Added 'easy-vault check-encrypted' command

Details: * Added a 'easy-vault check-encrypted' command that checks whether the vault file is encrypted and exits with 1 if that is ot the case. This can be used for example if the vault file is stored in a repository to regularly check whether it is encrypted to ensure it has not been committed by mistake in the decrypted state. (issue #57) Signed-off-by: Andreas Maier <andreas.r.maier@gmx.de>
andy-maier · Apr 5, 2021 · a1aadbb · a1aadbb
1 parent fad0ca2
commit a1aadbb
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 0 deletions.
diff --git a/docs/changes.rst b/docs/changes.rst
@@ -48,6 +48,12 @@ Released: not yet
   a vault file in the keyring service. Added a corresponding
   'Keyring.delete_password()' method. (issues #33 and #35)
 
+* Added a 'easy-vault check-encrypted' command that checks whether the vault
+  file is encrypted and exits with 1 if that is ot the case. This can be used
+  for example if the vault file is stored in a repository to regularly check
+  whether it is encrypted to ensure it has not been committed by mistake in the
+  decrypted state. (issue #57)
+
 * Improved error messages when writing vault file during 'EasyVault.encrypt()'
   / 'decrypt()'.
 

diff --git a/docs/usage.rst b/docs/usage.rst
@@ -64,6 +64,7 @@ This command displays self-explanatory help, e.g.:
     $ easy-vault encrypt --help
     $ easy-vault decrypt --help
     $ easy-vault check-keyring --help
+    $ easy-vault check-encrypted --help
 
 
 .. _`Accessing the secrets in a program`:

diff --git a/easy_vault/cli/cli.py b/easy_vault/cli/cli.py
@@ -179,6 +179,30 @@ def cli_decrypt(vaultfile, **options):
                  verbose=verbose, echo=click.echo)
 
 
+@cli.command('check-encrypted')
+@click.argument('vaultfile', type=str, metavar='VAULTFILE', required=True)
+@add_options(quiet_option)
+@add_options(help_option)
+def cli_check_encrypted(vaultfile, **options):
+    """
+    Check whether the vault file is encrypted.
+
+    If encrypted, the command exits with 0.
+    If not encrypted, the command exits with 1.
+    """
+    verbose = not options['quiet']
+
+    check_exists(vaultfile)
+
+    if not EasyVault(vaultfile).is_encrypted():
+        if verbose:
+            click.echo("Error: Vault file is not encrypted")
+        click.get_current_context().exit(1)
+
+    if verbose:
+        click.echo("Success! Vault file is encrypted")
+
+
 @cli.command('check-keyring')
 @add_options(quiet_option)
 @add_options(help_option)