Skip to content

Commit

Permalink
Deprecate helper/encryption.
Browse files Browse the repository at this point in the history 
In line with
https://www.terraform.io/docs/extend/best-practices/sensitive-state.html#don-39-t-encrypt-state,
mark all the functions in helper/encryption as deprecated and up for
removal in v2.
  • Loading branch information
@paddycarver @appilon
paddycarver authored and appilon committed May 4, 2020
1 parent d5f4fed commit 9f7437c
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions helper/encryption/encryption.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,10 @@ import (
// RetrieveGPGKey returns the PGP key specified as the pgpKey parameter, or queries
// the public key from the keybase service if the parameter is a keybase username
// prefixed with the phrase "keybase:"
//
// Deprecated: This function will be removed in v2 without replacement. Please
// see https://www.terraform.io/docs/extend/best-practices/sensitive-state.html#don-39-t-encrypt-state
// for more information.
func RetrieveGPGKey(pgpKey string) (string, error) {
const keybasePrefix = "keybase:"

Expand All @@ -29,6 +33,10 @@ func RetrieveGPGKey(pgpKey string) (string, error) {

// EncryptValue encrypts the given value with the given encryption key. Description
// should be set such that errors return a meaningful user-facing response.
//
// Deprecated: This function will be removed in v2 without replacement. Please
// see https://www.terraform.io/docs/extend/best-practices/sensitive-state.html#don-39-t-encrypt-state
// for more information.
func EncryptValue(encryptionKey, value, description string) (string, string, error) {
fingerprints, encryptedValue, err :=
pgpkeys.EncryptShares([][]byte{[]byte(value)}, []string{encryptionKey})
Expand Down

0 comments on commit 9f7437c

Please sign in to comment.