mirror of
https://github.com/grafana/grafana.git
synced 2025-02-20 11:48:34 -06:00
3e4b4dba46
* Encryption: Enable envelope encryption by default * Stop relying on feature toggles from settings (deprecated) * Database encryption docs (envelope encryption) * Remove deprecated (and no longer used) FT * Apply suggestions from code review Co-authored-by: Tania <yalyna.ts@gmail.com>
35 lines
982 B
Go
35 lines
982 B
Go
package osskmsproviders
|
|
|
|
import (
|
|
"github.com/grafana/grafana/pkg/services/encryption"
|
|
"github.com/grafana/grafana/pkg/services/featuremgmt"
|
|
"github.com/grafana/grafana/pkg/services/kmsproviders"
|
|
grafana "github.com/grafana/grafana/pkg/services/kmsproviders/defaultprovider"
|
|
"github.com/grafana/grafana/pkg/services/secrets"
|
|
"github.com/grafana/grafana/pkg/setting"
|
|
)
|
|
|
|
type Service struct {
|
|
enc encryption.Internal
|
|
settings setting.Provider
|
|
features featuremgmt.FeatureToggles
|
|
}
|
|
|
|
func ProvideService(enc encryption.Internal, settings setting.Provider, features featuremgmt.FeatureToggles) Service {
|
|
return Service{
|
|
enc: enc,
|
|
settings: settings,
|
|
features: features,
|
|
}
|
|
}
|
|
|
|
func (s Service) Provide() (map[secrets.ProviderID]secrets.Provider, error) {
|
|
if s.features.IsEnabled(featuremgmt.FlagDisableEnvelopeEncryption) {
|
|
return nil, nil
|
|
}
|
|
|
|
return map[secrets.ProviderID]secrets.Provider{
|
|
kmsproviders.Default: grafana.New(s.settings, s.enc),
|
|
}, nil
|
|
}
|