percona · BupycHuk · Nov 14, 2024 · Nov 14, 2024 · Nov 18, 2024 · JiriCtvrtka
@@ -69,7 +69,7 @@ func createOriginEncryptionKey() error {
 	if err != nil {
 		return err
 	}
-	encryption.DefaultEncryption = encryption.New()
+	encryption.DefaultEncryption, _ = encryption.New()
 	return nil
 }
 

@@ -27,7 +27,6 @@ import (
 
 	"github.com/google/tink/go/tink"
 	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
 	"github.com/tink-crypto/tink-go/aead"
 	"github.com/tink-crypto/tink-go/insecurecleartextkeyset"
 	"github.com/tink-crypto/tink-go/keyset"
@@ -40,7 +39,7 @@ var (
 	// ErrEncryptionNotInitialized is error in case of encryption is not initialized.
 	ErrEncryptionNotInitialized = errors.New("encryption is not initialized")
 	// DefaultEncryption is the default implementation of encryption.
-	DefaultEncryption    = New()
+	DefaultEncryption, _ = New()
 	defaultEncryptionMtx sync.Mutex
 )
 
@@ -72,7 +71,7 @@ type QueryValues struct {
 }
 
 // New creates an encryption; if key on path doesn't exist, it will be generated.
-func New() *Encryption {
+func New() (*Encryption, error) {
 	e := &Encryption{}
 	e.Path = encryptionKeyPath()
 
@@ -81,21 +80,22 @@ func New() *Encryption {
 	case os.IsNotExist(err):
 		err = e.generateKey()
 		if err != nil {
-			logrus.Panicf("Encryption: %v", err)
+			return nil, err
 		}
+
 	case err != nil:
-		logrus.Panicf("Encryption: %v", err)
+		return nil, err
 	default:
 		e.Key = string(bytes)
 	}
 
 	primitive, err := e.getPrimitive()
 	if err != nil {
-		logrus.Panicf("Encryption: %v", err)
+		return nil, err
 	}
 	e.Primitive = primitive
 
-	return e
+	return e, nil
 }
 
 // RotateEncryptionKey is a wrapper around DefaultEncryption.RotateEncryptionKey.
@@ -106,8 +106,11 @@ func RotateEncryptionKey() error {
 	}
 
 	defaultEncryptionMtx.Lock()
-	DefaultEncryption = New()
-	defaultEncryptionMtx.Unlock()
+	defer defaultEncryptionMtx.Unlock()
+	DefaultEncryption, err = New()
+	if err != nil {
+		return err
+	}
 
 	return nil
 }