Skip to content

Commit

Permalink
Don't read AWS env vars
Browse files Browse the repository at this point in the history
Let AWS SDK env cred chain provider do it for us

Fixes #5965
  • Loading branch information
jefferai committed Dec 18, 2018
1 parent fb35119 commit 22558c3
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 20 deletions.
14 changes: 6 additions & 8 deletions physical/dynamodb/dynamodb.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,15 +15,15 @@ import (

log "github.com/hashicorp/go-hclog"

"github.com/armon/go-metrics"
metrics "github.com/armon/go-metrics"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/dynamodb"
"github.com/aws/aws-sdk-go/service/dynamodb/dynamodbattribute"
"github.com/hashicorp/errwrap"
cleanhttp "github.com/hashicorp/go-cleanhttp"
"github.com/hashicorp/go-uuid"
uuid "github.com/hashicorp/go-uuid"
"github.com/hashicorp/vault/helper/awsutil"
"github.com/hashicorp/vault/helper/consts"
"github.com/hashicorp/vault/physical"
Expand Down Expand Up @@ -155,16 +155,14 @@ func NewDynamoDBBackend(conf map[string]string, logger log.Logger) (physical.Bac
writeCapacity = DefaultDynamoDBWriteCapacity
}

accessKey := os.Getenv("AWS_ACCESS_KEY_ID")
if accessKey == "" {
var accessKey, secretKey, sessionToken string
if os.Getenv("AWS_ACCESS_KEY_ID") == "" {
accessKey = conf["access_key"]
}
secretKey := os.Getenv("AWS_SECRET_ACCESS_KEY")
if secretKey == "" {
if os.Getenv("AWS_SECRET_ACCESS_KEY") == "" {
secretKey = conf["secret_key"]
}
sessionToken := os.Getenv("AWS_SESSION_TOKEN")
if sessionToken == "" {
if os.Getenv("AWS_SESSION_TOKEN") == "" {
sessionToken = conf["session_token"]
}

Expand Down
21 changes: 9 additions & 12 deletions vault/seal/awskms/awskms.go
Original file line number Diff line number Diff line change
Expand Up @@ -99,19 +99,16 @@ func (k *AWSKMSSeal) SetConfig(config map[string]string) (map[string]string, err
k.region = "us-east-1"
}

// Check and set AWS access key and secret key
k.accessKey = os.Getenv("AWS_ACCESS_KEY_ID")
if k.accessKey == "" {
if accessKey, ok := config["access_key"]; ok {
k.accessKey = accessKey
}
// Check and set AWS access key, secret key, and session token
var accessKey, secretKey, sessionToken string
if os.Getenv("AWS_ACCESS_KEY_ID") == "" {
accessKey = config["access_key"]
}

k.secretKey = os.Getenv("AWS_SECRET_ACCESS_KEY")
if k.secretKey == "" {
if secretKey, ok := config["secret_key"]; ok {
k.secretKey = secretKey
}
if os.Getenv("AWS_SECRET_ACCESS_KEY") == "" {
secretKey = config["secret_key"]
}
if os.Getenv("AWS_SESSION_TOKEN") == "" {
sessionToken = config["session_token"]
}

k.endpoint = os.Getenv("AWS_KMS_ENDPOINT")
Expand Down

0 comments on commit 22558c3

Please sign in to comment.