From 00e8fde1ee6199bd572841efe7e0616ae891d4f7 Mon Sep 17 00:00:00 2001
From: Knut Ahlers <knut@ahlers.me>
Date: Fri, 1 Jun 2018 17:37:47 +0200
Subject: [PATCH] Allow reading passphrase from file

Signed-off-by: Knut Ahlers <knut@ahlers.me>
---
 main.go | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/main.go b/main.go
index 778a18c..633d77f 100644
--- a/main.go
+++ b/main.go
@@ -19,6 +19,7 @@ var (
 		CleanEnv       bool   `flag:"clean" default:"false" description:"Do not pass current environment to child process"`
 		LogLevel       string `flag:"log-level" default:"info" description:"Log level (debug, info, warn, error, fatal)"`
 		Password       string `flag:"password,p" default:"" env:"PASSWORD" description:"Password to decrypt environment file"`
+		PasswordFile   string `flag:"password-file" default:"" description:"Read encryption key from file"`
 		VersionAndExit bool   `flag:"version" default:"false" description:"Prints current version and exits"`
 	}{}
 
@@ -74,17 +75,25 @@ func main() {
 		log.WithError(err).Fatal("Could not read env-file")
 	}
 
+	if cfg.Password == "" && cfg.PasswordFile != "" {
+		if _, err := os.Stat(cfg.PasswordFile); err == nil {
+			data, err := ioutil.ReadFile(cfg.PasswordFile)
+			if err != nil {
+				log.WithError(err).Fatal("Unable to read password from file")
+			}
+			cfg.Password = string(data)
+		}
+	}
+
 	if cfg.Password != "" {
 		if body, err = openssl.New().DecryptString(cfg.Password, string(body)); err != nil {
 			log.WithError(err).Fatal("Could not decrypt env-file")
 		}
 	}
 
-	var childenv map[string]string
+	var childenv = envListToMap(os.Environ())
 	if cfg.CleanEnv {
 		childenv = map[string]string{}
-	} else {
-		childenv = envListToMap(os.Environ())
 	}
 
 	pairs := envListToMap(strings.Split(string(body), "\n"))