mirror of
https://github.com/Luzifer/envrun.git
synced 2024-11-14 00:52:42 +00:00
Prepare addition of more encryption methods
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
parent
8e9953fa73
commit
dcb3280c98
3 changed files with 56 additions and 18 deletions
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
envrun
|
24
decryption.go
Normal file
24
decryption.go
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
|
||||||
|
openssl "github.com/Luzifer/go-openssl"
|
||||||
|
)
|
||||||
|
|
||||||
|
type decryptMethod func(body []byte, passphrase string) ([]byte, error)
|
||||||
|
|
||||||
|
func decryptMethodFromName(name string) (decryptMethod, error) {
|
||||||
|
switch name {
|
||||||
|
|
||||||
|
case "openssl-md5":
|
||||||
|
return decryptOpenSSLMD5, nil
|
||||||
|
|
||||||
|
default:
|
||||||
|
return nil, fmt.Errorf("Decrypt method %q not found", name)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func decryptOpenSSLMD5(body []byte, passphrase string) ([]byte, error) {
|
||||||
|
return openssl.New().DecryptString(cfg.Password, string(body))
|
||||||
|
}
|
39
main.go
39
main.go
|
@ -7,19 +7,19 @@ import (
|
||||||
"os/exec"
|
"os/exec"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
openssl "github.com/Luzifer/go-openssl"
|
|
||||||
"github.com/Luzifer/rconfig"
|
"github.com/Luzifer/rconfig"
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
cfg = struct {
|
cfg = struct {
|
||||||
EnvFile string `flag:"env-file" default:".env" description:"Location of the environment file"`
|
|
||||||
Silent bool `flag:"q" default:"false" description:"Suppress informational messages from envrun (DEPRECATED, use --log-level=warn)"`
|
|
||||||
CleanEnv bool `flag:"clean" default:"false" description:"Do not pass current environment to child process"`
|
CleanEnv bool `flag:"clean" default:"false" description:"Do not pass current environment to child process"`
|
||||||
|
EncryptionMethod string `flag:"encryption" default:"openssl-md5" description:"Encryption method used for encrypted env-file (Available: openssl-md5)"`
|
||||||
|
EnvFile string `flag:"env-file" default:".env" description:"Location of the environment file"`
|
||||||
LogLevel string `flag:"log-level" default:"info" description:"Log level (debug, info, warn, error, fatal)"`
|
LogLevel string `flag:"log-level" default:"info" description:"Log level (debug, info, warn, error, fatal)"`
|
||||||
Password string `flag:"password,p" default:"" env:"PASSWORD" description:"Password to decrypt environment file"`
|
|
||||||
PasswordFile string `flag:"password-file" default:"" description:"Read encryption key from file"`
|
PasswordFile string `flag:"password-file" default:"" description:"Read encryption key from file"`
|
||||||
|
Password string `flag:"password,p" default:"" env:"PASSWORD" description:"Password to decrypt environment file"`
|
||||||
|
Silent bool `flag:"q" default:"false" description:"Suppress informational messages from envrun (DEPRECATED, use --log-level=warn)"`
|
||||||
VersionAndExit bool `flag:"version" default:"false" description:"Prints current version and exits"`
|
VersionAndExit bool `flag:"version" default:"false" description:"Prints current version and exits"`
|
||||||
}{}
|
}{}
|
||||||
|
|
||||||
|
@ -70,11 +70,6 @@ func envMapToList(envMap map[string]string) []string {
|
||||||
}
|
}
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
body, err := ioutil.ReadFile(cfg.EnvFile)
|
|
||||||
if err != nil {
|
|
||||||
log.WithError(err).Fatal("Could not read env-file")
|
|
||||||
}
|
|
||||||
|
|
||||||
if cfg.Password == "" && cfg.PasswordFile != "" {
|
if cfg.Password == "" && cfg.PasswordFile != "" {
|
||||||
if _, err := os.Stat(cfg.PasswordFile); err == nil {
|
if _, err := os.Stat(cfg.PasswordFile); err == nil {
|
||||||
data, err := ioutil.ReadFile(cfg.PasswordFile)
|
data, err := ioutil.ReadFile(cfg.PasswordFile)
|
||||||
|
@ -85,10 +80,14 @@ func main() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if cfg.Password != "" {
|
dec, err := decryptMethodFromName(cfg.EncryptionMethod)
|
||||||
if body, err = openssl.New().DecryptString(cfg.Password, string(body)); err != nil {
|
if err != nil {
|
||||||
log.WithError(err).Fatal("Could not decrypt env-file")
|
log.WithError(err).Fatal("Could not load decrypt method")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pairs, err := loadEnvFromFile(cfg.EnvFile, cfg.Password, dec)
|
||||||
|
if err != nil {
|
||||||
|
log.WithError(err).Fatal("Could not load env file")
|
||||||
}
|
}
|
||||||
|
|
||||||
var childenv = envListToMap(os.Environ())
|
var childenv = envListToMap(os.Environ())
|
||||||
|
@ -96,7 +95,6 @@ func main() {
|
||||||
childenv = map[string]string{}
|
childenv = map[string]string{}
|
||||||
}
|
}
|
||||||
|
|
||||||
pairs := envListToMap(strings.Split(string(body), "\n"))
|
|
||||||
for k, v := range pairs {
|
for k, v := range pairs {
|
||||||
childenv[k] = v
|
childenv[k] = v
|
||||||
}
|
}
|
||||||
|
@ -121,3 +119,18 @@ func main() {
|
||||||
os.Exit(2)
|
os.Exit(2)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func loadEnvFromFile(filename, passphrase string, decrypt decryptMethod) (map[string]string, error) {
|
||||||
|
body, err := ioutil.ReadFile(cfg.EnvFile)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("Could not read env-file: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if passphrase != "" {
|
||||||
|
if body, err = decrypt(body, passphrase); err != nil {
|
||||||
|
return nil, fmt.Errorf("Could not decrypt env-file: %s", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return envListToMap(strings.Split(string(body), "\n")), nil
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue