'unlock keys' renamed to 'unlockers'
This commit is contained in:
@@ -74,11 +74,11 @@ func (cli *CLIInstance) Encrypt(secretName, inputFile, outputFile string) error
|
||||
if os.Getenv(secret.EnvMnemonic) != "" {
|
||||
secretValue, err = secretObj.GetValue(nil)
|
||||
} else {
|
||||
unlockKey, unlockErr := vlt.GetCurrentUnlockKey()
|
||||
unlocker, unlockErr := vlt.GetCurrentUnlocker()
|
||||
if unlockErr != nil {
|
||||
return fmt.Errorf("failed to get current unlock key: %w", unlockErr)
|
||||
return fmt.Errorf("failed to get current unlocker: %w", unlockErr)
|
||||
}
|
||||
secretValue, err = secretObj.GetValue(unlockKey)
|
||||
secretValue, err = secretObj.GetValue(unlocker)
|
||||
}
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to get secret value: %w", err)
|
||||
@@ -178,11 +178,11 @@ func (cli *CLIInstance) Decrypt(secretName, inputFile, outputFile string) error
|
||||
if os.Getenv(secret.EnvMnemonic) != "" {
|
||||
secretValue, err = secretObj.GetValue(nil)
|
||||
} else {
|
||||
unlockKey, unlockErr := vlt.GetCurrentUnlockKey()
|
||||
unlocker, unlockErr := vlt.GetCurrentUnlocker()
|
||||
if unlockErr != nil {
|
||||
return fmt.Errorf("failed to get current unlock key: %w", unlockErr)
|
||||
return fmt.Errorf("failed to get current unlocker: %w", unlockErr)
|
||||
}
|
||||
secretValue, err = secretObj.GetValue(unlockKey)
|
||||
secretValue, err = secretObj.GetValue(unlocker)
|
||||
}
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to get secret value: %w", err)
|
||||
|
||||
@@ -140,7 +140,7 @@ func (cli *CLIInstance) Init(cmd *cobra.Command) error {
|
||||
// Unlock the vault with the derived long-term key
|
||||
vlt.Unlock(ltIdentity)
|
||||
|
||||
// Prompt for passphrase for unlock key
|
||||
// Prompt for passphrase for unlocker
|
||||
var passphraseStr string
|
||||
if envPassphrase := os.Getenv(secret.EnvUnlockPassphrase); envPassphrase != "" {
|
||||
secret.Debug("Using unlock passphrase from environment variable")
|
||||
@@ -148,61 +148,61 @@ func (cli *CLIInstance) Init(cmd *cobra.Command) error {
|
||||
} else {
|
||||
secret.Debug("Prompting user for unlock passphrase")
|
||||
// Use secure passphrase input with confirmation
|
||||
passphraseStr, err = readSecurePassphrase("Enter passphrase for unlock key: ")
|
||||
passphraseStr, err = readSecurePassphrase("Enter passphrase for unlocker: ")
|
||||
if err != nil {
|
||||
secret.Debug("Failed to read unlock passphrase", "error", err)
|
||||
return fmt.Errorf("failed to read passphrase: %w", err)
|
||||
}
|
||||
}
|
||||
|
||||
// Create passphrase-protected unlock key
|
||||
secret.Debug("Creating passphrase-protected unlock key")
|
||||
passphraseKey, err := vlt.CreatePassphraseKey(passphraseStr)
|
||||
// Create passphrase-protected unlocker
|
||||
secret.Debug("Creating passphrase-protected unlocker")
|
||||
passphraseUnlocker, err := vlt.CreatePassphraseUnlocker(passphraseStr)
|
||||
if err != nil {
|
||||
secret.Debug("Failed to create unlock key", "error", err)
|
||||
return fmt.Errorf("failed to create unlock key: %w", err)
|
||||
secret.Debug("Failed to create unlocker", "error", err)
|
||||
return fmt.Errorf("failed to create unlocker: %w", err)
|
||||
}
|
||||
|
||||
// Encrypt long-term private key to the unlock key
|
||||
unlockKeyDir := passphraseKey.GetDirectory()
|
||||
