1
0
Fork 0
mirror of https://github.com/Luzifer/envrun.git synced 2024-12-20 10:21:16 +00:00

Prepare addition of more encryption methods

Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
Knut Ahlers 2018-06-01 17:53:24 +02:00
parent 8e9953fa73
commit dcb3280c98
Signed by: luzifer
GPG key ID: DC2729FDD34BE99E
3 changed files with 56 additions and 18 deletions

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
envrun

24
decryption.go Normal file
View file

@ -0,0 +1,24 @@
package main
import (
"fmt"
openssl "github.com/Luzifer/go-openssl"
)
type decryptMethod func(body []byte, passphrase string) ([]byte, error)
func decryptMethodFromName(name string) (decryptMethod, error) {
switch name {
case "openssl-md5":
return decryptOpenSSLMD5, nil
default:
return nil, fmt.Errorf("Decrypt method %q not found", name)
}
}
func decryptOpenSSLMD5(body []byte, passphrase string) ([]byte, error) {
return openssl.New().DecryptString(cfg.Password, string(body))
}

49
main.go
View file

@ -7,20 +7,20 @@ import (
"os/exec"
"strings"
openssl "github.com/Luzifer/go-openssl"
"github.com/Luzifer/rconfig"
log "github.com/sirupsen/logrus"
)
var (
cfg = struct {
EnvFile string `flag:"env-file" default:".env" description:"Location of the environment file"`
Silent bool `flag:"q" default:"false" description:"Suppress informational messages from envrun (DEPRECATED, use --log-level=warn)"`
CleanEnv bool `flag:"clean" default:"false" description:"Do not pass current environment to child process"`
LogLevel string `flag:"log-level" default:"info" description:"Log level (debug, info, warn, error, fatal)"`
Password string `flag:"password,p" default:"" env:"PASSWORD" description:"Password to decrypt environment file"`
PasswordFile string `flag:"password-file" default:"" description:"Read encryption key from file"`
VersionAndExit bool `flag:"version" default:"false" description:"Prints current version and exits"`
CleanEnv bool `flag:"clean" default:"false" description:"Do not pass current environment to child process"`
EncryptionMethod string `flag:"encryption" default:"openssl-md5" description:"Encryption method used for encrypted env-file (Available: openssl-md5)"`
EnvFile string `flag:"env-file" default:".env" description:"Location of the environment file"`
LogLevel string `flag:"log-level" default:"info" description:"Log level (debug, info, warn, error, fatal)"`
PasswordFile string `flag:"password-file" default:"" description:"Read encryption key from file"`
Password string `flag:"password,p" default:"" env:"PASSWORD" description:"Password to decrypt environment file"`
Silent bool `flag:"q" default:"false" description:"Suppress informational messages from envrun (DEPRECATED, use --log-level=warn)"`
VersionAndExit bool `flag:"version" default:"false" description:"Prints current version and exits"`
}{}
version = "dev"
@ -70,11 +70,6 @@ func envMapToList(envMap map[string]string) []string {
}
func main() {
body, err := ioutil.ReadFile(cfg.EnvFile)
if err != nil {
log.WithError(err).Fatal("Could not read env-file")
}
if cfg.Password == "" && cfg.PasswordFile != "" {
if _, err := os.Stat(cfg.PasswordFile); err == nil {
data, err := ioutil.ReadFile(cfg.PasswordFile)
@ -85,10 +80,14 @@ func main() {
}
}
if cfg.Password != "" {
if body, err = openssl.New().DecryptString(cfg.Password, string(body)); err != nil {
log.WithError(err).Fatal("Could not decrypt env-file")
}
dec, err := decryptMethodFromName(cfg.EncryptionMethod)
if err != nil {
log.WithError(err).Fatal("Could not load decrypt method")
}
pairs, err := loadEnvFromFile(cfg.EnvFile, cfg.Password, dec)
if err != nil {
log.WithError(err).Fatal("Could not load env file")
}
var childenv = envListToMap(os.Environ())
@ -96,7 +95,6 @@ func main() {
childenv = map[string]string{}
}
pairs := envListToMap(strings.Split(string(body), "\n"))
for k, v := range pairs {
childenv[k] = v
}
@ -121,3 +119,18 @@ func main() {
os.Exit(2)
}
}
func loadEnvFromFile(filename, passphrase string, decrypt decryptMethod) (map[string]string, error) {
body, err := ioutil.ReadFile(cfg.EnvFile)
if err != nil {
return nil, fmt.Errorf("Could not read env-file: %s", err)
}
if passphrase != "" {
if body, err = decrypt(body, passphrase); err != nil {
return nil, fmt.Errorf("Could not decrypt env-file: %s", err)
}
}
return envListToMap(strings.Split(string(body), "\n")), nil
}