コード例 #1
0
ファイル: main.go プロジェクト: twolfson/sops 
func rotate(c *cli.Context, tree sops.Tree, outputStore sops.Store) ([]byte, error) {
	tree, _, err := decryptTree(tree, c.Bool("ignore-mac"))
	if err != nil {
		return nil, err
	}
	kmsEncryptionContext := kms.ParseKMSContext(c.String("encryption-context"))
	if c.String("encryption-context") != "" && kmsEncryptionContext == nil {
		return nil, cli.NewExitError("Invalid KMS encryption context format", exitErrorInvalidKMSEncryptionContextFormat)
	}
	tree.Metadata.AddKMSMasterKeys(c.String("add-kms"), kmsEncryptionContext)
	tree.Metadata.AddPGPMasterKeys(c.String("add-pgp"))
	tree.Metadata.RemoveKMSMasterKeys(c.String("rm-kms"))
	tree.Metadata.RemovePGPMasterKeys(c.String("rm-pgp"))
	_, errs := tree.GenerateDataKey()
	if len(errs) > 0 {
		return nil, cli.NewExitError(fmt.Sprintf("Error encrypting the data key with one or more master keys: %s", errs), exitCouldNotRetrieveKey)
	}
	tree, err = encryptTree(tree, nil)
	if err != nil {
		return nil, err
	}
	out, err := outputStore.MarshalWithMetadata(tree.Branch, tree.Metadata)
	if err != nil {
		return nil, cli.NewExitError(fmt.Sprintf("Could not marshal tree: %s", err), exitErrorDumpingTree)
	}
	return out, nil
}
コード例 #2
0
ファイル: store.go プロジェクト: twolfson/sops 
func (store *Store) kmsEntries(in []interface{}) (sops.KeySource, error) {
	var keys []sops.MasterKey
	keysource := sops.KeySource{Name: "kms", Keys: keys}
	for _, v := range in {
		entry, ok := v.(map[interface{}]interface{})
		if !ok {
			fmt.Println("KMS entry has invalid format, skipping...")
			continue
		}
		key := &kms.MasterKey{}
		key.Arn = entry["arn"].(string)
		key.EncryptedKey = entry["enc"].(string)
		role, ok := entry["role"].(string)
		if ok {
			key.Role = role
		}
		creationDate, err := time.Parse(time.RFC3339, entry["created_at"].(string))
		if err != nil {
			return keysource, fmt.Errorf("Could not parse creation date: %s", err)
		}
		key.CreationDate = creationDate
		if _, ok := entry["context"]; ok {
			key.EncryptionContext = kms.ParseKMSContext(entry["context"].(string))
		}
		keysource.Keys = append(keysource.Keys, key)
	}
	return keysource, nil
}
コード例 #3
0
ファイル: main.go プロジェクト: twolfson/sops 
func getKeySources(c *cli.Context, file string) ([]sops.KeySource, error) {
	var kmsKeys []sops.MasterKey
	var pgpKeys []sops.MasterKey
	kmsEncryptionContext := kms.ParseKMSContext(c.String("encryption-context"))
	if c.String("encryption-context") != "" && kmsEncryptionContext == nil {
		return nil, cli.NewExitError("Invalid KMS encryption context format", exitErrorInvalidKMSEncryptionContextFormat)
	}
	if c.String("kms") != "" {
		for _, k := range kms.MasterKeysFromArnString(c.String("kms"), kmsEncryptionContext) {
			kmsKeys = append(kmsKeys, k)
		}
	}
	if c.String("pgp") != "" {
		for _, k := range pgp.MasterKeysFromFingerprintString(c.String("pgp")) {
			pgpKeys = append(pgpKeys, k)
		}
	}
	var err error
	if c.String("kms") == "" && c.String("pgp") == "" {
		var confBytes []byte
		if c.String("config") != "" {
			confBytes, err = ioutil.ReadFile(c.String("config"))
			if err != nil {
				return nil, cli.NewExitError(fmt.Sprintf("Error loading config file: %s", err), exitErrorReadingConfig)
			}
		}
		kmsString, pgpString, err := yaml.MasterKeyStringsForFile(file, confBytes)
		if err == nil {
			for _, k := range pgp.MasterKeysFromFingerprintString(pgpString) {
				pgpKeys = append(pgpKeys, k)
			}
			for _, k := range kms.MasterKeysFromArnString(kmsString, kmsEncryptionContext) {
				kmsKeys = append(kmsKeys, k)
			}
		}
	}
	kmsKs := sops.KeySource{Name: "kms", Keys: kmsKeys}
	pgpKs := sops.KeySource{Name: "pgp", Keys: pgpKeys}
	return []sops.KeySource{kmsKs, pgpKs}, nil
}