setting active_root_key parallel to loading key

jackyalbo · jackyalbo · commit ba6b876e5ecb · 2025-02-13T10:57:42.000+02:00
Signed-off-by: jackyalbo &lt;jacky.albo@gmail.com&gt;
diff --git a/src/server/system_services/master_key_manager.js b/src/server/system_services/master_key_manager.js
@@ -36,7 +36,7 @@ class MasterKeysManager {
                     decipher = crypto.createDecipheriv(m_key.cipher_type, m_key.cipher_key, m_key.cipher_iv);
                 }
                 return new SensitiveString(decipher.update(
-                Buffer.from(params.encrypted_value, 'base64')).toString());
+                    Buffer.from(params.encrypted_value, 'base64')).toString());
             }
         });
     }
@@ -86,6 +86,9 @@ class MasterKeysManager {
         this.last_load_time = new Date();
         const root_keys = await fs.promises.readdir(config.ROOT_KEY_MOUNT);
         const active_root_key_id = await fs.promises.readFile(active_root_key_path, 'utf8');
+        this.active_root_key = active_root_key_id;
+        dbg.log0(`load_root_keys_from_mount: Root keys was updated at: ${this.last_load_time}. ` +
+            `active root key is: ${this.active_root_key}`);
         for (const key_id of root_keys) {
             // skipping file named active_root_key - as we already handled it
             // also skipping some garbage files k8s adding to the mount
@@ -95,9 +98,6 @@ class MasterKeysManager {
             const r_key = this._add_to_resolved_keys(key_id, key_cipher, key_id !== active_root_key_id);
             this.root_keys_by_id[key_id] = r_key;
         }
-        this.active_root_key = active_root_key_id;
-        dbg.log0(`load_root_keys_from_mount: Root keys was updated at: ${this.last_load_time}. ` +
-            `active root key is: ${this.active_root_key}`);
         this.is_initialized = true;
     }
 
@@ -298,7 +298,7 @@ class MasterKeysManager {
         if (!_id) throw new Error(`set_m_key_disabled_val: master key id ${_id} was not found`);
         const m_key = this.get_master_key_by_id(_id);
         if (!m_key) throw new Error('NO_SUCH_KEY');
-        this.resolved_master_keys_by_id[_id.toString()] = {...m_key, disabled: val };
+        this.resolved_master_keys_by_id[_id.toString()] = { ...m_key, disabled: val };
     }
 
     remove_secret_key_pair_from_cache(old_encrypted_sec_key) {

Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ class MasterKeysManager {`
`36`	`36`	`decipher = crypto.createDecipheriv(m_key.cipher_type, m_key.cipher_key, m_key.cipher_iv);`
`37`	`37`	`}`
`38`	`38`	`return new SensitiveString(decipher.update(`
`39`		`- Buffer.from(params.encrypted_value, 'base64')).toString());`
	`39`	`+ Buffer.from(params.encrypted_value, 'base64')).toString());`
`40`	`40`	`}`
`41`	`41`	`});`
`42`	`42`	`}`
`@@ -86,6 +86,9 @@ class MasterKeysManager {`
`86`	`86`	`this.last_load_time = new Date();`
`87`	`87`	`const root_keys = await fs.promises.readdir(config.ROOT_KEY_MOUNT);`
`88`	`88`	`const active_root_key_id = await fs.promises.readFile(active_root_key_path, 'utf8');`
	`89`	`+ this.active_root_key = active_root_key_id;`
	`90`	+ dbg.log0(`load_root_keys_from_mount: Root keys was updated at: ${this.last_load_time}. ` +
	`91`	+ `active root key is: ${this.active_root_key}`);
`89`	`92`	`for (const key_id of root_keys) {`
`90`	`93`	`// skipping file named active_root_key - as we already handled it`
`91`	`94`	`// also skipping some garbage files k8s adding to the mount`
`@@ -95,9 +98,6 @@ class MasterKeysManager {`
`95`	`98`	`const r_key = this._add_to_resolved_keys(key_id, key_cipher, key_id !== active_root_key_id);`
`96`	`99`	`this.root_keys_by_id[key_id] = r_key;`
`97`	`100`	`}`
`98`		`- this.active_root_key = active_root_key_id;`
`99`		- dbg.log0(`load_root_keys_from_mount: Root keys was updated at: ${this.last_load_time}. ` +
`100`		- `active root key is: ${this.active_root_key}`);
`101`	`101`	`this.is_initialized = true;`
`102`	`102`	`}`
`103`	`103`
`@@ -298,7 +298,7 @@ class MasterKeysManager {`
`298`	`298`	if (!_id) throw new Error(`set_m_key_disabled_val: master key id ${_id} was not found`);
`299`	`299`	`const m_key = this.get_master_key_by_id(_id);`
`300`	`300`	`if (!m_key) throw new Error('NO_SUCH_KEY');`
`301`		`- this.resolved_master_keys_by_id[_id.toString()] = {...m_key, disabled: val };`
	`301`	`+ this.resolved_master_keys_by_id[_id.toString()] = { ...m_key, disabled: val };`
`302`	`302`	`}`
`303`	`303`
`304`	`304`	`remove_secret_key_pair_from_cache(old_encrypted_sec_key) {`