From 1acc19dac52e851f3392e07e092ac1539af8fc56 Mon Sep 17 00:00:00 2001
From: Michael Eischer <michael.eischer@fau.de>
Date: Fri, 5 Jun 2026 16:10:04 +0200
Subject: [PATCH] repository: unexport SearchKey

---
 cmd/restic/cmd_key_integration_test.go | 8 ++++++--
 internal/repository/key.go             | 4 ++--
 internal/repository/repository.go      | 2 +-
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/cmd/restic/cmd_key_integration_test.go b/cmd/restic/cmd_key_integration_test.go
index 35e949020..eaa3fd085 100644
--- a/cmd/restic/cmd_key_integration_test.go
+++ b/cmd/restic/cmd_key_integration_test.go
@@ -65,9 +65,11 @@ func testRunKeyAddNewKeyUserHost(t testing.TB, gopts global.Options) {
 	_ = withTermStatus(t, gopts, func(ctx context.Context, gopts global.Options) error {
 		repo, err := global.OpenRepository(ctx, gopts, progress.NewNoopPrinter())
 		rtest.OK(t, err)
-		key, err := repository.SearchKey(ctx, repo, testKeyNewPassword, 2, "")
+		err = repo.SearchKey(ctx, testKeyNewPassword, 2, "")
 		rtest.OK(t, err)
 
+		key, err := repository.LoadKey(ctx, repo, repo.KeyID())
+		rtest.OK(t, err)
 		rtest.Equals(t, "john", key.Username)
 		rtest.Equals(t, "example.com", key.Hostname)
 		return nil
@@ -107,9 +109,11 @@ func testRunKeyPasswdUserHost(t testing.TB, newPassword string, gopts global.Opt
 	_ = withTermStatus(t, gopts, func(ctx context.Context, gopts global.Options) error {
 		repo, err := global.OpenRepository(ctx, gopts, progress.NewNoopPrinter())
 		rtest.OK(t, err)
-		key, err := repository.SearchKey(ctx, repo, testKeyNewPassword, 1, "")
+		err = repo.SearchKey(ctx, testKeyNewPassword, 1, "")
 		rtest.OK(t, err)
 
+		key, err := repository.LoadKey(ctx, repo, repo.KeyID())
+		rtest.OK(t, err)
 		rtest.Equals(t, "john", key.Username)
 		rtest.Equals(t, "example.com", key.Hostname)
 		return nil
diff --git a/internal/repository/key.go b/internal/repository/key.go
index c78d791dc..374c984fb 100644
--- a/internal/repository/key.go
+++ b/internal/repository/key.go
@@ -108,11 +108,11 @@ func openKey(ctx context.Context, s *Repository, id restic.ID, password string)
 	return k, nil
 }
 
-// SearchKey tries to decrypt at most maxKeys keys in the backend with the
+// searchKey tries to decrypt at most maxKeys keys in the backend with the
 // given password. If none could be found, ErrNoKeyFound is returned. When
 // maxKeys is reached, ErrMaxKeysReached is returned. When setting maxKeys to
 // zero, all keys in the repo are checked.
-func SearchKey(ctx context.Context, s *Repository, password string, maxKeys int, keyHint string) (k *Key, err error) {
+func searchKey(ctx context.Context, s *Repository, password string, maxKeys int, keyHint string) (k *Key, err error) {
 	checked := 0
 
 	if len(keyHint) > 0 {
diff --git a/internal/repository/repository.go b/internal/repository/repository.go
index 34b0c88de..121d8c5a1 100644
--- a/internal/repository/repository.go
+++ b/internal/repository/repository.go
@@ -862,7 +862,7 @@ func (r *Repository) prepareCache() error {
 // SearchKey finds a key with the supplied password, afterwards the config is
 // read and parsed. It tries at most maxKeys key files in the repo.
 func (r *Repository) SearchKey(ctx context.Context, password string, maxKeys int, keyHint string) error {
-	key, err := SearchKey(ctx, r, password, maxKeys, keyHint)
+	key, err := searchKey(ctx, r, password, maxKeys, keyHint)
 	if err != nil {
 		return err
 	}