// Encrypt long-term private key to the unlocker
|
||||
unlockerDir := passphraseUnlocker.GetDirectory()
|
||||
|
||||
// Read unlock key public key
|
||||
unlockPubKeyData, err := afero.ReadFile(cli.fs, filepath.Join(unlockKeyDir, "pub.age"))
|
||||
// Read unlocker public key
|
||||
unlockerPubKeyData, err := afero.ReadFile(cli.fs, filepath.Join(unlockerDir, "pub.age"))
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to read unlock key public key: %w", err)
|
||||
return fmt.Errorf("failed to read unlocker public key: %w", err)
|
||||
}
|
||||
|
||||
unlockRecipient, err := age.ParseX25519Recipient(string(unlockPubKeyData))
|
||||
unlockerRecipient, err := age.ParseX25519Recipient(string(unlockerPubKeyData))
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to parse unlock key public key: %w", err)
|
||||
return fmt.Errorf("failed to parse unlocker public key: %w", err)
|
||||
}
|
||||
|
||||
// Encrypt long-term private key to unlock key
|
||||
// Encrypt long-term private key to unlocker
|
||||
ltPrivKeyData := []byte(ltIdentity.String())
|
||||
encryptedLtPrivKey, err := secret.EncryptToRecipient(ltPrivKeyData, unlockRecipient)
|
||||
encryptedLtPrivKey, err := secret.EncryptToRecipient(ltPrivKeyData, unlockerRecipient)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to encrypt long-term private key: %w", err)
|
||||
}
|
||||
|
||||
// Write encrypted long-term private key
|
||||
if err := afero.WriteFile(cli.fs, filepath.Join(unlockKeyDir, "longterm.age"), encryptedLtPrivKey, secret.FilePerms); err != nil {
|
||||
if err := afero.WriteFile(cli.fs, filepath.Join(unlockerDir, "longterm.age"), encryptedLtPrivKey, secret.FilePerms); err != nil {
|
||||
return fmt.Errorf("failed to write encrypted long-term private key: %w", err)
|
||||
}
|
||||
|
||||
if cmd != nil {
|
||||
cmd.Printf("\nDefault vault created and configured\n")
|
||||
cmd.Printf("Long-term public key: %s\n", ltPubKey)
|
||||
cmd.Printf("Unlock key ID: %s\n", passphraseKey.GetID())
|
||||
cmd.Printf("Unlocker ID: %s\n", passphraseUnlocker.GetID())
|
||||
cmd.Println("\nYour secret manager is ready to use!")
|
||||
cmd.Println("Note: When using SB_SECRET_MNEMONIC environment variable,")
|
||||
cmd.Println("unlock keys are not required for secret operations.")
|
||||
cmd.Println("unlockers are not required for secret operations.")
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// readSecurePassphrase reads a passphrase securely from the terminal without echoing
|
||||
// This version adds confirmation (read twice) for creating new unlock keys
|
||||
// This version adds confirmation (read twice) for creating new unlockers
|
||||
func readSecurePassphrase(prompt string) (string, error) {
|
||||
// Get the first passphrase
|
||||
passphrase1, err := secret.ReadPassphrase(prompt)
|
||||
|
||||
@@ -35,8 +35,8 @@ func newRootCmd() *cobra.Command {
|
||||
cmd.AddCommand(newAddCmd())
|
||||
cmd.AddCommand(newGetCmd())
|
||||
cmd.AddCommand(newListCmd())
|
||||
cmd.AddCommand(newKeysCmd())
|
||||
cmd.AddCommand(newKeyCmd())
|
||||
cmd.AddCommand(newUnlockersCmd())
|
||||
cmd.AddCommand(newUnlockerCmd())
|
||||
cmd.AddCommand(newImportCmd())
|
||||
cmd.AddCommand(newEncryptCmd())
|
||||
cmd.AddCommand(newDecryptCmd())
|
||||
|
||||
@@ -18,29 +18,29 @@ import (
|
||||
|
||||
// ... existing imports ...
