Skip to content

Commit

Permalink
Fix auditing for transit keys with backup/restore info (#3919)
Browse files Browse the repository at this point in the history
  • Loading branch information
@chrishoffman @jefferai
chrishoffman authored and jefferai committed Feb 9, 2018
1 parent e172349 commit 4120046
Showing 1 changed file with 13 additions and 2 deletions.
15 changes: 13 additions & 2 deletions builtin/logical/transit/path_keys.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,11 +207,22 @@ func (b *backend) pathPolicyRead(ctx context.Context, req *logical.Request, d *f
"supports_decryption": p.Type.DecryptionSupported(),
"supports_signing": p.Type.SigningSupported(),
"supports_derivation": p.Type.DerivationSupported(),
"backup_info": p.BackupInfo,
"restore_info": p.RestoreInfo,
},
}

if p.BackupInfo != nil {
resp.Data["backup_info"] = map[string]interface{}{
"time": p.BackupInfo.Time,
"version": p.BackupInfo.Version,
}
}
if p.RestoreInfo != nil {
resp.Data["restore_info"] = map[string]interface{}{
"time": p.RestoreInfo.Time,
"version": p.RestoreInfo.Version,
}
}

if p.Derived {
switch p.KDF {
case keysutil.Kdf_hmac_sha256_counter:
Expand Down

0 comments on commit 4120046

Please sign in to comment.