difftreelog
refactor move keys command to secrets
in: trunk
3 files changed
src/cmds/fetch_keys.rsdiffbeforeafterbothno changes
src/cmds/secrets/mod.rsdiffbeforeafterboth--- /dev/null
+++ b/src/cmds/secrets/mod.rs
@@ -0,0 +1,51 @@
+use std::io::Write;
+
+use anyhow::Result;
+use clap::Clap;
+
+use crate::host::Config;
+
+#[derive(Clap)]
+pub enum Secrets {
+ /// Force load keys for all defined hosts
+ ForceKeys,
+ /// Add secret, data should be provided in stdin
+ Add {
+ /// Secret owner
+ machine: String,
+ /// Secret name
+ name: String,
+ },
+}
+
+impl Secrets {
+ pub fn run(self, config: &Config) -> Result<()> {
+ match self {
+ Secrets::ForceKeys => {
+ for host in config.list_hosts()? {
+ if config.should_skip(&host) {
+ continue;
+ }
+ config.key(&host)?;
+ }
+ }
+ Secrets::Add { machine, name } => {
+ let recipient = config.recipient(&machine)?;
+ let encryptor = age::Encryptor::with_recipients(vec![Box::new(recipient)]);
+
+ let mut encrypted = vec![];
+ {
+ let mut w = encryptor.wrap_output(&mut encrypted)?;
+
+ let stdin = std::io::stdin();
+ let mut lock = stdin.lock();
+ std::io::copy(&mut lock, &mut w)?;
+ w.flush()?;
+ }
+
+ config.update_secret(&machine, &name, &encrypted)
+ }
+ }
+ Ok(())
+ }
+}
src/main.rsdiffbeforeafterboth--- a/src/main.rs
+++ b/src/main.rs
@@ -15,12 +15,12 @@
#[derive(Clap)]
#[clap(version = "1.0", author = "CertainLach <iam@lach.pw>")]
enum Opts {
- /// Fetch encryption (ssh) public keys from remote hosts
- FetchKeys(FetchKeys),
/// Force generation of missing secrets
GenerateSecrets(GenerateSecrets),
/// Prepare systems for deployments
BuildSystems(BuildSystems),
+ /// Secret management
+ Secrets(Secrets),
}
fn main() -> Result<()> {