jprdonnelly/opentf
1
0
Fork 0
mirror of https://github.com/opentffoundation/opentf.git synced 2025-12-19 17:59:05 -05:00
Code Issues Packages Projects Releases Wiki Activity

chore(keyprovider/gcp_kms): add logs for encryption and decryption keys (#3518)

Browse Source 
Signed-off-by: divyanshu-vashu <vashusingh2004.jan@gmail.com>
Signed-off-by: Divyanshu Singh <89933176+divyanshu-vashu@users.noreply.github.com>
Co-authored-by: Diógenes Fernandes <diofeher@gmail.com>
This commit is contained in:
Divyanshu Singh
2025-11-24 18:14:18 +05:30
committed by GitHub
parent 09815665de
commit 1e966f250a
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
internal/encryption/keyprovider/gcp_kms/provider.go
View File

@@ -8,6 +8,7 @@ package gcp_kms
import (
"context"
"crypto/rand"
"log"
"cloud.google.com/go/kms/apiv1/kmspb"
"github.com/googleapis/gax-go/v2"
@@ -67,6 +68,7 @@ func (p keyProvider) Provide(rawMeta keyprovider.KeyMeta) (keyprovider.Output, k
Cause: err,
}
}
log.Printf("[DEBUG] GCP KMS: encrypted state: %s", encryptedKeyData.Name)
outMeta.Ciphertext = encryptedKeyData.Ciphertext
@@ -74,6 +76,7 @@ func (p keyProvider) Provide(rawMeta keyprovider.KeyMeta) (keyprovider.Output, k
// and that is handled below when we check if the inMeta has a CiphertextBlob
if inMeta.isPresent() {
log.Printf("[DEBUG] GCP KMS: decrypting state: %s", p.keyName)
// We have an existing decryption key to decrypt, so we should now populate the DecryptionKey
decryptedKeyData, decryptErr := p.svc.Decrypt(p.ctx, &kmspb.DecryptRequest{
Name: p.keyName,