Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var DecryptCmd = &cli.Command{ Name: "decrypt", Flags: []cli.Flag{ &cli.StringFlag{ Name: "repo-path", Usage: "Specify the KMS configuration repository", EnvVars: []string{"KMS_REPO_PATH"}, Value: "/tmp", }, &cli.StringFlag{ Name: "src", Usage: "Specify encrypted file (support local file path, ipfs://file, https://file)", Required: true, }, &cli.StringFlag{ Name: "output", Usage: "Decrypted file output directory", Value: "", }, }, Action: func(cctx *cli.Context) error { repoPath := cctx.String("repo-path") kmsConfigPath := filepath.Join(repoPath, decrypt.KMSConfig) kmsKeys, err := decrypt.GetKmsKeys(kmsConfigPath) if err != nil { return err } src := cctx.String("src") var data []byte if strings.HasPrefix(src, "http") { resp, err := http.Get(src) if err != nil { return err } data, err = ioutil.ReadAll(resp.Body) if err != nil { return err } } else if strings.HasPrefix(src, "ipfs") { str := strings.Replace(src, "ipfs://", "", 1) ss := strings.Split(str, "/") if len(ss) != 2 { return fmt.Errorf("src is not a valid ipfs link") } sh := ipfsShell.NewShell(ss[0]) read, err := sh.Cat(ss[1]) if err != nil { return err } data, err = ioutil.ReadAll(read) if err != nil { return err } } else { readCloser, _, err := decrypt.FsOpenFile(context.TODO(), src, 0) if err != nil { return err } defer readCloser.Close() data, err = ioutil.ReadAll(readCloser) if err != nil { return err } } metadataLen := decrypt.BytesToInt(data[0:4]) log.Debug("metadataLen: ", metadataLen) var metadata map[string]string err = json.Unmarshal(data[4:4+metadataLen], &metadata) if err != nil { return err } log.Info("metadata: ", metadata) kmsID := metadata[decrypt.MetaKeyID] kmsKey, ok := kmsKeys[kmsID] if !ok { return errors.New("KMS key ID non-existent") } reader := bytes.NewReader(data[4+metadataLen:]) decReader, err := decrypt.Unseal(reader, metadata, kmsKey) output := cctx.String("output") decrypt.MkdirAll(output) object := filepath.Base(metadata[decrypt.MetaObject]) dest := "" if output != "" { dest = path.Join(output, object) } else { dest = object } err = decrypt.WriteFile(decReader, dest) if err != nil { return err } log.Info(dest) return nil }, }
View Source
var ImportCmd = &cli.Command{ Name: "import", Usage: "Import KMS key config", Flags: []cli.Flag{ &cli.StringFlag{ Name: "repo-path", Usage: "Specify the KMS configuration repository", EnvVars: []string{"KMS_REPO_PATH"}, Value: "/tmp", }, &cli.StringFlag{ Name: "keyConfig", Usage: "Input KMS key/secret config file path", Required: true, }, }, Action: func(cctx *cli.Context) error { repoPath := cctx.String("repo-path") kmsConfigPath := filepath.Join(repoPath, decrypt.KMSConfig) kmsKeys, err := decrypt.GetKmsKeys(kmsConfigPath) if err != nil { return err } keyConfigPath := cctx.String("keyConfig") ok, err := decrypt.FileExist(keyConfigPath) if err != nil { return err } if !ok { return errors.New("KMS key config is non-existent") } data, err := ioutil.ReadFile(keyConfigPath) if err != nil { return err } var keySecret = map[string]string{} err = json.Unmarshal(data, &keySecret) if err != nil { return err } kmsKeys[keySecret["kmsID"]] = keySecret["kmsKey"] b, err := json.MarshalIndent(kmsKeys, "", "") if err != nil { return err } reader := bytes.NewReader(b) err = decrypt.WriteFile(reader, kmsConfigPath) if err != nil { return err } return nil }, }
View Source
var InitCmd = &cli.Command{ Name: "init", Usage: "Initialize a KMS repo", Flags: []cli.Flag{ &cli.StringFlag{ Name: "repo-path", Usage: "Specify the KMS configuration repository", EnvVars: []string{"KMS_REPO_PATH"}, Value: "/tmp", }, }, Action: func(cctx *cli.Context) error { log.Info("Initializing KMS") repoPath := cctx.String("repo-path") kmsConfigPath := filepath.Join(repoPath, decrypt.KMSConfig) ok, err := decrypt.FileExist(kmsConfigPath) if err != nil { return err } if ok { return fmt.Errorf("repo at '%s' is already initialized", decrypt.KMSConfig) } log.Infof("Initializing repo at '%s'", repoPath) err = os.MkdirAll(repoPath, 0755) if err != nil && !os.IsExist(err) { return err } c, err := os.Create(kmsConfigPath) if err != nil { return err } defer c.Close() err = os.Chmod(kmsConfigPath, 0666) if err != nil { return err } b, err := json.MarshalIndent(map[string]string{}, "", "") if err != nil { return fmt.Errorf("marshaling KMS config: %w", err) } if err := ioutil.WriteFile(kmsConfigPath, b, 0644); err != nil { return fmt.Errorf("persisting storage metadata (%s): %w", kmsConfigPath, err) } log.Infof("kms repo at '%s' initialized success", kmsConfigPath) return nil }, }
View Source
var ListCmd = &cli.Command{ Name: "list", Usage: "Show KMS keys list", Flags: []cli.Flag{ &cli.StringFlag{ Name: "repo-path", Usage: "Specify the KMS configuration repository", EnvVars: []string{"KMS_REPO_PATH"}, Value: "/tmp", }, }, Action: func(cctx *cli.Context) error { repoPath := cctx.String("repo-path") kmsConfigPath := filepath.Join(repoPath, decrypt.KMSConfig) kmsKeys, err := decrypt.GetKmsKeys(kmsConfigPath) if err != nil { return err } for k, _ := range kmsKeys { log.Infof("%s\n", k) } return nil }, }
View Source
var RemoveCmd = &cli.Command{ Name: "remove", Usage: "Remove KMS key ID", Flags: []cli.Flag{ &cli.StringFlag{ Name: "repo-path", Usage: "Specify the KMS configuration repository", EnvVars: []string{"KMS_REPO_PATH"}, Value: "/tmp", }, &cli.StringFlag{ Name: "keyID", Usage: "Input KMS key ID", Required: true, }, }, Action: func(cctx *cli.Context) error { repoPath := cctx.String("repo-path") kmsConfigPath := filepath.Join(repoPath, decrypt.KMSConfig) kmsKeys, err := decrypt.GetKmsKeys(kmsConfigPath) if err != nil { return err } _, ok := kmsKeys[cctx.String("keyID")] if !ok { return errors.New("KMS key ID non-existent") } var tempKmsKeys = map[string]string{} for k, v := range kmsKeys { if k == cctx.String("keyID") { continue } tempKmsKeys[k] = v } b, err := json.MarshalIndent(tempKmsKeys, "", "") if err != nil { return err } reader := bytes.NewReader(b) err = decrypt.WriteFile(reader, kmsConfigPath) if err != nil { return err } return nil }, }
Functions ¶
This section is empty.
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.