func getPassphraseRetriever() passphrase.Retriever {
baseRetriever := passphrase.PromptRetriever()
env := map[string]string{
"root": os.Getenv("NOTARY_ROOT_PASSPHRASE"),
"targets": os.Getenv("NOTARY_TARGET_PASSPHRASE"),
"snapshot": os.Getenv("NOTARY_SNAPSHOT_PASSPHRASE"),
}
return func(keyName string, alias string, createNew bool, numAttempts int) (string, bool, error) {
if v := env[alias]; v != "" {
return v, numAttempts > 1, nil
}
return baseRetriever(keyName, alias, createNew, numAttempts)
}
}
// keysExportRoot exports a root key by ID to a PEM file
func keysExportRoot(cmd *cobra.Command, args []string) {
if len(args) < 2 {
cmd.Usage()
fatalf("must specify key ID and output filename for export")
}
keyID := args[0]
exportFilename := args[1]
if len(keyID) != idSize {
fatalf("please specify a valid root key ID")
}
parseConfig()
keyStoreManager, err := keystoremanager.NewKeyStoreManager(trustDir, retriever)
if err != nil {
fatalf("failed to create a new truststore manager with directory: %s", trustDir)
}
exportFile, err := os.Create(exportFilename)
if err != nil {
fatalf("error creating output file: %v", err)
}
if keysExportRootChangePassphrase {
// Must use a different passphrase retriever to avoid caching the
// unlocking passphrase and reusing that.
exportRetriever := passphrase.PromptRetriever()
err = keyStoreManager.ExportRootKeyReencrypt(exportFile, keyID, exportRetriever)
} else {
err = keyStoreManager.ExportRootKey(exportFile, keyID)
}
exportFile.Close()
if err != nil {
os.Remove(exportFilename)
fatalf("error exporting root key: %v", err)
}
}
// keysExport exports a collection of keys to a ZIP file
func keysExport(cmd *cobra.Command, args []string) {
if len(args) < 1 {
cmd.Usage()
fatalf("must specify output filename for export")
}
exportFilename := args[0]
parseConfig()
keyStoreManager, err := keystoremanager.NewKeyStoreManager(trustDir, retriever)
if err != nil {
fatalf("failed to create a new truststore manager with directory: %s", trustDir)
}
exportFile, err := os.Create(exportFilename)
if err != nil {
fatalf("error creating output file: %v", err)
}
// Must use a different passphrase retriever to avoid caching the
// unlocking passphrase and reusing that.
exportRetriever := passphrase.PromptRetriever()
if keysExportGUN != "" {
err = keyStoreManager.ExportKeysByGUN(exportFile, keysExportGUN, exportRetriever)
} else {
err = keyStoreManager.ExportAllKeys(exportFile, exportRetriever)
}
exportFile.Close()
if err != nil {
os.Remove(exportFilename)
fatalf("error exporting keys: %v", err)
}
}
func init() {
retriever = passphrase.PromptRetriever()
}
