From eedd63a10552fce6b82e52db94b913d2d2d1cd1c Mon Sep 17 00:00:00 2001 From: Armon Dadgar Date: Fri, 8 May 2015 11:06:39 -0700 Subject: [PATCH] vault: defer barrier initialization until as late as possible --- vault/core.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/vault/core.go b/vault/core.go index 13528d0f8d..b36dbe2cc3 100644 --- a/vault/core.go +++ b/vault/core.go @@ -619,12 +619,6 @@ func (c *Core) Initialize(config *SealConfig) (*InitResult, error) { return nil, fmt.Errorf("master key generation failed: %v", err) } - // Initialize the barrier - if err := c.barrier.Initialize(masterKey); err != nil { - c.logger.Printf("[ERR] core: failed to initialize barrier: %v", err) - return nil, fmt.Errorf("failed to initialize barrier: %v", err) - } - // Return the master key if only a single key part is used results := new(InitResult) if config.SecretShares == 1 { @@ -639,6 +633,12 @@ func (c *Core) Initialize(config *SealConfig) (*InitResult, error) { } results.SecretShares = shares } + + // Initialize the barrier + if err := c.barrier.Initialize(masterKey); err != nil { + c.logger.Printf("[ERR] core: failed to initialize barrier: %v", err) + return nil, fmt.Errorf("failed to initialize barrier: %v", err) + } c.logger.Printf("[INFO] core: security barrier initialized") // Unseal the barrier