diff --git a/cmd/common-main.go b/cmd/common-main.go index 70ce27c41..9719c9846 100644 --- a/cmd/common-main.go +++ b/cmd/common-main.go @@ -22,7 +22,6 @@ import ( "crypto/tls" "crypto/x509" "encoding/gob" - "encoding/hex" "errors" "fmt" "math/rand" @@ -339,8 +338,6 @@ func handleCommonEnvVars() { switch { case env.IsSet(config.EnvKMSSecretKey) && env.IsSet(config.EnvKESEndpoint): logger.Fatal(errors.New("ambigious KMS configuration"), fmt.Sprintf("The environment contains %q as well as %q", config.EnvKMSSecretKey, config.EnvKESEndpoint)) - case env.IsSet(config.EnvKMSMasterKey) && env.IsSet(config.EnvKESEndpoint): - logger.Fatal(errors.New("ambigious KMS configuration"), fmt.Sprintf("The environment contains %q as well as %q", config.EnvKMSMasterKey, config.EnvKESEndpoint)) } if env.IsSet(config.EnvKMSSecretKey) { @@ -348,21 +345,6 @@ func handleCommonEnvVars() { if err != nil { logger.Fatal(err, "Unable to parse the KMS secret key inherited from the shell environment") } - } else if env.IsSet(config.EnvKMSMasterKey) { - // FIXME: remove this block by June 2021 - logger.LogIf(GlobalContext, fmt.Errorf("legacy KMS configuration, this environment variable %q is deprecated and will be removed by June 2021", config.EnvKMSMasterKey)) - v := strings.SplitN(env.Get(config.EnvKMSMasterKey, ""), ":", 2) - if len(v) != 2 { - logger.Fatal(errors.New("invalid "+config.EnvKMSMasterKey), "Unable to parse the KMS secret key inherited from the shell environment") - } - secretKey, err := hex.DecodeString(v[1]) - if err != nil { - logger.Fatal(err, "Unable to parse the KMS secret key inherited from the shell environment") - } - GlobalKMS, err = kms.New(v[0], secretKey) - if err != nil { - logger.Fatal(err, "Unable to parse the KMS secret key inherited from the shell environment") - } } if env.IsSet(config.EnvKESEndpoint) { var endpoints []string diff --git a/dockerscripts/docker-entrypoint.sh b/dockerscripts/docker-entrypoint.sh index f2a26b64d..63ac45cb2 100755 --- a/dockerscripts/docker-entrypoint.sh +++ b/dockerscripts/docker-entrypoint.sh @@ -71,17 +71,6 @@ docker_kms_secret_encryption_env() { fi } -## Legacy -## Set KMS_MASTER_KEY from docker secrets if provided -docker_kms_master_encryption_env() { - KMS_MASTER_KEY_FILE="/run/secrets/$MINIO_KMS_MASTER_KEY_FILE" - - if [ -f "$KMS_MASTER_KEY_FILE" ]; then - MINIO_KMS_MASTER_KEY="$(cat "$KMS_MASTER_KEY_FILE")" - export MINIO_KMS_MASTER_KEY - fi -} - # su-exec to requested user, if service cannot run exec will fail. docker_switch_user() { if [ ! -z "${MINIO_USERNAME}" ] && [ ! -z "${MINIO_GROUPNAME}" ]; then diff --git a/internal/config/constants.go b/internal/config/constants.go index c792559f8..911d256ee 100644 --- a/internal/config/constants.go +++ b/internal/config/constants.go @@ -41,7 +41,6 @@ const ( EnvUpdate = "MINIO_UPDATE" - EnvKMSMasterKey = "MINIO_KMS_MASTER_KEY" // legacy EnvKMSSecretKey = "MINIO_KMS_SECRET_KEY" EnvKESEndpoint = "MINIO_KMS_KES_ENDPOINT" EnvKESKeyName = "MINIO_KMS_KES_KEY_NAME"