more index cleanups to optimise space
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
17
main.go
17
main.go
@@ -35,7 +35,6 @@ var (
|
||||
|
||||
const (
|
||||
encryptedVcenterPasswordPrefix = "enc:v1:"
|
||||
encryptionKeyEnvVar = "VCTP_ENCRYPTION_KEY"
|
||||
legacyFallbackEncryptionKey = "5L1l3B5KvwOCzUHMAlCgsgUTRAYMfSpa"
|
||||
)
|
||||
|
||||
@@ -80,7 +79,11 @@ func main() {
|
||||
dbURL = utils.GetFilePath("db.sqlite3")
|
||||
}
|
||||
|
||||
database, err := db.New(logger, db.Config{Driver: normalizedDriver, DSN: dbURL})
|
||||
database, err := db.New(logger, db.Config{
|
||||
Driver: normalizedDriver,
|
||||
DSN: dbURL,
|
||||
EnableExperimentalPostgres: s.Values.Settings.EnableExperimentalPostgres,
|
||||
})
|
||||
if err != nil {
|
||||
logger.Error("Failed to create database", "error", err)
|
||||
os.Exit(1)
|
||||
@@ -143,7 +146,7 @@ func main() {
|
||||
}
|
||||
|
||||
// Load vcenter credentials from settings, decrypt if required.
|
||||
encKey := deriveEncryptionKey(logger, *settingsPath)
|
||||
encKey := deriveEncryptionKey(logger, *settingsPath, s.Values.Settings.EncryptionKey)
|
||||
a := secrets.New(logger, encKey)
|
||||
legacyDecryptKeys := deriveLegacyDecryptionKeys(*settingsPath, encKey)
|
||||
vcEp := strings.TrimSpace(s.Values.Settings.VcenterPassword)
|
||||
@@ -456,10 +459,10 @@ func deriveLegacyDecryptionKeys(settingsPath string, activeKey []byte) [][]byte
|
||||
return legacyKeys
|
||||
}
|
||||
|
||||
func deriveEncryptionKey(logger *slog.Logger, settingsPath string) []byte {
|
||||
if provided := strings.TrimSpace(os.Getenv(encryptionKeyEnvVar)); provided != "" {
|
||||
func deriveEncryptionKey(logger *slog.Logger, settingsPath string, configuredKey string) []byte {
|
||||
if provided := strings.TrimSpace(configuredKey); provided != "" {
|
||||
sum := sha256.Sum256([]byte(provided))
|
||||
logger.Debug("derived encryption key from environment variable", "env_var", encryptionKeyEnvVar)
|
||||
logger.Debug("derived encryption key from settings", "setting", "settings.encryption_key")
|
||||
return sum[:]
|
||||
}
|
||||
|
||||
@@ -470,7 +473,7 @@ func deriveEncryptionKey(logger *slog.Logger, settingsPath string) []byte {
|
||||
case "machine-id":
|
||||
logger.Debug("derived encryption key from machine-id")
|
||||
default:
|
||||
logger.Warn("using host-derived encryption key fallback; set environment variable for explicit key", "env_var", encryptionKeyEnvVar)
|
||||
logger.Warn("using host-derived encryption key fallback; set settings.encryption_key for an explicit key")
|
||||
}
|
||||
return key
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user