From 3f41e89d8a7ce8d4701de6f7bd559dea93022e63 Mon Sep 17 00:00:00 2001
From: Janar Todesk <janar@smaily.com>
Date: Wed, 28 Aug 2019 16:13:14 +0300
Subject: [PATCH] Make PKI provider's backend configuration explicitly required

Previous implementation was blindly defaulting to `test`, which could
have become problematic, since CA committed to Github is used for signing
generated certificates.
---
 main.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/main.go b/main.go
index 77379bf..7ba52f3 100644
--- a/main.go
+++ b/main.go
@@ -6,6 +6,7 @@ import (
 
 	"github.com/docker/docker/client"
 	"github.com/docker/go-plugins-helpers/secrets"
+	"github.com/pkg/errors"
 	"go.uber.org/zap"
 
 	"docker-secretprovider-pki/backend"
@@ -28,8 +29,10 @@ func main() {
 	switch os.Getenv("BACKEND") {
 	case "secrethub":
 		ca, err = backend.NewSecrethubBackend()
-	default:
+	case "test":
 		ca, err = backend.NewTestBackend()
+	default:
+		err = errors.New("backend not configured. Use `docker plugin set <plugin alias> BACKEND=<value>`")
 	}
 
 	if err != nil {