cmd/werf/helm/secret/encrypt/encrypt.go
package secret
import (
"bytes"
"context"
"fmt"
"os"
"github.com/spf13/cobra"
"golang.org/x/crypto/ssh/terminal"
"github.com/werf/werf/cmd/werf/common"
"github.com/werf/werf/cmd/werf/docs/replacers/helm"
secret_common "github.com/werf/werf/cmd/werf/helm/secret/common"
"github.com/werf/werf/pkg/deploy/secrets_manager"
"github.com/werf/werf/pkg/git_repo"
"github.com/werf/werf/pkg/git_repo/gitdata"
"github.com/werf/werf/pkg/secret"
"github.com/werf/werf/pkg/werf"
)
var cmdData struct {
OutputFilePath string
}
var commonCmdData common.CmdData
func NewCmd(ctx context.Context) *cobra.Command {
ctx = common.NewContextWithCmdData(ctx, &commonCmdData)
cmd := common.SetCommandContext(ctx, &cobra.Command{
Use: "encrypt",
DisableFlagsInUseLine: true,
Short: "Encrypt data",
Long: common.GetLongCommandDescription(helm.GetHelmSecretEncryptDocs().Long),
Example: ` # Encrypt data in interactive mode
$ werf helm secret encrypt
Enter secret:
100044d3f6a2ffd6dd2b73fa8f50db5d61fb6ac04da29955c77d13bb44e937448ee4
# Encrypt from a pipe and save result in file
$ date | werf helm secret encrypt -o .helm/secret/date`,
Annotations: map[string]string{
common.CmdEnvAnno: common.EnvsDescription(common.WerfSecretKey),
common.DocsLongMD: helm.GetHelmSecretEncryptDocs().LongMD,
},
RunE: func(cmd *cobra.Command, args []string) error {
ctx := cmd.Context()
if err := common.ProcessLogOptions(&commonCmdData); err != nil {
common.PrintHelp(cmd)
return err
}
return runSecretEncrypt(ctx)
},
})
common.SetupDir(&commonCmdData, cmd)
common.SetupTmpDir(&commonCmdData, cmd, common.SetupTmpDirOptions{})
common.SetupHomeDir(&commonCmdData, cmd, common.SetupHomeDirOptions{})
common.SetupGiterminismOptions(&commonCmdData, cmd)
common.SetupLogOptions(&commonCmdData, cmd)
cmd.Flags().StringVarP(&cmdData.OutputFilePath, "output-file-path", "o", "", "Write to file instead of stdout")
return cmd
}
func runSecretEncrypt(ctx context.Context) error {
if err := werf.Init(*commonCmdData.TmpDir, *commonCmdData.HomeDir); err != nil {
return fmt.Errorf("initialization error: %w", err)
}
gitDataManager, err := gitdata.GetHostGitDataManager(ctx)
if err != nil {
return fmt.Errorf("error getting host git data manager: %w", err)
}
if err := git_repo.Init(gitDataManager); err != nil {
return err
}
workingDir := common.GetWorkingDir(&commonCmdData)
return secretEncrypt(ctx, secrets_manager.NewSecretsManager(secrets_manager.SecretsManagerOptions{}), workingDir)
}
func secretEncrypt(ctx context.Context, m *secrets_manager.SecretsManager, workingDir string) error {
var data []byte
var encodedData []byte
var err error
var encoder *secret.YamlEncoder
if enc, err := m.GetYamlEncoder(ctx, workingDir); err != nil {
return err
} else {
encoder = enc
}
if terminal.IsTerminal(int(os.Stdin.Fd())) {
data, err = secret_common.InputFromInteractiveStdin("Enter secret: ")
if err != nil {
return err
}
} else {
data, err = secret_common.InputFromStdin()
if err != nil {
return err
}
}
if len(data) == 0 {
return nil
}
encodedData, err = encoder.Encrypt(data)
if err != nil {
return err
}
if !bytes.HasSuffix(encodedData, []byte("\n")) {
encodedData = append(encodedData, []byte("\n")...)
}
if cmdData.OutputFilePath != "" {
if err := secret_common.SaveGeneratedData(cmdData.OutputFilePath, encodedData); err != nil {
return err
}
} else {
fmt.Printf("%s", string(encodedData))
}
return nil
}