/
aead.go
90 lines (72 loc) · 1.74 KB
/
aead.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
package main
// Copyright (c) Microsoft Corporation.
// Licensed under the Apache License 2.0.
import (
"bufio"
"context"
"encoding/base64"
"flag"
"fmt"
"io"
"os"
"github.com/sirupsen/logrus"
"github.com/Azure/ARO-RP/pkg/api"
"github.com/Azure/ARO-RP/pkg/env"
"github.com/Azure/ARO-RP/pkg/util/encryption"
"github.com/Azure/ARO-RP/pkg/util/keyvault"
utillog "github.com/Azure/ARO-RP/pkg/util/log"
)
const (
KeyVaultPrefix = "KEYVAULT_PREFIX"
)
func run(ctx context.Context, log *logrus.Entry) error {
fileName := flag.String("file", "-", "File to read. '-' for stdin.")
flag.Parse()
var (
file io.Reader
err error
v string
)
if *fileName == "-" {
file = os.Stdin
} else {
file, err = os.Open(*fileName)
if err != nil {
return err
}
}
scanner := bufio.NewScanner(file)
for scanner.Scan() {
v = v + scanner.Text() + "\n"
}
_env, err := env.NewCore(ctx, log, env.COMPONENT_TOOLING)
if err != nil {
return err
}
msiKVAuthorizer, err := _env.NewMSIAuthorizer(_env.Environment().KeyVaultScope)
if err != nil {
return err
}
if err := env.ValidateVars(KeyVaultPrefix); err != nil {
return err
}
keyVaultPrefix := os.Getenv(KeyVaultPrefix)
serviceKeyvaultURI := keyvault.URI(_env, env.ServiceKeyvaultSuffix, keyVaultPrefix)
serviceKeyvault := keyvault.NewManager(msiKVAuthorizer, serviceKeyvaultURI)
aead, err := encryption.NewMulti(ctx, serviceKeyvault, env.EncryptionSecretV2Name, env.EncryptionSecretName)
if err != nil {
return err
}
b, err := aead.Seal([]byte(api.SecureString(v)))
if err != nil {
return err
}
fmt.Println(base64.StdEncoding.EncodeToString(b))
return nil
}
func main() {
log := utillog.GetLogger()
if err := run(context.Background(), log); err != nil {
log.Fatal(err)
}
}