update env vars to use wrapper constants (hashicorp#21456)

Gabrielopesantos · Jun 26, 2023 · 049b205 · 049b205
1 parent df30401
commit 049b205
Showing 1 changed file with 60 additions and 39 deletions.
diff --git a/internalshared/configutil/env_var_util.go b/internalshared/configutil/env_var_util.go
@@ -3,61 +3,82 @@
 
 package configutil
 
+import (
+	"github.com/hashicorp/go-kms-wrapping/wrappers/alicloudkms/v2"
+	"github.com/hashicorp/go-kms-wrapping/wrappers/awskms/v2"
+	"github.com/hashicorp/go-kms-wrapping/wrappers/azurekeyvault/v2"
+	"github.com/hashicorp/go-kms-wrapping/wrappers/gcpckms/v2"
+	"github.com/hashicorp/go-kms-wrapping/wrappers/ocikms/v2"
+	"github.com/hashicorp/go-kms-wrapping/wrappers/transit/v2"
+)
+
 var (
 	AliCloudKMSEnvVars = map[string]string{
-		"ALICLOUD_REGION":               "region",
-		"ALICLOUD_DOMAIN":               "domain",
-		"ALICLOUD_ACCESS_KEY":           "access_key",
-		"ALICLOUD_SECRET_KEY":           "secret_key",
-		"VAULT_ALICLOUDKMS_SEAL_KEY_ID": "kms_key_id",
+		"ALICLOUD_REGION":                        "region",
+		"ALICLOUD_DOMAIN":                        "domain",
+		"ALICLOUD_ACCESS_KEY":                    "access_key",
+		"ALICLOUD_SECRET_KEY":                    "secret_key",
+		alicloudkms.EnvVaultAliCloudKmsSealKeyId: "kms_key_id",
+		alicloudkms.EnvAliCloudKmsWrapperKeyId:   "kms_key_id",
 	}
 
 	AWSKMSEnvVars = map[string]string{
-		"AWS_REGION":               "region",
-		"AWS_DEFAULT_REGION":       "region",
-		"AWS_ACCESS_KEY_ID":        "access_key",
-		"AWS_SESSION_TOKEN":        "session_token",
-		"AWS_SECRET_ACCESS_KEY":    "secret_key",
-		"VAULT_AWSKMS_SEAL_KEY_ID": "kms_key_id",
-		"AWS_KMS_ENDPOINT":         "endpoint",
+		"AWS_REGION":                   "region",
+		"AWS_DEFAULT_REGION":           "region",
+		"AWS_ACCESS_KEY_ID":            "access_key",
+		"AWS_SESSION_TOKEN":            "session_token",
+		"AWS_SECRET_ACCESS_KEY":        "secret_key",
+		awskms.EnvVaultAwsKmsSealKeyId: "kms_key_id",
+		awskms.EnvAwsKmsWrapperKeyId:   "kms_key_id",
+		"AWS_KMS_ENDPOINT":             "endpoint",
 	}
 
 	AzureEnvVars = map[string]string{
-		"AZURE_TENANT_ID":                "tenant_id",
-		"AZURE_CLIENT_ID":                "client_id",
-		"AZURE_CLIENT_SECRET":            "client_secret",
-		"AZURE_ENVIRONMENT":              "environment",
-		"VAULT_AZUREKEYVAULT_VAULT_NAME": "vault_name",
-		"VAULT_AZUREKEYVAULT_KEY_NAME":   "key_name",
-		"AZURE_AD_RESOURCE":              "resource",
+		"AZURE_TENANT_ID":                              "tenant_id",
+		"AZURE_CLIENT_ID":                              "client_id",
+		"AZURE_CLIENT_SECRET":                          "client_secret",
+		"AZURE_ENVIRONMENT":                            "environment",
+		"AZURE_AD_RESOURCE":                            "resource",
+		azurekeyvault.EnvAzureKeyVaultWrapperKeyName:   "key_name",
+		azurekeyvault.EnvVaultAzureKeyVaultKeyName:     "key_name",
+		azurekeyvault.EnvAzureKeyVaultWrapperVaultName: "vault_name",
+		azurekeyvault.EnvVaultAzureKeyVaultVaultName:   "vault_name",
 	}
 
