package vault import ( "github.com/hashicorp/go-hclog" wrapping "github.com/hashicorp/go-kms-wrapping" aeadwrapper "github.com/hashicorp/go-kms-wrapping/wrappers/aead" "github.com/hashicorp/vault/sdk/helper/logging" "github.com/hashicorp/vault/vault/seal" testing "github.com/mitchellh/go-testing-interface" ) func NewTestSeal(t testing.T, opts *seal.TestSealOpts) Seal { t.Helper() if opts == nil { opts = &seal.TestSealOpts{} } if opts.Logger == nil { opts.Logger = logging.NewVaultLogger(hclog.Debug) } switch opts.StoredKeys { case seal.StoredKeysSupportedShamirRoot: newSeal := NewDefaultSeal(&seal.Access{ Wrapper: aeadwrapper.NewShamirWrapper(&wrapping.WrapperOptions{ Logger: opts.Logger, }), }) // Need StoredShares set or this will look like a legacy shamir seal. newSeal.SetCachedBarrierConfig(&SealConfig{ StoredShares: 1, SecretThreshold: 1, SecretShares: 1, }) return newSeal case seal.StoredKeysNotSupported: newSeal := NewDefaultSeal(&seal.Access{ Wrapper: aeadwrapper.NewShamirWrapper(&wrapping.WrapperOptions{ Logger: opts.Logger, }), }) newSeal.SetCachedBarrierConfig(&SealConfig{ StoredShares: 0, SecretThreshold: 1, SecretShares: 1, }) return newSeal default: return NewAutoSeal(seal.NewTestSeal(opts)) } }