Enable overriding the KMS key alias.

Versent · Feb 23, 2016 · 1655332 · 1655332
1 parent 478408c
commit 1655332
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 6 deletions.
diff --git a/cmd/unicreds/main.go b/cmd/unicreds/main.go
@@ -74,7 +74,7 @@ func main() {
 		if *cmdPutVersion != 0 {
 			version = fmt.Sprintf("%d", *cmdPutVersion)
 		}
-		err := unicreds.PutSecret(*cmdPutName, *cmdPutSecret, version)
+		err := unicreds.PutSecret(*alias, *cmdPutName, *cmdPutSecret, version)
 		if err != nil {
 			printFatalError(err)
 		}
@@ -90,7 +90,7 @@ func main() {
 			printFatalError(err)
 		}
 
-		err = unicreds.PutSecret(*cmdPutFileName, string(data), version)
+		err = unicreds.PutSecret(*alias, *cmdPutFileName, string(data), version)
 		if err != nil {
 			printFatalError(err)
 		}

diff --git a/ds.go b/ds.go
@@ -16,8 +16,8 @@ const (
 	// Table the name of the dynamodb table
 	Table = "credential-store"
 
-	// KmsKey default KMS key alias name
-	KmsKey = "alias/credstash"
+	// DefaultKmsKey default KMS key alias name
+	DefaultKmsKey = "alias/credstash"
 
 	// CreatedAtNotAvailable returned to indicate the created at field is missing
 	// from the secret
@@ -195,13 +195,19 @@ func ListSecrets() ([]*DecryptedCredential, error) {
 }
 
 // PutSecret retrieve the secret from dynamodb
-func PutSecret(name, secret, version string) error {
+func PutSecret(alias, name, secret, version string) error {
+
+	kmsKey := DefaultKmsKey
+
+	if alias != "" {
+		kmsKey = alias
+	}
 
 	if version == "" {
 		version = "1"
 	}
 
-	dk, err := GenerateDataKey(KmsKey, 64)
+	dk, err := GenerateDataKey(kmsKey, 64)
 	if err != nil {
 		return err
 	}