int `json:"secret_shares"`
|
||||
SecretThreshold int `json:"secret_threshold"`
|
||||
PGPKeys []string `json:"pgp_keys"`
|
||||
SecretShares int `json:"secret_shares"`
|
||||
SecretThreshold int `json:"secret_threshold"`
|
||||
StoredShares int `json:"stored_shares"`
|
||||
PGPKeys []string `json:"pgp_keys"`
|
||||
RecoveryShares int `json:"recovery_shares"`
|
||||
RecoveryThreshold int `json:"recovery_threshold"`
|
||||
RecoveryPGPKeys []string `json:"recovery_pgp_keys"`
|
||||
}
|
||||
|
||||
type InitResponse struct {
|
||||
Keys []string `json:"keys"`
|
||||
RootToken string `json:"root_token"`
|
||||
Keys []string `json:"keys"`
|
||||
RecoveryKeys []string `json:"recovery_keys,omitempty"`
|
||||
RootToken string `json:"root_token"`
|
||||
}
|
||||
|
||||
type InitStatusResponse struct {
|
||||
|
||||
Reference in New Issue
Block a user