MCPcopy Index your code
hub / github.com/getsops/sops / createSTSConfig

Method createSTSConfig

kms/keysource.go:437–457  ·  view source on GitHub ↗

createSTSConfig uses AWS STS to assume a role and returns a config configured with that role's credentials. It returns an error if it fails to construct a session name, or assume the role.

(ctx context.Context, config *aws.Config)

Source from the content-addressed store, hash-verified

435// configured with that role's credentials. It returns an error if
436// it fails to construct a session name, or assume the role.
437func (key MasterKey) createSTSConfig(ctx context.Context, config *aws.Config) (*aws.Config, error) {
438 name, err := stsSessionName()
439 if err != nil {
440 return nil, err
441 }
442 input := &sts.AssumeRoleInput{
443 RoleArn: &key.Role,
444 RoleSessionName: &name,
445 }
446
447 client := sts.NewFromConfig(*config)
448 out, err := client.AssumeRole(ctx, input)
449 if err != nil {
450 return nil, fmt.Errorf("failed to assume role '%s': %w", key.Role, err)
451 }
452
453 config.Credentials = credentials.NewStaticCredentialsProvider(*out.Credentials.AccessKeyId,
454 *out.Credentials.SecretAccessKey, *out.Credentials.SessionToken,
455 )
456 return config, nil
457}
458
459// stsSessionName returns the name for the STS session in the format of
460// `sops@<hostname>`. It sanitizes the hostname with stsSessionRegex, and

Callers 2

createKMSConfigMethod · 0.95

Calls 1

stsSessionNameFunction · 0.85

Tested by 1