Skip to content

Commit

Permalink
fix: properly set up tls for KMS endpoint
Browse files Browse the repository at this point in the history 
The condition was inverted 🤦

Signed-off-by: Artem Chernyshev <artem.chernyshev@talos-systems.com>
  • Loading branch information
@Unix4ever
Unix4ever committed Jul 10, 2023
1 parent cb226ee commit 936111c
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
2 changes: 1 addition & 1 deletion cmd/talosctl/cmd/mgmt/cluster/create.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -455,7 +455,7 @@ func create(ctx context.Context, flags *pflag.FlagSet) (err error) {

keys = append(keys, &v1alpha1.EncryptionKey{
KeyKMS: &v1alpha1.EncryptionKeyKMS{
KMSEndpoint: "http://" + nethelpers.JoinHostPort(ip.String(), port),
KMSEndpoint: "grpc://" + nethelpers.JoinHostPort(ip.String(), port),
},
KeySlot: i,
})
Expand Down
4 changes: 2 additions & 2 deletions internal/pkg/encryption/keys/kms.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,9 +128,9 @@ func (h *KMSKeyHandler) getConn(ctx context.Context) (*grpc.ClientConn, error) {
}

if endpoint.Insecure {
transportCredentials = credentials.NewTLS(&tls.Config{})
} else {
transportCredentials = insecure.NewCredentials()
} else {
transportCredentials = credentials.NewTLS(&tls.Config{})
}

return grpc.DialContext(ctx, endpoint.Host, grpc.WithTransportCredentials(transportCredentials))
Expand Down

0 comments on commit 936111c

Please sign in to comment.