/
config.go
36 lines (31 loc) · 945 Bytes
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
package secure
import (
"encoding/json"
"fmt"
"github.com/yandex-cloud/go-genproto/yandex/cloud/kms/v1"
)
type Config struct {
SessionKeys []*SessionKeyPair `json:"session_keys"`
OAuthSecret string `json:"oauth_secret"`
}
type SessionKeyPair struct {
HashKey []byte `json:"hash"`
BlockKey []byte `json:"block"`
}
func LoadConfig(deps Deps) (*Config, error) {
sdk := deps.GetCloudSDK()
kmsResp, err := sdk.KMSCrypto().SymmetricCrypto().Decrypt(deps.GetContext(), &kms.SymmetricDecryptRequest{
KeyId: deps.GetConfig().KMSKeyID,
Ciphertext: deps.GetConfig().EncyptedSecrets,
})
if err != nil {
return nil, fmt.Errorf("decrypting app secrets: %w", err)
}
resConf := &Config{}
err = json.Unmarshal(kmsResp.Plaintext, resConf)
if err != nil {
//TODO: check if secret config content can be exposed in error message
return nil, fmt.Errorf("unmarshalling secrets config: %w", err)
}
return resConf, nil
}