From a1aadbb2d3f7dd1ffa7805c8971bfd975aea9b4a Mon Sep 17 00:00:00 2001
From: Andreas Maier <andreas.r.maier@gmx.de>
Date: Mon, 5 Apr 2021 09:45:53 +0200
Subject: [PATCH] Added 'easy-vault check-encrypted' command

Details:

* Added a 'easy-vault check-encrypted' command that checks whether the vault
  file is encrypted and exits with 1 if that is ot the case. This can be used
  for example if the vault file is stored in a repository to regularly check
  whether it is encrypted to ensure it has not been committed by mistake in the
  decrypted state. (issue #57)

Signed-off-by: Andreas Maier <andreas.r.maier@gmx.de>
---
 docs/changes.rst      |  6 ++++++
 docs/usage.rst        |  1 +
 easy_vault/cli/cli.py | 24 ++++++++++++++++++++++++
 3 files changed, 31 insertions(+)

diff --git a/docs/changes.rst b/docs/changes.rst
index 1840821..39c0153 100644
--- a/docs/changes.rst
+++ b/docs/changes.rst
@@ -48,6 +48,12 @@ Released: not yet
   a vault file in the keyring service. Added a corresponding
   'Keyring.delete_password()' method. (issues #33 and #35)
 
+* Added a 'easy-vault check-encrypted' command that checks whether the vault
+  file is encrypted and exits with 1 if that is ot the case. This can be used
+  for example if the vault file is stored in a repository to regularly check
+  whether it is encrypted to ensure it has not been committed by mistake in the
+  decrypted state. (issue #57)
+
 * Improved error messages when writing vault file during 'EasyVault.encrypt()'
   / 'decrypt()'.
 
diff --git a/docs/usage.rst b/docs/usage.rst
index 2a9451e..32a3216 100644
--- a/docs/usage.rst
+++ b/docs/usage.rst
@@ -64,6 +64,7 @@ This command displays self-explanatory help, e.g.:
     $ easy-vault encrypt --help
     $ easy-vault decrypt --help
     $ easy-vault check-keyring --help
+    $ easy-vault check-encrypted --help
 
 
 .. _`Accessing the secrets in a program`:
diff --git a/easy_vault/cli/cli.py b/easy_vault/cli/cli.py
index 6ae1d04..25c2b37 100644
--- a/easy_vault/cli/cli.py
+++ b/easy_vault/cli/cli.py
@@ -179,6 +179,30 @@ def cli_decrypt(vaultfile, **options):
                  verbose=verbose, echo=click.echo)
 
 
+@cli.command('check-encrypted')
+@click.argument('vaultfile', type=str, metavar='VAULTFILE', required=True)
+@add_options(quiet_option)
+@add_options(help_option)
+def cli_check_encrypted(vaultfile, **options):
+    """
+    Check whether the vault file is encrypted.
+
+    If encrypted, the command exits with 0.
+    If not encrypted, the command exits with 1.
+    """
+    verbose = not options['quiet']
+
+    check_exists(vaultfile)
+
+    if not EasyVault(vaultfile).is_encrypted():
+        if verbose:
+            click.echo("Error: Vault file is not encrypted")
+        click.get_current_context().exit(1)
+
+    if verbose:
+        click.echo("Success! Vault file is encrypted")
+
+
 @cli.command('check-keyring')
 @add_options(quiet_option)
 @add_options(help_option)