Skip to content

Commit

Permalink
fix: add printout logs for vault values
Browse files Browse the repository at this point in the history
  • Loading branch information
@meotchwilliams
meotchwilliams committed Mar 21, 2024
1 parent d3e9d7f commit e5ffd66
Showing 1 changed file with 16 additions and 1 deletion.
17 changes: 16 additions & 1 deletion ...ult/src/main/java/com/mx/path/service/facility/security/vault/VaultEncryptionService.java
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,20 @@
package com.mx.path.service.facility.security.vault;

import java.nio.charset.StandardCharsets;
import java.time.LocalDateTime;
import java.time.ZoneOffset;
import java.util.Base64;
import java.util.Collections;
import java.util.Map;
import java.util.Objects;

import javax.annotation.Nullable;

import com.google.common.collect.ImmutableMap;
import lombok.Getter;
import lombok.Setter;

import com.bettercloud.vault.SslConfig;
import com.bettercloud.vault.Vault;
import com.bettercloud.vault.VaultConfig;
import com.bettercloud.vault.VaultException;
Expand Down Expand Up @@ -116,6 +120,9 @@ public final void rotateKeys() {
return;
}

LOGGER.info("rotateKeys.currentKeyVersion = " + key.currentKeyVersion());
LOGGER.info("rotateKeys.numKeysToKeep = " + configuration.getNumKeysToKeep());
LOGGER.info("rotateKeys.minDecryptVersion = " + (key.currentKeyVersion() - configuration.getNumKeysToKeep()));
int minDecryptVersion = key.currentKeyVersion() - configuration.getNumKeysToKeep();

if (minDecryptVersion < 1) {
Expand All @@ -137,6 +144,7 @@ final Vault buildVaultDriver(@Nullable String authToken) {
.token(authToken)
.engineVersion(configuration.getEngineVersion())
.address(configuration.getUri())
// .sslConfig(new SslConfig().verify(false).build())
.build();

Vault newDriver = new Vault(vaultConfig);
Expand Down Expand Up @@ -197,7 +205,14 @@ final VaultTransitKey loadKey() {
*/
final void setMinDecryptionVersion(int minDecryptionVersion) {
try {
VaultResponse response = logicalWriteWithReauthentication("transit/keys/" + configuration.getKeyName(), Collections.singletonMap("min_decryption_version", minDecryptionVersion));
//FIXME this is not setting `min_encryption_version` or `min_available_version`
//FIXME should `min_available_version` and `min_decyprtion_version` always be the same and `min_encryption_version` be ahead?
// VaultResponse response = logicalWriteWithReauthentication("transit/keys/" + configuration.getKeyName(), Collections.singletonMap("min_decryption_version", minDecryptionVersion));
VaultResponse response = logicalWriteWithReauthentication("transit/keys/" + configuration.getKeyName(), ImmutableMap.of(
"min_decryption_version", minDecryptionVersion,
"min_encryption_version", minDecryptionVersion,
"min_available_version", minDecryptionVersion
));
validateVaultOperationResponse(response, "Unable to update vault key");
} catch (RuntimeException e) {
LOGGER.warn("Unable to update vault key", e);
Expand Down

0 comments on commit e5ffd66

Please sign in to comment.