mirror of
https://github.com/grafana/grafana.git
synced 2024-11-28 03:34:15 -06:00
Encryption: Stop decrypting EE encrypted secrets with legacy encryption (#50090)
This commit is contained in:
parent
c85567f490
commit
7a614fd8a1
@ -291,8 +291,15 @@ func newRandomDataKey() ([]byte, error) {
|
||||
}
|
||||
|
||||
func (s *SecretsService) Decrypt(ctx context.Context, payload []byte) ([]byte, error) {
|
||||
if len(payload) == 0 {
|
||||
return nil, fmt.Errorf("unable to decrypt empty payload")
|
||||
}
|
||||
|
||||
// Use legacy encryption service if featuremgmt.FlagDisableEnvelopeEncryption toggle is on
|
||||
if s.features.IsEnabled(featuremgmt.FlagDisableEnvelopeEncryption) {
|
||||
if len(payload) > 0 && payload[0] == '#' {
|
||||
return nil, fmt.Errorf("failed to decrypt a secret encrypted with envelope encryption: envelope encryption is disabled")
|
||||
}
|
||||
return s.enc.Decrypt(ctx, payload, setting.SecretKey)
|
||||
}
|
||||
|
||||
@ -309,11 +316,6 @@ func (s *SecretsService) Decrypt(ctx context.Context, payload []byte) ([]byte, e
|
||||
}
|
||||
}()
|
||||
|
||||
if len(payload) == 0 {
|
||||
err = fmt.Errorf("unable to decrypt empty payload")
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var dataKey []byte
|
||||
|
||||
if payload[0] != '#' {
|
||||
|
Loading…
Reference in New Issue
Block a user