예제 #1
0
파일: main.go 프로젝트: twolfson/sops
func rotate(c *cli.Context, tree sops.Tree, outputStore sops.Store) ([]byte, error) {
	tree, _, err := decryptTree(tree, c.Bool("ignore-mac"))
	if err != nil {
		return nil, err
	}
	kmsEncryptionContext := kms.ParseKMSContext(c.String("encryption-context"))
	if c.String("encryption-context") != "" && kmsEncryptionContext == nil {
		return nil, cli.NewExitError("Invalid KMS encryption context format", exitErrorInvalidKMSEncryptionContextFormat)
	}
	tree.Metadata.AddKMSMasterKeys(c.String("add-kms"), kmsEncryptionContext)
	tree.Metadata.AddPGPMasterKeys(c.String("add-pgp"))
	tree.Metadata.RemoveKMSMasterKeys(c.String("rm-kms"))
	tree.Metadata.RemovePGPMasterKeys(c.String("rm-pgp"))
	_, errs := tree.GenerateDataKey()
	if len(errs) > 0 {
		return nil, cli.NewExitError(fmt.Sprintf("Error encrypting the data key with one or more master keys: %s", errs), exitCouldNotRetrieveKey)
	}
	tree, err = encryptTree(tree, nil)
	if err != nil {
		return nil, err
	}
	out, err := outputStore.MarshalWithMetadata(tree.Branch, tree.Metadata)
	if err != nil {
		return nil, cli.NewExitError(fmt.Sprintf("Could not marshal tree: %s", err), exitErrorDumpingTree)
	}
	return out, nil
}
예제 #2
0
파일: main.go 프로젝트: twolfson/sops
func encrypt(c *cli.Context, tree sops.Tree, outputStore sops.Store) ([]byte, error) {
	tree, err := encryptTree(tree, nil)
	if err != nil {
		return nil, err
	}
	out, err := outputStore.MarshalWithMetadata(tree.Branch, tree.Metadata)
	if err != nil {
		return nil, cli.NewExitError(fmt.Sprintf("Could not marshal tree: %s", err), exitErrorDumpingTree)
	}
	return out, err
}