|
||||
|
||||
func newKeysCmd() *cobra.Command {
|
||||
func newUnlockersCmd() *cobra.Command {
|
||||
cmd := &cobra.Command{
|
||||
Use: "keys",
|
||||
Short: "Manage unlock keys",
|
||||
Long: `Create, list, and remove unlock keys for the current vault.`,
|
||||
Use: "unlockers",
|
||||
Short: "Manage unlockers",
|
||||
Long: `Create, list, and remove unlockers for the current vault.`,
|
||||
}
|
||||
|
||||
cmd.AddCommand(newKeysListCmd())
|
||||
cmd.AddCommand(newKeysAddCmd())
|
||||
cmd.AddCommand(newKeysRmCmd())
|
||||
cmd.AddCommand(newUnlockersListCmd())
|
||||
cmd.AddCommand(newUnlockersAddCmd())
|
||||
cmd.AddCommand(newUnlockersRmCmd())
|
||||
|
||||
return cmd
|
||||
}
|
||||
|
||||
func newKeysListCmd() *cobra.Command {
|
||||
func newUnlockersListCmd() *cobra.Command {
|
||||
cmd := &cobra.Command{
|
||||
Use: "list",
|
||||
Short: "List unlock keys in the current vault",
|
||||
Short: "List unlockers in the current vault",
|
||||
RunE: func(cmd *cobra.Command, args []string) error {
|
||||
jsonOutput, _ := cmd.Flags().GetBool("json")
|
||||
|
||||
cli := NewCLIInstance()
|
||||
return cli.KeysList(jsonOutput)
|
||||
return cli.UnlockersList(jsonOutput)
|
||||
},
|
||||
}
|
||||
|
||||
@@ -48,60 +48,60 @@ func newKeysListCmd() *cobra.Command {
|
||||
return cmd
|
||||
}
|
||||
|
||||
func newKeysAddCmd() *cobra.Command {
|
||||
func newUnlockersAddCmd() *cobra.Command {
|
||||
cmd := &cobra.Command{
|
||||
Use: "add <type>",
|
||||
Short: "Add a new unlock key",
|
||||
Long: `Add a new unlock key of the specified type (passphrase, keychain, pgp).`,
|
||||
Short: "Add a new unlocker",
|
||||
Long: `Add a new unlocker of the specified type (passphrase, keychain, pgp).`,
|
||||
Args: cobra.ExactArgs(1),
|
||||
RunE: func(cmd *cobra.Command, args []string) error {
|
||||
cli := NewCLIInstance()
|
||||
return cli.KeysAdd(args[0], cmd)
|
||||
return cli.UnlockersAdd(args[0], cmd)
|
||||
},
|
||||
}
|
||||
|
||||
cmd.Flags().String("keyid", "", "GPG key ID for PGP unlock keys")
|
||||
cmd.Flags().String("keyid", "", "GPG key ID for PGP unlockers")
|
||||
return cmd
|
||||
}
|
||||
|
||||
func newKeysRmCmd() *cobra.Command {
|
||||
func newUnlockersRmCmd() *cobra.Command {
|
||||
return &cobra.Command{
|
||||
Use: "rm <key-id>",
|
||||
Short: "Remove an unlock key",
|
||||
Use: "rm <unlocker-id>",
|
||||
Short: "Remove an unlocker",
|
||||
Args: cobra.ExactArgs(1),
|
||||
RunE: func(cmd *cobra.Command, args []string) error {
|
||||
cli := NewCLIInstance()
|
||||
return cli.KeysRemove(args[0])
|
||||
return cli.UnlockersRemove(args[0])
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func newKeyCmd() *cobra.Command {
|
||||
func newUnlockerCmd() *cobra.Command {
|
||||
cmd := &cobra.Command{
|
||||
Use: "key",
|
||||
Short: "Manage current unlock key",
|
||||
Long: `Select the current unlock key for operations.`,
|
||||
Use: "unlocker",
|
||||
Short: "Manage current unlocker",
|
||||
Long: `Select the current unlocker for operations.`,
|
||||
}
|
||||
|
||||
cmd.AddCommand(newKeySelectSubCmd())
|
||||
cmd.AddCommand(newUnlockerSelectSubCmd())
|
||||
|
||||
return cmd
|
||||
}
|
||||
|
||||
func newKeySelectSubCmd() *cobra.Command {
|
||||
func newUnlockerSelectSubCmd() *cobra.Command {
|
||||
return &cobra.Command{
|
||||
Use: "select <key-id>",
|
||||
Short: "Select an unlock key as current",
|
||||
Use: "select <unlocker-id>",
|
||||
Short: "Select an unlocker as current",
|
||||
Args: cobra.ExactArgs(1),
|
||||
RunE: func(cmd *cobra.Command, args []string) error {
|
||||
cli := NewCLIInstance()
|
||||
return cli.KeySelect(args[0])
|
||||
return cli.UnlockerSelect(args[0])
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// KeysList lists unlock keys in the current vault
|
||||
func (cli *CLIInstance) KeysList(jsonOutput bool) error {
|
||||
// UnlockersList lists unlockers in the current vault
|
||||
func (cli *CLIInstance) UnlockersList(jsonOutput bool) error {
|
||||
// Get current vault
|
||||
vlt, err := vault.GetCurrentVault(cli.fs, cli.stateDir)
|
||||
if err != nil {
|
||||
@@ -109,90 +109,90 @@ func (cli *CLIInstance) KeysList(jsonOutput bool) error {
|
||||
}
|
||||
|
||||
// Get the metadata first
