1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
From: Simon Josefsson <simon@josefsson.org>
Date: Thu, 11 Dec 2025 11:13:02 +0100
Subject: [PATCH] Disable hcVault
Forwarded: not-needed
diff --git a/pkg/signer/tink.go b/pkg/signer/tink.go
index a8f65fc..9dcc0f8 100644
--- a/pkg/signer/tink.go
+++ b/pkg/signer/tink.go
@@ -25,7 +25,6 @@ import (
tinkUtils "github.com/sigstore/sigstore/pkg/signature/tink"
"github.com/tink-crypto/tink-go-awskms/v2/integration/awskms"
"github.com/tink-crypto/tink-go-gcpkms/v2/integration/gcpkms"
- "github.com/tink-crypto/tink-go-hcvault/v2/integration/hcvault"
"github.com/tink-crypto/tink-go/v2/core/registry"
"github.com/tink-crypto/tink-go/v2/keyset"
"github.com/tink-crypto/tink-go/v2/tink"
@@ -68,13 +67,6 @@ func GetPrimaryKey(ctx context.Context, kmsKey, hcVaultToken string) (tink.AEAD,
}
registry.RegisterKMSClient(awsClient)
return awsClient.GetAEAD(kmsKey)
- case strings.HasPrefix(kmsKey, "hcvault://"):
- hcVaultClient, err := hcvault.NewClient(kmsKey, nil, hcVaultToken)
- if err != nil {
- return nil, err
- }
- registry.RegisterKMSClient(hcVaultClient)
- return hcVaultClient.GetAEAD(kmsKey)
default:
return nil, errors.New("unsupported Tink KMS key type")
}
|
