Пример #1
0
func (*TTYSteward) SealVault(name string, password *string, vault *vaulted.Vault) error {
	if password == nil {
		envPassword := os.Getenv("VAULTED_NEW_PASSWORD")
		if envPassword != "" {
			password = &envPassword
		} else {
			for {
				newPassword, err := ask.HiddenAsk("New Password: "******"Confirm Password: "******"Passwords do not match.\n")
				}
			}
		}
	}

	return vaulted.SealVault(name, *password, vault)
}
Пример #2
0
func (*TTYSteward) OpenLegacyVault() (password string, environments map[string]legacy.Environment, err error) {
	legacyVault, err := legacy.ReadVault()
	if err != nil {
		fmt.Fprintln(os.Stderr, err)
		os.Exit(1)
	}

	password = os.Getenv("VAULTED_PASSWORD")
	if password != "" {
		environments, err = legacyVault.DecryptEnvironments(password)
	} else {
		for i := 0; i < 3; i++ {
			password, err = ask.HiddenAsk("Legacy Password: ")
			if err != nil {
				break
			}

			environments, err = legacyVault.DecryptEnvironments(password)
			if err != legacy.ErrInvalidPassword {
				break
			}
		}
	}
	return
}
Пример #3
0
func loadAndDecryptKey(filename string) (*pem.Block, error) {
	f, err := os.Open(filename)
	if err != nil {
		return nil, err
	}
	defer f.Close()

	data, err := ioutil.ReadAll(f)
	if err != nil {
		return nil, err
	}

	block, _ := pem.Decode(data)
	if block == nil {
		return nil, err
	}

	if x509.IsEncryptedPEMBlock(block) {
		var passphrase string
		var decryptedBytes []byte
		for i := 0; i < 3; i++ {
			passphrase, err = ask.HiddenAsk("Passphrase: ")
			if err != nil {
				return nil, err
			}

			decryptedBytes, err = x509.DecryptPEMBlock(block, []byte(passphrase))
			if err == nil {
				break
			}
			if err != x509.IncorrectPasswordError {
				return nil, err
			}
		}

		if err != nil {
			return nil, err
		}

		return &pem.Block{
			Type:  block.Type,
			Bytes: decryptedBytes,
		}, nil
	}
	return block, nil
}
Пример #4
0
func (*TTYSteward) GetEnvironment(name string, password *string) (string, *vaulted.Environment, error) {
	if !vaulted.VaultExists(name) {
		return "", nil, os.ErrNotExist
	}

	if password == nil && os.Getenv("VAULTED_PASSWORD") != "" {
		envPassword := os.Getenv("VAULTED_PASSWORD")
		password = &envPassword
	}

	var env *vaulted.Environment
	var err error
	if password != nil {
		env, err = vaulted.GetEnvironment(name, *password)
	} else {
		for i := 0; i < 3; i++ {
			var requestedPassword string
			requestedPassword, err = ask.HiddenAsk("Password: "******"", nil, err
	}

	return *password, env, nil
}