From 33d8b4839e23739491829bb75d1efd27286ded9c Mon Sep 17 00:00:00 2001
From: Calvin Leung Huang <cleung2010@gmail.com>
Date: Fri, 24 Apr 2020 13:31:03 -0700
Subject: [PATCH] seal/gcpkms: fix panic that occurs when the seal config map
 is nil (#8840)

---
 command/server/seal/server_seal_gcpckms.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/command/server/seal/server_seal_gcpckms.go b/command/server/seal/server_seal_gcpckms.go
index 9c0219a82f1e9..c33c173df8e82 100644
--- a/command/server/seal/server_seal_gcpckms.go
+++ b/command/server/seal/server_seal_gcpckms.go
@@ -12,8 +12,16 @@ import (
 )
 
 func configureGCPCKMSSeal(configSeal *server.Seal, infoKeys *[]string, info *map[string]string, logger log.Logger, inseal vault.Seal) (vault.Seal, error) {
-	kms := gcpckms.NewWrapper(nil)
+	// The config map can be nil if all other seal params were provided via env
+	// vars so we nil check here before setting user_agent down below.
+	if configSeal.Config == nil {
+		configSeal.Config = map[string]string{}
+	}
+	// This is not exposed at the moment so we always override user_agent
+	// with Vault's internal value.
 	configSeal.Config["user_agent"] = useragent.String()
+
+	kms := gcpckms.NewWrapper(nil)
 	kmsInfo, err := kms.SetConfig(configSeal.Config)
 	if err != nil {
 		// If the error is any other than logical.KeyNotFoundError, return the error