latest

2025-05-29 11:02:22 -07:00
parent 345709a306
commit e95609ce69
15 changed files with 1693 additions and 1588 deletions
--- a/internal/cli/secrets.go
+++ b/internal/cli/secrets.go
@@ -0,0 +1,269 @@
+package cli
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"os"
+	"strings"
+
+	"git.eeqj.de/sneak/secret/internal/secret"
+	"github.com/spf13/afero"
+	"github.com/spf13/cobra"
+)
+
+func newAddCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "add <secret-name>",
+		Short: "Add a secret to the vault",
+		Long:  `Add a secret to the current vault. The secret value is read from stdin.`,
+		Args:  cobra.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			secret.Debug("Add command RunE starting", "secret_name", args[0])
+			force, _ := cmd.Flags().GetBool("force")
+			secret.Debug("Got force flag", "force", force)
+
+			cli := NewCLIInstance()
+			secret.Debug("Created CLI instance, calling AddSecret")
+			return cli.AddSecret(args[0], force)
+		},
+	}
+
+	cmd.Flags().BoolP("force", "f", false, "Overwrite existing secret")
+	return cmd
+}
+
+func newGetCmd() *cobra.Command {
+	return &cobra.Command{
+		Use:   "get <secret-name>",
+		Short: "Retrieve a secret from the vault",
+		Args:  cobra.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			cli := NewCLIInstance()
+			return cli.GetSecret(args[0])
+		},
+	}
+}
+
+func newListCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:     "list [filter]",
+		Aliases: []string{"ls"},
+		Short:   "List all secrets in the current vault",
+		Long:    `List all secrets in the current vault. Optionally filter by substring match in secret name.`,
+		Args:    cobra.MaximumNArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			jsonOutput, _ := cmd.Flags().GetBool("json")
+
+			var filter string
+			if len(args) > 0 {
+				filter = args[0]
+			}
+
+			cli := NewCLIInstance()
+			return cli.ListSecrets(jsonOutput, filter)
+		},
+	}
+
+	cmd.Flags().Bool("json", false, "Output in JSON format")
+	return cmd
+}
+
+func newImportCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "import <secret-name>",
+		Short: "Import a secret from a file",
+		Long:  `Import a secret from a file and store it in the current vault under the given name.`,
+		Args:  cobra.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			sourceFile, _ := cmd.Flags().GetString("source")
+			force, _ := cmd.Flags().GetBool("force")
+
+			cli := NewCLIInstance()
+			return cli.ImportSecret(args[0], sourceFile, force)
+		},
+	}
+
+	cmd.Flags().StringP("source", "s", "", "Source file to import from (required)")
+	cmd.Flags().BoolP("force", "f", false, "Overwrite existing secret")
+	_ = cmd.MarkFlagRequired("source")
+	return cmd
+}
+
+// AddSecret adds a secret to the vault
+func (cli *CLIInstance) AddSecret(secretName string, force bool) error {
+	secret.Debug("CLI AddSecret starting", "secret_name", secretName, "force", force)
+
+	// Get current vault
+	secret.Debug("Getting current vault")
+	vault, err := secret.GetCurrentVault(cli.fs, cli.stateDir)
+	if err != nil {
+		secret.Debug("Failed to get current vault", "error", err)
+		return err
+	}
+	secret.Debug("Got current vault", "vault_name", vault.Name)
+
+	// Read secret value from stdin
+	secret.Debug("Reading secret value from stdin")
+	value, err := io.ReadAll(os.Stdin)
+	if err != nil {
+		secret.Debug("Failed to read secret from stdin", "error", err)
+		return fmt.Errorf("failed to read secret from stdin: %w", err)
+	}
+	secret.Debug("Read secret value from stdin", "value_length", len(value))
+
+	// Remove trailing newline if present
+	if len(value) > 0 && value[len(value)-1] == '\n' {
+		value = value[:len(value)-1]
+		secret.Debug("Removed trailing newline", "new_length", len(value))
+	}
+
+	secret.Debug("Calling vault.AddSecret", "secret_name", secretName, "value_length", len(value), "force", force)
+	err = vault.AddSecret(secretName, value, force)
+	if err != nil {
+		secret.Debug("vault.AddSecret failed", "error", err)
+		return err
