func (*TTYSteward) SealVault(name string, password *string, vault *vaulted.Vault) error {
if password == nil {
envPassword := os.Getenv("VAULTED_NEW_PASSWORD")
if envPassword != "" {
password = &envPassword
} else {
for {
newPassword, err := ask.HiddenAsk("New Password: "******"Confirm Password: "******"Passwords do not match.\n")
}
}
}
}
return vaulted.SealVault(name, *password, vault)
}
func (*TTYSteward) OpenLegacyVault() (password string, environments map[string]legacy.Environment, err error) {
legacyVault, err := legacy.ReadVault()
if err != nil {
fmt.Fprintln(os.Stderr, err)
os.Exit(1)
}
password = os.Getenv("VAULTED_PASSWORD")
if password != "" {
environments, err = legacyVault.DecryptEnvironments(password)
} else {
for i := 0; i < 3; i++ {
password, err = ask.HiddenAsk("Legacy Password: ")
if err != nil {
break
}
environments, err = legacyVault.DecryptEnvironments(password)
if err != legacy.ErrInvalidPassword {
break
}
}
}
return
}
func loadAndDecryptKey(filename string) (*pem.Block, error) {
f, err := os.Open(filename)
if err != nil {
return nil, err
}
defer f.Close()
data, err := ioutil.ReadAll(f)
if err != nil {
return nil, err
}
block, _ := pem.Decode(data)
if block == nil {
return nil, err
}
if x509.IsEncryptedPEMBlock(block) {
var passphrase string
var decryptedBytes []byte
for i := 0; i < 3; i++ {
passphrase, err = ask.HiddenAsk("Passphrase: ")
if err != nil {
return nil, err
}
decryptedBytes, err = x509.DecryptPEMBlock(block, []byte(passphrase))
if err == nil {
break
}
if err != x509.IncorrectPasswordError {
return nil, err
}
}
if err != nil {
return nil, err
}
return &pem.Block{
Type: block.Type,
Bytes: decryptedBytes,
}, nil
}
return block, nil
}
func (*TTYSteward) GetEnvironment(name string, password *string) (string, *vaulted.Environment, error) {
if !vaulted.VaultExists(name) {
return "", nil, os.ErrNotExist
}
if password == nil && os.Getenv("VAULTED_PASSWORD") != "" {
envPassword := os.Getenv("VAULTED_PASSWORD")
password = &envPassword
}
var env *vaulted.Environment
var err error
if password != nil {
env, err = vaulted.GetEnvironment(name, *password)
} else {
for i := 0; i < 3; i++ {
var requestedPassword string
requestedPassword, err = ask.HiddenAsk("Password: "******"", nil, err
}
return *password, env, nil
}