Merge branch 'release/0.9.0'

create can now write to STDOUT
ssh-vault · Mar 3, 2017 · 395c764 · 395c764
2 parents c0ad641 + d5c1d4c
commit 395c764
Show file tree

Hide file tree

Showing 5 changed files with 81 additions and 19 deletions.
diff --git a/README.md b/README.md
@@ -15,6 +15,10 @@ Usage:
 
     $ ssh-vault -h
 
+Example:
+
+    $ echo "secret" | ssh-vault -u <github.com/user> create
+
 
 ## Compile from source
 
@@ -38,4 +42,10 @@ Build by just typing make:
     $ make
 
 
-**ssh-vault** is at an early development stage, please feel free to raise any issue, feature requirement or a simple comment [here](https://github.com/ssh-vault/ssh-vault/issues).
+## Issues
+
+Please feel free to raise any issue, feature requirement or a simple comment [here](https://github.com/ssh-vault/ssh-vault/issues).
+
+## Donate
+
+If you like this project, please do consider becoming a [patron!](https://www.patreon.com/nbari).
diff --git a/close.go b/close.go
@@ -21,14 +21,13 @@ func (v *vault) Close(data []byte) error {
 	payload.WriteString(";")
 	payload.WriteString(base64.StdEncoding.EncodeToString(data))
 
-	err = ioutil.WriteFile(v.vault,
-		[]byte(fmt.Sprintf("SSH-VAULT;AES256;%s\n%s\n",
-			v.Fingerprint,
-			v.Encode(payload.String(), 64))),
-		0600,
+	vault := []byte(fmt.Sprintf("SSH-VAULT;AES256;%s\n%s\n",
+		v.Fingerprint,
+		v.Encode(payload.String(), 64)),
 	)
-	if err != nil {
-		return err
+	if v.vault != "" {
+		return ioutil.WriteFile(v.vault, vault, 0600)
 	}
-	return nil
+	_, err = fmt.Printf("%s", vault)
+	return err
 }
diff --git a/cmd/ssh-vault/main.go b/cmd/ssh-vault/main.go
@@ -29,10 +29,12 @@ func main() {
 	)
 
 	flag.Usage = func() {
-		fmt.Fprintf(os.Stderr, "Usage: %s [-k key] [-u user] [create|edit|view] vault\n\n%s\n%s\n%s\n%s\n\n",
+		fmt.Fprintf(os.Stderr, "Usage: %s [-k key] [-u user] [create|edit|view] vault\n\n%s\n%s\n%s\n%s\n%s\n%s\n\n",
 			os.Args[0],
 			"  Options:",
-			"    create    Creates a new vault",
+			"    create    Creates a new vault, if no vault defined outputs to stdout.",
+			"              Can read from stdin, example:",
+			"                  echo \"secret\" | ssh-vault -u <user> create",
 			"    edit      Edit an existing vault",
 			"    view      View an existing vault")
 		flag.PrintDefaults()
@@ -84,11 +86,6 @@ func main() {
 		exit1(fmt.Errorf("Invalid option, use (\"%s -h\") for help.\n", os.Args[0]))
 	}
 
-	// check for vault name
-	if flag.NArg() < 2 {
-		exit1(fmt.Errorf("Missing vault name, use (\"%s -h\") for help.\n", os.Args[0]))
-	}
-
 	vault.Password, err = crypto.GenerateNonce(32)
 	if err != nil {
 		exit1(err)
@@ -111,7 +108,7 @@ func main() {
 	case "edit":
 		data, err := vault.View()
 		if err != nil {
-			exit1(err)
+			exit1(fmt.Errorf("Missing vault name, use (\"%s -h\") for help.\n", os.Args[0]))
 		}
 		out, err := vault.Edit(data)
 		if err != nil {
@@ -128,7 +125,7 @@ func main() {
 	case "view":
 		out, err := vault.View()
 		if err != nil {
-			exit1(err)
+			exit1(fmt.Errorf("Missing vault name, use (\"%s -h\") for help.\n", os.Args[0]))
 		}
 		fmt.Printf("\n%s", out)
 	}

diff --git a/vault.go b/vault.go
@@ -54,7 +54,7 @@ func New(k, u, o, v string) (*vault, error) {
 		return nil, fmt.Errorf("SSH key %q not found or unable to read", keyPath)
 	}
 	if o == "create" {
-		if cache.IsFile(v) {
+		if v != "" && cache.IsFile(v) {
 			return nil, fmt.Errorf("File already exists: %q", v)
 		}
 	}

diff --git a/vault_test.go b/vault_test.go
@@ -131,6 +131,62 @@ func TestVaultFunctions(t *testing.T) {
 	}
 }
 
+func TestVaultFunctionsSTDOUT(t *testing.T) {
+	dir, err := ioutil.TempDir("", "vault")
+	if err != nil {
+		t.Error(err)
+	}
+	defer os.RemoveAll(dir) // clean up
+
+	vault, err := New("test_data/id_rsa.pub", "", "create", "")
+	if err != nil {
+		t.Error(err)
+	}
+
+	if err = vault.PKCS8(); err != nil {
+		t.Error(err)
+	}
+
+	if vault.Password, err = crypto.GenerateNonce(32); err != nil {
+		t.Error(err)
+	}
+
+	// Skip vault.Create because we don't need/want to interact with an editor
+	in := []byte("The quick brown fox jumps over the lazy dog")
+
+	out, err := aead.Encrypt(vault.Password, in, []byte(vault.Fingerprint))
+	if err != nil {
+		t.Error(err)
+	}
+
+	rescueStdout := os.Stdout // keep backup of the real stdout
+	r, w, _ := os.Pipe()
+	os.Stdout = w
+
+	if err = vault.Close(out); err != nil {
+		t.Error(err)
+	}
+
+	w.Close()
+	outStdout, _ := ioutil.ReadAll(r)
+	os.Stdout = rescueStdout
+	tmpfile, err := ioutil.TempFile("", "stdout")
+	if err != nil {
+		t.Error(err)
+	}
+	tmpfile.Write([]byte(outStdout))
+	vault.vault = tmpfile.Name()
+
+	plaintext, err := vault.View()
+	if err != nil {
+		t.Error(err)
+	}
+
+	if !bytes.Equal(in, plaintext) {
+		t.Error("in != out")
+	}
+}
+
 func TestVaultNew(t *testing.T) {
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		expect(t, "ssh-vault", r.Header.Get("User-agent"))