From 13b776e8e61db600811c84df5acde70ba05d665b Mon Sep 17 00:00:00 2001
From: Brian Kassouf <briankassouf@users.noreply.github.com>
Date: Fri, 15 Dec 2017 06:08:28 -0800
Subject: [PATCH] Fix plaintext backup in transit (#3692)

---
 helper/keysutil/lock_manager.go | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/helper/keysutil/lock_manager.go b/helper/keysutil/lock_manager.go
index 16724049f3df..9d5cf63ae9ff 100644
--- a/helper/keysutil/lock_manager.go
+++ b/helper/keysutil/lock_manager.go
@@ -43,6 +43,9 @@ type PolicyRequest struct {
 
 	// Whether to upsert
 	Upsert bool
+
+	// Whether to allow plaintext backup
+	AllowPlaintextBackup bool
 }
 
 type LockManager struct {
@@ -378,10 +381,11 @@ func (lm *LockManager) getPolicyCommon(req PolicyRequest, lockType bool) (*Polic
 		}
 
 		p = &Policy{
-			Name:       req.Name,
-			Type:       req.KeyType,
-			Derived:    req.Derived,
-			Exportable: req.Exportable,
+			Name:                 req.Name,
+			Type:                 req.KeyType,
+			Derived:              req.Derived,
+			Exportable:           req.Exportable,
+			AllowPlaintextBackup: req.AllowPlaintextBackup,
 		}
 		if req.Derived {
 			p.KDF = Kdf_hkdf_sha256