func()

in pkg/plugin/keyvault.go [150:187]

• 34 lines of code
• 3 McCabe index (conditional complexity)

func (kvc *KeyVaultClient) Encrypt(
	ctx context.Context,
	plain []byte,
	encryptionAlgorithm kv.JSONWebKeyEncryptionAlgorithm,
) (*service.EncryptResponse, error) {
	value := base64.RawURLEncoding.EncodeToString(plain)

	params := kv.KeyOperationsParameters{
		Algorithm: encryptionAlgorithm,
		Value:     &value,
	}
	result, err := kvc.baseClient.Encrypt(ctx, kvc.vaultURL, kvc.keyName, kvc.keyVersion, params)
	if err != nil {
		return nil, fmt.Errorf("failed to encrypt, error: %+v", err)
	}

	if kvc.keyIDHash != fmt.Sprintf("%x", sha256.Sum256([]byte(*result.Kid))) {
		return nil, fmt.Errorf(
			"key id initialized does not match with the key id from encryption result, expected: %s, got: %s",
			kvc.keyIDHash,
			*result.Kid,
		)
	}

	annotations := map[string][]byte{
		dateAnnotationKey:           []byte(result.Header.Get(dateAnnotationValue)),
		requestIDAnnotationKey:      []byte(result.Header.Get(requestIDAnnotationValue)),
		keyvaultRegionAnnotationKey: []byte(result.Header.Get(keyvaultRegionAnnotationValue)),
		versionAnnotationKey:        []byte(encryptionResponseVersion),
		algorithmAnnotationKey:      []byte(encryptionAlgorithm),
	}

	return &service.EncryptResponse{
		Ciphertext:  []byte(*result.Result),
		KeyID:       kvc.keyIDHash,
		Annotations: annotations,
	}, nil
}