From ffac1fc60c6c63e3e0db47d84096abbf8de146af Mon Sep 17 00:00:00 2001
From: "joel.mathew" <joel.mathew@skit.ai>
Date: Tue, 28 May 2024 14:19:39 +0530
Subject: [PATCH 1/2] Use Static Data Key for Offline deployment

---
 crypto/main.go | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/crypto/main.go b/crypto/main.go
index 7e05300..32b859b 100644
--- a/crypto/main.go
+++ b/crypto/main.go
@@ -10,6 +10,7 @@ import (
 
 	"github.com/hashicorp/vault/api"
 	auth "github.com/hashicorp/vault/api/auth/approle"
+	"github.com/skit-ai/vcore/env"
 )
 
 // Read Env Vars
@@ -20,12 +21,23 @@ var vault_secret_id string = os.Getenv("VAULT_SECRET_ID")
 var vault_approle_mountpath string = os.Getenv("VAULT_APPROLE_MOUNTPATH")
 var vault_data_key_name string = os.Getenv("VAULT_DATA_KEY_NAME")
 var encrypted_data_key string = os.Getenv("ENCRYPTED_DATA_KEY")
+var use_static_data_key bool = env.Bool("USE_STATIC_DATA_KEY", false)
+var static_data_key string = env.String("STATIC_DATA_KEY", "")
 
 // Other Global Variables
 
 var data_key []byte
 var dataKeyCache map[string][]byte = map[string][]byte{}
 
+func is_valid_base_64_string(static_data_key string) bool {
+	_, err := base64.StdEncoding.DecodeString(static_data_key)
+	return err == nil
+}
+
+func get_byte_string(static_data_key string) []byte {
+	return []byte(static_data_key)
+}
+
 // Vault functions
 func getApproleAuth() *auth.AppRoleAuth {
 	// Check if vault_approle_mountpath has a value
@@ -136,9 +148,13 @@ func getDataKey(encrypted_data_key_ string, clientId string) (data_key_ []byte)
 // Crypto functions
 func newCipherAESGCMObject(data_key_b64_str string, clientId string) (gcm cipher.AEAD, err error) {
 
+	var data_key []byte
 	// Get data key
-	data_key := getDataKey(data_key_b64_str, clientId)
-
+	if use_static_data_key && is_valid_base_64_string(static_data_key) {
+		data_key = get_byte_string(static_data_key)
+	} else {
+		data_key = getDataKey(data_key_b64_str, clientId)
+	}
 	// Generate new aes cipher using our 32 byte key
 	c, err := aes.NewCipher(data_key)
 	if err != nil {

From 7e895ff58f1cdb91a1e0d3e97fcadda41c516601 Mon Sep 17 00:00:00 2001
From: "joel.mathew" <joel.mathew@skit.ai>
Date: Tue, 28 May 2024 15:16:44 +0530
Subject: [PATCH 2/2] Change to Camel Case

---
 crypto/main.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/crypto/main.go b/crypto/main.go
index 32b859b..e4dec4f 100644
--- a/crypto/main.go
+++ b/crypto/main.go
@@ -29,12 +29,12 @@ var static_data_key string = env.String("STATIC_DATA_KEY", "")
 var data_key []byte
 var dataKeyCache map[string][]byte = map[string][]byte{}
 
-func is_valid_base_64_string(static_data_key string) bool {
+func isValidBase64(static_data_key string) bool {
 	_, err := base64.StdEncoding.DecodeString(static_data_key)
 	return err == nil
 }
 
-func get_byte_string(static_data_key string) []byte {
+func getByteString(static_data_key string) []byte {
 	return []byte(static_data_key)
 }
 
@@ -150,8 +150,8 @@ func newCipherAESGCMObject(data_key_b64_str string, clientId string) (gcm cipher
 
 	var data_key []byte
 	// Get data key
-	if use_static_data_key && is_valid_base_64_string(static_data_key) {
-		data_key = get_byte_string(static_data_key)
+	if use_static_data_key && isValidBase64(static_data_key) {
+		data_key = getByteString(static_data_key)
 	} else {
 		data_key = getDataKey(data_key_b64_str, clientId)
 	}