From 743e7f99b65ff42c92099b79efe9d7b3a24f32fc Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Date: Sat, 19 Sep 2015 11:29:31 -0400
Subject: [PATCH] Use hmac-sha256 for protecting secrets in audit entries

---
 audit/hashstructure_test.go | 12 ++++++++----
 vault/audit.go              |  1 -
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/audit/hashstructure_test.go b/audit/hashstructure_test.go
index 1b652cf44a..ce7e55d76f 100644
--- a/audit/hashstructure_test.go
+++ b/audit/hashstructure_test.go
@@ -140,10 +140,14 @@ func TestHash(t *testing.T) {
 		},
 	}
 
-	localSalt, err := salt.NewSalt(nil, &salt.Config{
-		HMAC:       sha256.New,
-		HMACType:   "hmac-sha256",
-		StaticSalt: "foo",
+	inmemStorage := &logical.InmemStorage{}
+	inmemStorage.Put(&logical.StorageEntry{
+		Key:   "salt",
+		Value: []byte("foo"),
+	})
+	localSalt, err := salt.NewSalt(inmemStorage, &salt.Config{
+		HMAC:     sha256.New,
+		HMACType: "hmac-sha256",
 	})
 	if err != nil {
 		t.Fatalf("Error instantiating salt: %s", err)
diff --git a/vault/audit.go b/vault/audit.go
index b9d044be96..77b06fd916 100644
--- a/vault/audit.go
+++ b/vault/audit.go
@@ -207,7 +207,6 @@ func (c *Core) newAuditBackend(t string, view logical.Storage, conf map[string]s
 		return nil, fmt.Errorf("unknown backend type: %s", t)
 	}
 	salter, err := salt.NewSalt(view, &salt.Config{
-		HashFunc: salt.SHA256Hash,
 		HMAC:     sha256.New,
 		HMACType: "hmac-sha256",
 	})