From f83cffff038da3752847577bee22816e4243f565 Mon Sep 17 00:00:00 2001
From: Levi Durfee <levi.durfee@gmail.com>
Date: Thu, 8 Jan 2026 13:34:40 -0500
Subject: Refactor passphrase

---
 internal/goaes.go | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

(limited to 'internal/goaes.go')

diff --git a/internal/goaes.go b/internal/goaes.go
index d67921a..7bc71f3 100644
--- a/internal/goaes.go
+++ b/internal/goaes.go
@@ -8,7 +8,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"os"
 
 	"golang.org/x/crypto/argon2"
 )
@@ -20,15 +19,10 @@ const (
 	keyLen  = 32
 )
 
-func NewKEKFromEnvB64(passphraseEnvVar string, salt Salt) (KEK, error) {
-	b64Passphrase := os.Getenv(passphraseEnvVar)
-	if b64Passphrase == "" {
-		return nil, fmt.Errorf("%s is not set", passphraseEnvVar)
-	}
-
+func NewKEKFromEnvB64(b64Passphrase string, salt Salt) (KEK, error) {
 	passphrase, err := base64.StdEncoding.DecodeString(b64Passphrase)
 	if err != nil {
-		return nil, fmt.Errorf("decode %s base64: %w", passphraseEnvVar, err)
+		return nil, fmt.Errorf("decode %s base64: %w", b64Passphrase, err)
 	}
 
 	raw := argon2.IDKey(passphrase, salt, time, memory, threads, keyLen)
-- 
cgit v1.2.3