/
secrets.go
93 lines (80 loc) · 2.29 KB
/
secrets.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
package cli
import (
"encoding/base64"
"fmt"
"github.com/nearform/initium-cli/src/services/secrets"
"github.com/urfave/cli/v2"
)
func (c icli) generateKeys(ctx *cli.Context) error {
keys, err := secrets.GenerateKeys()
if err != nil {
return err
}
fmt.Fprintf(c.Writer, "Secret key: %q\n", keys.Private)
fmt.Fprintf(c.Writer, "Public key: %q\n", keys.Public)
return nil
}
func (c icli) encrypt(ctx *cli.Context) error {
publicKey := ctx.String(publicKeyFlag)
secret := ctx.String(plainSecretFlag)
base64Secret := ctx.String(base64PlainSecretFlag)
if base64Secret == "" {
base64Secret = base64.StdEncoding.EncodeToString([]byte(secret))
}
result, err := secrets.Encrypt(publicKey, base64Secret)
if err != nil {
return err
}
fmt.Fprintf(c.Writer, "%s\n", result)
return nil
}
func (c icli) decrypt(ctx *cli.Context) error {
privateKey := ctx.String(privateKeyFlag)
secret := ctx.String(base64EncryptedSecretFlag)
result, err := secrets.Decrypt(privateKey, secret)
if err != nil {
return err
}
fmt.Fprintf(c.Writer, "%s\n", result)
return nil
}
func (c icli) SecretsCMD() *cli.Command {
return &cli.Command{
Name: "secrets",
Usage: "A series of command to generate age keys, encrypt and decrypt secrets",
Subcommands: []*cli.Command{
{
Name: "generate-keys",
Usage: "Generate the public and private keys and output them on stdout",
Action: c.generateKeys,
Before: c.baseBeforeFunc,
},
{
Name: "encrypt",
Usage: "Encrypt a secret, if the secret flag is used the secret is first encoded in base64 and then encrypted",
Action: c.encrypt,
Flags: c.CommandFlags([]FlagsType{Encrypt}),
Before: func(ctx *cli.Context) error {
if err := c.loadFlagsFromConfig(ctx); err != nil {
return err
}
ignoredFlags := []string{}
if ctx.IsSet(plainSecretFlag) {
ignoredFlags = append(ignoredFlags, base64PlainSecretFlag)
}
if ctx.IsSet(base64PlainSecretFlag) {
ignoredFlags = append(ignoredFlags, plainSecretFlag)
}
return c.checkRequiredFlags(ctx, ignoredFlags)
},
},
{
Name: "decrypt",
Usage: "Decrypt a base64 encoded secret and output the base64 encoded value",
Action: c.decrypt,
Flags: c.CommandFlags([]FlagsType{Decrypt}),
Before: c.baseBeforeFunc,
},
},
}
}