|
||||
keyMetadataList, err := vlt.ListUnlockKeys()
|
||||
unlockerMetadataList, err := vlt.ListUnlockers()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Load actual unlock key objects to get the proper IDs
|
||||
type KeyInfo struct {
|
||||
// Load actual unlocker objects to get the proper IDs
|
||||
type UnlockerInfo struct {
|
||||
ID string `json:"id"`
|
||||
Type string `json:"type"`
|
||||
CreatedAt time.Time `json:"created_at"`
|
||||
Flags []string `json:"flags,omitempty"`
|
||||
}
|
||||
|
||||
var keys []KeyInfo
|
||||
for _, metadata := range keyMetadataList {
|
||||
// Create unlock key instance to get the proper ID
|
||||
var unlockers []UnlockerInfo
|
||||
for _, metadata := range unlockerMetadataList {
|
||||
// Create unlocker instance to get the proper ID
|
||||
vaultDir, err := vlt.GetDirectory()
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
|
||||
// Find the key directory by type and created time
|
||||
unlockKeysDir := filepath.Join(vaultDir, "unlock.d")
|
||||
files, err := afero.ReadDir(cli.fs, unlockKeysDir)
|
||||
// Find the unlocker directory by type and created time
|
||||
unlockersDir := filepath.Join(vaultDir, "unlockers.d")
|
||||
files, err := afero.ReadDir(cli.fs, unlockersDir)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
|
||||
var unlockKey secret.UnlockKey
|
||||
var unlocker secret.Unlocker
|
||||
for _, file := range files {
|
||||
if !file.IsDir() {
|
||||
continue
|
||||
}
|
||||
|
||||
keyDir := filepath.Join(unlockKeysDir, file.Name())
|
||||
metadataPath := filepath.Join(keyDir, "unlock-metadata.json")
|
||||
unlockerDir := filepath.Join(unlockersDir, file.Name())
|
||||
metadataPath := filepath.Join(unlockerDir, "unlocker-metadata.json")
|
||||
|
||||
// Check if this is the right key by comparing metadata
|
||||
// Check if this is the right unlocker by comparing metadata
|
||||
metadataBytes, err := afero.ReadFile(cli.fs, metadataPath)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
|
||||
var diskMetadata secret.UnlockKeyMetadata
|
||||
var diskMetadata secret.UnlockerMetadata
|
||||
if err := json.Unmarshal(metadataBytes, &diskMetadata); err != nil {
|
||||
continue
|
||||
}
|
||||
|
||||
// Match by type and creation time
|
||||
if diskMetadata.Type == metadata.Type && diskMetadata.CreatedAt.Equal(metadata.CreatedAt) {
|
||||
// Create the appropriate unlock key instance
|
||||
// Create the appropriate unlocker instance
|
||||
switch metadata.Type {
|
||||
case "passphrase":
|
||||
unlockKey = secret.NewPassphraseUnlockKey(cli.fs, keyDir, diskMetadata)
|
||||
unlocker = secret.NewPassphraseUnlocker(cli.fs, unlockerDir, diskMetadata)
|
||||
case "keychain":
|
||||
unlockKey = secret.NewKeychainUnlockKey(cli.fs, keyDir, diskMetadata)
|
||||
unlocker = secret.NewKeychainUnlocker(cli.fs, unlockerDir, diskMetadata)
|
||||
case "pgp":
|
||||
unlockKey = secret.NewPGPUnlockKey(cli.fs, keyDir, diskMetadata)
|
||||
unlocker = secret.NewPGPUnlocker(cli.fs, unlockerDir, diskMetadata)
|
||||
}
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
// Get the proper ID using the unlock key's ID() method
|
||||
// Get the proper ID using the unlocker's ID() method
|
||||
var properID string
|
||||
if unlockKey != nil {
|
||||
properID = unlockKey.GetID()
|
||||
if unlocker != nil {
|
||||
properID = unlocker.GetID()
|
||||
} else {
|
||||
properID = metadata.ID // fallback to metadata ID
|
||||
}
|
||||
|
||||
keyInfo := KeyInfo{
|
||||
unlockerInfo := UnlockerInfo{
|
||||
ID: properID,
|
||||
Type: metadata.Type,
|
||||
CreatedAt: metadata.CreatedAt,
|
||||
Flags: metadata.Flags,
|
||||
}
|
||||
keys = append(keys, keyInfo)
|
||||
unlockers = append(unlockers, unlockerInfo)
|
||||
}
|
||||
|
||||
if jsonOutput {
|
||||
// JSON output
|
||||
output := map[string]interface{}{
|
||||
"keys": keys,
|
||||
"unlockers": unlockers,
|
||||
}
|
||||
|
||||
jsonBytes, err := json.MarshalIndent(output, "", " ")
|
||||
@@ -203,36 +203,36 @@ func (cli *CLIInstance) KeysList(jsonOutput bool) error {
|
||||
fmt.Println(string(jsonBytes))
|
||||
} else {
|
||||
// Pretty table output
|
||||
if len(keys) == 0 {
|
||||
fmt.Println("No unlock keys found in current vault.")