 	GCPCKMSEnvVars = map[string]string{
-		"GOOGLE_CREDENTIALS":             "credentials",
-		"GOOGLE_APPLICATION_CREDENTIALS": "credentials",
-		"GOOGLE_PROJECT":                 "project",
-		"GOOGLE_REGION":                  "region",
-		"VAULT_GCPCKMS_SEAL_KEY_RING":    "key_ring",
-		"VAULT_GCPCKMS_SEAL_CRYPTO_KEY":  "crypto_key",
+		gcpckms.EnvGcpCkmsWrapperCredsPath:   "credentials",
+		"GOOGLE_APPLICATION_CREDENTIALS":     "credentials",
+		gcpckms.EnvGcpCkmsWrapperProject:     "project",
+		gcpckms.EnvGcpCkmsWrapperLocation:    "region",
+		gcpckms.EnvVaultGcpCkmsSealCryptoKey: "crypto_key",
+		gcpckms.EnvGcpCkmsWrapperCryptoKey:   "crypto_key",
+		gcpckms.EnvGcpCkmsWrapperKeyRing:     "key_ring",
+		gcpckms.EnvVaultGcpCkmsSealKeyRing:   "key_ring",
 	}
 
 	OCIKMSEnvVars = map[string]string{
-		"VAULT_OCIKMS_SEAL_KEY_ID":         "key_id",
-		"VAULT_OCIKMS_CRYPTO_ENDPOINT":     "crypto_endpoint",
-		"VAULT_OCIKMS_MANAGEMENT_ENDPOINT": "management_endpoint",
+		ocikms.EnvOciKmsWrapperCryptoEndpoint:       "crypto_endpoint",
+		ocikms.EnvVaultOciKmsSealCryptoEndpoint:     "crypto_endpoint",
+		ocikms.EnvOciKmsWrapperKeyId:                "key_id",
+		ocikms.EnvVaultOciKmsSealKeyId:              "key_id",
+		ocikms.EnvOciKmsWrapperManagementEndpoint:   "management_endpoint",
+		ocikms.EnvVaultOciKmsSealManagementEndpoint: "management_endpoint",
 	}
 
 	TransitEnvVars = map[string]string{
-		"VAULT_ADDR":                         "address",
-		"VAULT_TOKEN":                        "token",
-		"VAULT_TRANSIT_SEAL_KEY_NAME":        "key_name",
-		"VAULT_TRANSIT_SEAL_MOUNT_PATH":      "mount_path",
-		"VAULT_NAMESPACE":                    "namespace",
-		"VAULT_TRANSIT_SEAL_DISABLE_RENEWAL": "disable_renewal",
-		"VAULT_CACERT":                       "tls_ca_cert",
-		"VAULT_CLIENT_CERT":                  "tls_client_cert",
-		"VAULT_CLIENT_KEY":                   "tls_client_key",
-		"VAULT_TLS_SERVER_NAME":              "tls_server_name",
-		"VAULT_SKIP_VERIFY":                  "tls_skip_verify",
+		"VAULT_ADDR":                              "address",
+		"VAULT_TOKEN":                             "token",
+		"VAULT_NAMESPACE":                         "namespace",
+		"VAULT_CACERT":                            "tls_ca_cert",
+		"VAULT_CLIENT_CERT":                       "tls_client_cert",
+		"VAULT_CLIENT_KEY":                        "tls_client_key",
+		"VAULT_TLS_SERVER_NAME":                   "tls_server_name",
+		"VAULT_SKIP_VERIFY":                       "tls_skip_verify",
+		transit.EnvVaultTransitSealKeyName:        "key_name",
+		transit.EnvTransitWrapperKeyName:          "key_name",
+		transit.EnvTransitWrapperMountPath:        "mount_path",
+		transit.EnvVaultTransitSealMountPath:      "mount_path",
+		transit.EnvTransitWrapperDisableRenewal:   "disable_renewal",
+		transit.EnvVaultTransitSealDisableRenewal: "disable_renewal",
 	}
 )