From 9d6f88abffa2092c1226060eefb9d9f98891ee5d Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Wed, 19 Dec 2018 10:56:02 -0500 Subject: [PATCH] Fix build --- vault/seal/awskms/awskms.go | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/vault/seal/awskms/awskms.go b/vault/seal/awskms/awskms.go index d6e217938bec..ddb655e0878c 100644 --- a/vault/seal/awskms/awskms.go +++ b/vault/seal/awskms/awskms.go @@ -38,11 +38,12 @@ const ( // AWSKMSSeal represents credentials and Key information for the KMS Key used to // encryption and decryption type AWSKMSSeal struct { - accessKey string - secretKey string - region string - keyID string - endpoint string + accessKey string + secretKey string + sessionToken string + region string + keyID string + endpoint string currentKeyID *atomic.Value @@ -100,15 +101,14 @@ func (k *AWSKMSSeal) SetConfig(config map[string]string) (map[string]string, err } // Check and set AWS access key, secret key, and session token - var accessKey, secretKey, sessionToken string if os.Getenv("AWS_ACCESS_KEY_ID") == "" { - accessKey = config["access_key"] + k.accessKey = config["access_key"] } if os.Getenv("AWS_SECRET_ACCESS_KEY") == "" { - secretKey = config["secret_key"] + k.secretKey = config["secret_key"] } if os.Getenv("AWS_SESSION_TOKEN") == "" { - sessionToken = config["session_token"] + k.sessionToken = config["session_token"] } k.endpoint = os.Getenv("AWS_KMS_ENDPOINT") @@ -278,6 +278,7 @@ func (k *AWSKMSSeal) getAWSKMSClient() (*kms.KMS, error) { credsConfig.AccessKey = k.accessKey credsConfig.SecretKey = k.secretKey + credsConfig.SessionToken = k.sessionToken credsConfig.Region = k.region credsConfig.HTTPClient = cleanhttp.DefaultClient()