|
||||
fmt.Println("Run 'secret keys add passphrase' to create one.")
|
||||
if len(unlockers) == 0 {
|
||||
fmt.Println("No unlockers found in current vault.")
|
||||
fmt.Println("Run 'secret unlockers add passphrase' to create one.")
|
||||
return nil
|
||||
}
|
||||
|
||||
fmt.Printf("%-18s %-12s %-20s %s\n", "KEY ID", "TYPE", "CREATED", "FLAGS")
|
||||
fmt.Printf("%-18s %-12s %-20s %s\n", "------", "----", "-------", "-----")
|
||||
fmt.Printf("%-18s %-12s %-20s %s\n", "UNLOCKER ID", "TYPE", "CREATED", "FLAGS")
|
||||
fmt.Printf("%-18s %-12s %-20s %s\n", "-----------", "----", "-------", "-----")
|
||||
|
||||
for _, key := range keys {
|
||||
for _, unlocker := range unlockers {
|
||||
flags := ""
|
||||
if len(key.Flags) > 0 {
|
||||
flags = strings.Join(key.Flags, ",")
|
||||
if len(unlocker.Flags) > 0 {
|
||||
flags = strings.Join(unlocker.Flags, ",")
|
||||
}
|
||||
fmt.Printf("%-18s %-12s %-20s %s\n",
|
||||
key.ID,
|
||||
key.Type,
|
||||
key.CreatedAt.Format("2006-01-02 15:04:05"),
|
||||
unlocker.ID,
|
||||
unlocker.Type,
|
||||
unlocker.CreatedAt.Format("2006-01-02 15:04:05"),
|
||||
flags)
|
||||
}
|
||||
|
||||
fmt.Printf("\nTotal: %d unlock key(s)\n", len(keys))
|
||||
fmt.Printf("\nTotal: %d unlocker(s)\n", len(unlockers))
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// KeysAdd adds a new unlock key
|
||||
func (cli *CLIInstance) KeysAdd(keyType string, cmd *cobra.Command) error {
|
||||
switch keyType {
|
||||
// UnlockersAdd adds a new unlocker
|
||||
func (cli *CLIInstance) UnlockersAdd(unlockerType string, cmd *cobra.Command) error {
|
||||
switch unlockerType {
|
||||
case "passphrase":
|
||||
// Get current vault
|
||||
vlt, err := vault.GetCurrentVault(cli.fs, cli.stateDir)
|
||||
@@ -254,28 +254,28 @@ func (cli *CLIInstance) KeysAdd(keyType string, cmd *cobra.Command) error {
|
||||
passphraseStr = envPassphrase
|
||||
} else {
|
||||
// Use secure passphrase input with confirmation
|
||||
passphraseStr, err = readSecurePassphrase("Enter passphrase for unlock key: ")
|
||||
passphraseStr, err = readSecurePassphrase("Enter passphrase for unlocker: ")
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to read passphrase: %w", err)
|
||||
}
|
||||
}
|
||||
|
||||
passphraseKey, err := vlt.CreatePassphraseKey(passphraseStr)
|
||||
passphraseUnlocker, err := vlt.CreatePassphraseUnlocker(passphraseStr)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
cmd.Printf("Created passphrase unlock key: %s\n", passphraseKey.GetID())
|
||||
cmd.Printf("Created passphrase unlocker: %s\n", passphraseUnlocker.GetID())
|
||||
return nil
|
||||
|
||||
case "keychain":
|
||||
keychainKey, err := secret.CreateKeychainUnlockKey(cli.fs, cli.stateDir)
|
||||
keychainUnlocker, err := secret.CreateKeychainUnlocker(cli.fs, cli.stateDir)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to create macOS Keychain unlock key: %w", err)
|
||||
return fmt.Errorf("failed to create macOS Keychain unlocker: %w", err)
|
||||
}
|
||||
|
||||
cmd.Printf("Created macOS Keychain unlock key: %s\n", keychainKey.GetID())
|
||||
if keyName, err := keychainKey.GetKeychainItemName(); err == nil {
|
||||
cmd.Printf("Created macOS Keychain unlocker: %s\n", keychainUnlocker.GetID())
