Skip to content

Commit

Permalink
Add an encrypt command (#117)
Browse files Browse the repository at this point in the history
kpaulisse authored Mar 28, 2023
1 parent 63d5c72 commit ed8d551
Showing 2 changed files with 83 additions and 0 deletions.
20 changes: 20 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -226,6 +226,26 @@ env:
./medusa decrypt encrypted-export.txt --private-key private-key.pem > plaintext-export.yaml
```

### Encrypt secrets
> Get help with `./medusa encrypt -h`
Medusa encrypt will take a [FILE path] with [flags]

```
Flags:
-o, --output string Write to file instead of stdout
-p, --public-key string Location of the RSA public key
```

Example:
```
# Write to stdout
./medusa encrypt plaintext-export.txt --public-key public-key.pem
<Encrypted data>
# Write to file
./medusa encrypt plaintext-export.txt --public-key public-key.pem --output encrypted-export.txt.b64
```

## Secure secret management outside Vault
Medusa will help you securely manage your secrets outside Vault.
This could for instance be as a backup of your Vault data or while your secrets are being transported between Vault instances.
63 changes: 63 additions & 0 deletions cmd/encrypt.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
package cmd

import (
"fmt"
"os"

"github.com/jonasvinther/medusa/pkg/encrypt"
"github.com/jonasvinther/medusa/pkg/vaultengine"
"github.com/spf13/cobra"
)

func init() {
rootCmd.AddCommand(encryptCmd)
encryptCmd.PersistentFlags().StringP("output", "o", "", "Write to file instead of stdout")
encryptCmd.PersistentFlags().StringP("public-key", "p", "", "Location of the RSA public key")
}

var encryptCmd = &cobra.Command{
Use: "encrypt [file path] [flags]",
Short: "Encrypt a Vault export file onto stdout or to an output file",
Long: ``,
Args: cobra.ExactArgs(1),
RunE: func(cmd *cobra.Command, args []string) error {
file := args[0]
publicKey, _ := cmd.Flags().GetString("public-key")
output, _ := cmd.Flags().GetString("output")

data, err := os.ReadFile(file)
if err != nil {
fmt.Println(err)
return err
}

encryptedKey, encryptedData := encrypt.Encrypt(publicKey, output, data)

if output == "" {
fmt.Println(string([]byte(encryptedData)))
fmt.Println(string(encryptedKey))
} else {
// Write to file
// First encrypted data
err = vaultengine.WriteToFile(output, []byte(encryptedData))
if err != nil {
return err
}
err = vaultengine.AppendStringToFile(output, "\n")
if err != nil {
return err
}
// Then encrypted AES key
err = vaultengine.AppendStringToFile(output, encryptedKey)
if err != nil {
return err
}
err = vaultengine.AppendStringToFile(output, "\n")
if err != nil {
return err
}
}

return nil
},
}

0 comments on commit ed8d551

Please sign in to comment.