Skip to content

Commit

Permalink
Seal wrap all root tokens and their leases (#3540)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jefferai
jefferai authored Nov 6, 2017
1 parent 55c032d commit cc55e6f
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 0 deletions.
3 changes: 3 additions & 0 deletions vault/expiration.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1104,6 +1104,9 @@ func (m *ExpirationManager) persistEntry(le *leaseEntry) error {
Key: le.LeaseID,
Value: buf,
}
if le.Auth != nil && len(le.Auth.Policies) == 1 && le.Auth.Policies[0] == "root" {
ent.SealWrap = true
}
if err := m.idView.Put(&ent); err != nil {
return fmt.Errorf("failed to persist lease entry: %v", err)
}
Expand Down
3 changes: 3 additions & 0 deletions vault/token_store.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -838,6 +838,9 @@ func (ts *TokenStore) storeCommon(entry *TokenEntry, writeSecondary bool) error
// Write the primary ID
path := lookupPrefix + saltedId
le := &logical.StorageEntry{Key: path, Value: enc}
if len(entry.Policies) == 1 && entry.Policies[0] == "root" {
le.SealWrap = true
}
if err := ts.view.Put(le); err != nil {
return fmt.Errorf("failed to persist entry: %v", err)
}
Expand Down

0 comments on commit cc55e6f

Please sign in to comment.