From 1655332463da1c68a378653e0987758b4c81eb5f Mon Sep 17 00:00:00 2001
From: Mark Wolfe <mark@wolfe.id.au>
Date: Tue, 23 Feb 2016 17:06:23 +1100
Subject: [PATCH] Enable overriding the KMS key alias.

---
 cmd/unicreds/main.go |  4 ++--
 ds.go                | 14 ++++++++++----
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/cmd/unicreds/main.go b/cmd/unicreds/main.go
index 7cb7349..ea2322d 100644
--- a/cmd/unicreds/main.go
+++ b/cmd/unicreds/main.go
@@ -74,7 +74,7 @@ func main() {
 		if *cmdPutVersion != 0 {
 			version = fmt.Sprintf("%d", *cmdPutVersion)
 		}
-		err := unicreds.PutSecret(*cmdPutName, *cmdPutSecret, version)
+		err := unicreds.PutSecret(*alias, *cmdPutName, *cmdPutSecret, version)
 		if err != nil {
 			printFatalError(err)
 		}
@@ -90,7 +90,7 @@ func main() {
 			printFatalError(err)
 		}
 
-		err = unicreds.PutSecret(*cmdPutFileName, string(data), version)
+		err = unicreds.PutSecret(*alias, *cmdPutFileName, string(data), version)
 		if err != nil {
 			printFatalError(err)
 		}
diff --git a/ds.go b/ds.go
index 5606616..c988566 100644
--- a/ds.go
+++ b/ds.go
@@ -16,8 +16,8 @@ const (
 	// Table the name of the dynamodb table
 	Table = "credential-store"
 
-	// KmsKey default KMS key alias name
-	KmsKey = "alias/credstash"
+	// DefaultKmsKey default KMS key alias name
+	DefaultKmsKey = "alias/credstash"
 
 	// CreatedAtNotAvailable returned to indicate the created at field is missing
 	// from the secret
@@ -195,13 +195,19 @@ func ListSecrets() ([]*DecryptedCredential, error) {
 }
 
 // PutSecret retrieve the secret from dynamodb
-func PutSecret(name, secret, version string) error {
+func PutSecret(alias, name, secret, version string) error {
+
+	kmsKey := DefaultKmsKey
+
+	if alias != "" {
+		kmsKey = alias
+	}
 
 	if version == "" {
 		version = "1"
 	}
 
-	dk, err := GenerateDataKey(KmsKey, 64)
+	dk, err := GenerateDataKey(kmsKey, 64)
 	if err != nil {
 		return err
 	}