+	}
+	secret.Debug("vault.AddSecret completed successfully")
+
+	return nil
+}
+
+// GetSecret retrieves a secret from the vault
+func (cli *CLIInstance) GetSecret(secretName string) error {
+	// Get current vault
+	vault, err := secret.GetCurrentVault(cli.fs, cli.stateDir)
+	if err != nil {
+		return err
+	}
+
+	// Get the secret value using the vault's GetSecret method
+	// This handles the per-secret key architecture internally
+	value, err := vault.GetSecret(secretName)
+	if err != nil {
+		return err
+	}
+
+	fmt.Print(string(value))
+	return nil
+}
+
+// ListSecrets lists all secrets in the current vault
+func (cli *CLIInstance) ListSecrets(jsonOutput bool, filter string) error {
+	// Get current vault
+	vault, err := secret.GetCurrentVault(cli.fs, cli.stateDir)
+	if err != nil {
+		return err
+	}
+
+	secrets, err := vault.ListSecrets()
+	if err != nil {
+		return err
+	}
+
+	// Filter secrets if filter is provided
+	var filteredSecrets []string
+	if filter != "" {
+		for _, secretName := range secrets {
+			if strings.Contains(secretName, filter) {
+				filteredSecrets = append(filteredSecrets, secretName)
+			}
+		}
+	} else {
+		filteredSecrets = secrets
+	}
+
+	if jsonOutput {
+		// For JSON output, get metadata for each secret
+		secretsWithMetadata := make([]map[string]interface{}, 0, len(filteredSecrets))
+
+		for _, secretName := range filteredSecrets {
+			secretInfo := map[string]interface{}{
+				"name": secretName,
+			}
+
+			// Try to get metadata using GetSecretObject
+			if secretObj, err := vault.GetSecretObject(secretName); err == nil {
+				metadata := secretObj.GetMetadata()
+				secretInfo["created_at"] = metadata.CreatedAt
+				secretInfo["updated_at"] = metadata.UpdatedAt
+			}
+
+			secretsWithMetadata = append(secretsWithMetadata, secretInfo)
+		}
+
+		output := map[string]interface{}{
+			"secrets": secretsWithMetadata,
+		}
+		if filter != "" {
+			output["filter"] = filter
+		}
+
+		jsonBytes, err := json.MarshalIndent(output, "", "  ")
+		if err != nil {
+			return fmt.Errorf("failed to marshal JSON: %w", err)
+		}
+
+		fmt.Println(string(jsonBytes))
+	} else {
+		// Pretty table output
+		if len(filteredSecrets) == 0 {
+			if filter != "" {
+				fmt.Printf("No secrets found in vault '%s' matching filter '%s'.\n", vault.Name, filter)
+			} else {
+				fmt.Println("No secrets found in current vault.")
+				fmt.Println("Run 'secret add <name>' to create one.")
+			}
+			return nil
+		}
+
+		// Get current vault name for display
+		if filter != "" {
+			fmt.Printf("Secrets in vault '%s' matching '%s':\n\n", vault.Name, filter)
+		} else {
+			fmt.Printf("Secrets in vault '%s':\n\n", vault.Name)
+		}
+		fmt.Printf("%-40s %-20s\n", "NAME", "LAST UPDATED")
+		fmt.Printf("%-40s %-20s\n", "----", "------------")
+
+		for _, secretName := range filteredSecrets {
+			lastUpdated := "unknown"
+			if secretObj, err := vault.GetSecretObject(secretName); err == nil {
+				metadata := secretObj.GetMetadata()
+				lastUpdated = metadata.UpdatedAt.Format("2006-01-02 15:04")
+			}
+			fmt.Printf("%-40s %-20s\n", secretName, lastUpdated)
+		}
+
+		fmt.Printf("\nTotal: %d secret(s)", len(filteredSecrets))
+		if filter != "" {
+			fmt.Printf(" (filtered from %d)", len(secrets))
+		}
+		fmt.Println()
+	}
+
+	return nil
+}
+
+// ImportSecret imports a secret from a file
+func (cli *CLIInstance) ImportSecret(secretName, sourceFile string, force bool) error {
+	// Get current vault
+	vault, err := secret.GetCurrentVault(cli.fs, cli.stateDir)
+	if err != nil {
+		return err
+	}
+
+	// Read secret value from the source file
+	value, err := afero.ReadFile(cli.fs, sourceFile)
+	if err != nil {
+		return fmt.Errorf("failed to read secret from file %s: %w", sourceFile, err)
+	}
+
+	// Store the secret in the vault
+	if err := vault.AddSecret(secretName, value, force); err != nil {
+		return err
+	}
+
+	fmt.Printf("Successfully imported secret '%s' from file '%s'\n", secretName, sourceFile)
+	return nil
+}