|
||||
if keyName, err := keychainUnlocker.GetKeychainItemName(); err == nil {
|
||||
cmd.Printf("Keychain Item Name: %s\n", keyName)
|
||||
}
|
||||
return nil
|
||||
@@ -291,38 +291,38 @@ func (cli *CLIInstance) KeysAdd(keyType string, cmd *cobra.Command) error {
|
||||
return fmt.Errorf("GPG key ID required: use --keyid flag or set SB_GPG_KEY_ID environment variable")
|
||||
}
|
||||
|
||||
pgpKey, err := secret.CreatePGPUnlockKey(cli.fs, cli.stateDir, gpgKeyID)
|
||||
pgpUnlocker, err := secret.CreatePGPUnlocker(cli.fs, cli.stateDir, gpgKeyID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
cmd.Printf("Created PGP unlock key: %s\n", pgpKey.GetID())
|
||||
cmd.Printf("Created PGP unlocker: %s\n", pgpUnlocker.GetID())
|
||||
cmd.Printf("GPG Key ID: %s\n", gpgKeyID)
|
||||
return nil
|
||||
|
||||
default:
|
||||
return fmt.Errorf("unsupported key type: %s (supported: passphrase, keychain, pgp)", keyType)
|
||||
return fmt.Errorf("unsupported unlocker type: %s (supported: passphrase, keychain, pgp)", unlockerType)
|
||||
}
|
||||
}
|
||||
|
||||
// KeysRemove removes an unlock key
|
||||
func (cli *CLIInstance) KeysRemove(keyID string) error {
|
||||
// UnlockersRemove removes an unlocker
|
||||
func (cli *CLIInstance) UnlockersRemove(unlockerID string) error {
|
||||
// Get current vault
|
||||
vlt, err := vault.GetCurrentVault(cli.fs, cli.stateDir)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return vlt.RemoveUnlockKey(keyID)
|
||||
return vlt.RemoveUnlocker(unlockerID)
|
||||
}
|
||||
|
||||
// KeySelect selects an unlock key as current
|
||||
func (cli *CLIInstance) KeySelect(keyID string) error {
|
||||
// UnlockerSelect selects an unlocker as current
|
||||
func (cli *CLIInstance) UnlockerSelect(unlockerID string) error {
|
||||
// Get current vault
|
||||
vlt, err := vault.GetCurrentVault(cli.fs, cli.stateDir)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return vlt.SelectUnlockKey(keyID)
|
||||
return vlt.SelectUnlocker(unlockerID)
|
||||
}
|
||||
@@ -251,17 +251,17 @@ func (cli *CLIInstance) VaultImport(vaultName string) error {
|
||||
// Unlock the vault with the derived long-term key
|
||||
vlt.Unlock(ltIdentity)
|
||||
|
||||
// Create passphrase-protected unlock key
|
||||
secret.Debug("Creating passphrase-protected unlock key")
|
||||
passphraseKey, err := vlt.CreatePassphraseKey(passphraseStr)
|
||||
// Create passphrase-protected unlocker
|
||||
secret.Debug("Creating passphrase-protected unlocker")
|
||||
passphraseUnlocker, err := vlt.CreatePassphraseUnlocker(passphraseStr)
|
||||
if err != nil {
|
||||
secret.Debug("Failed to create unlock key", "error", err)
|
||||
return fmt.Errorf("failed to create unlock key: %w", err)
|
||||
secret.Debug("Failed to create unlocker", "error", err)
|
||||
return fmt.Errorf("failed to create unlocker: %w", err)
|
||||
}
|
||||
|
||||
fmt.Printf("Successfully imported mnemonic into vault '%s'\n", vaultName)
|
||||
fmt.Printf("Long-term public key: %s\n", ltPublicKey)
|
||||
fmt.Printf("Unlock key ID: %s\n", passphraseKey.GetID())
|
||||
fmt.Printf("Unlocker ID: %s\n", passphraseUnlocker.GetID())
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user