upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-02-03 20:40:45 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

Undo additions to the barrier encryption count if persisting those encryptions fails (#29506)

Browse source 
* Undo additions to the barrier encryption count if persisting those encryptions fails

* changelog
This commit is contained in:
Scott Miller 2025-02-05 13:22:53 -06:00 committed by GitHub
parent 0c76cb83e1
commit 0a2049ca6a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
changelog/29506.txt Normal file
View file

@ -0,0 +1,3 @@
```release-note:bug
core: Fix bug when if failing to persist the barrier keyring to track encryption counts, the number of outstanding encryptions remains added to the count, overcounting encryptions.
```

2
vault/barrier_aes_gcm.go
View file

@ -1281,6 +1281,8 @@ func (b *AESGCMBarrier) persistEncryptions(ctx context.Context) error {
newKeyring := b.keyring.Clone()
err := b.persistKeyringBestEffort(ctx, newKeyring)
if err != nil {
// because Keys are pointer addressed, we need to undo the update to the Encryption count here
activeKey.Encryptions -= uint64(newEncs)
return err
}
b.UnaccountedEncryptions.Sub(newEncs)