master key option, fix wait bug

dsa0x · dsa0x · commit a1a08c5ec6c0 · 2021-12-23T21:20:34.000+01:00
diff --git a/Readme.md b/Readme.md
@@ -94,7 +94,7 @@ func main() {
 }
 ```
 
-The `LoadEnv` function will load the credentials from the encrypted file `{environment.enc}`, decrypt it with the key file `{environment.key}`, and then unmarshal the result into the given config object. The example above uses a `struct`, but the object can be of type `struct` or `map[string]string`.
+The `LoadEnv` function will load the credentials from the encrypted file `{environment.enc}`, decrypt it with the key file `{environment.key}` or the environment variable `SICHER_MASTER_KEY`, and then unmarshal the result into the given config object. The example above uses a `struct`, but the object can be of type `struct` or `map[string]string`.
 
 **_LoadEnv Parameters:_**
 
@@ -103,6 +103,14 @@ The `LoadEnv` function will load the credentials from the encrypted file `{envir
 | prefix | the prefix of the environment variables | string        |
 | config | the config object                       | struct or map |
 
+The key also be loaded from the environment variable `SICHER_MASTER_KEY`. In production, storing the key in the environment variable is recommended.
+
+To use the key from environment variable:
+
+```shell
+env SICHER_MASTER_KEY=`{YOUR_KEY_HERE}` sicher edit
+```
+
 All env files should be in the format like the example below:
 
 For `dotenv`:
@@ -143,3 +151,7 @@ If object is a map, the keys are the environment variables and the values are th
 - Enable support for nested yaml env files
 - Add support for other types of encryption
 - test for Edit
+
+### License
+
+MIT License
diff --git a/dev.enc b/dev.enc
@@ -1 +1 @@
-d23c446cbf6dda61365112d6cd815426e433a23c07aaa562d84bf7c4527adeac4a8966358df27d2fb8d2b43cc548240f6a1169a45ea477742d97f6ff==--==7007112fa552cbfe5457b407
+cb3272c8a4437c24b70296e697b551a9aa972e244d682af20fd5d2d1a4f32c9b1a059a48caa0d8c08e52e59c4660f88ae4309d5a0e3e5e198a81974c7e4918fd7fdbfcf32e72f3d9af4a9fc1fe7ea56b9f7d2b315b4fbfe47d9d5fc698510322a9==--==090e8f04181739a0d57068d8
diff --git a/sicher.go b/sicher.go
@@ -21,6 +21,7 @@ import (
 var delimiter = "==--=="
 var defaultEnv = "dev"
 var DefaultEnvStyle = DOTENV
+var masterKey = "SICHER_MASTER_KEY"
 var (
 	execCmd               = exec.Command
 	stdIn   io.ReadWriter = os.Stdin
@@ -153,16 +154,22 @@ func (s *sicher) Edit(editor ...string) error {
 		return fmt.Errorf("invalid Command: Select one of vim, vi, code or nano as editor, or leave as empty")
 	}
 
+	var cmdArgs []string
 	// waitOpt is needed to enable vscode to wait for the editor to close before continuing
 	var waitOpt string
 	if editorName == "code" {
 		waitOpt = "--wait"
+		cmdArgs = append(cmdArgs, waitOpt)
 	}
 
-	// read the encryption key
+	// read the encryption key. if key not in file, try getting from env
 	key, err := os.ReadFile(fmt.Sprintf("%s%s.key", s.Path, s.Environment))
 	if err != nil {
-		return fmt.Errorf("encryption key(%s.key) is not available. Create one by running the cli with init flag", s.Environment)
+		if os.Getenv(masterKey) != "" {
+			key = []byte(os.Getenv(masterKey))
+		} else {
+			return fmt.Errorf("encryption key(%s.key) is not available. Create one by running the cli with init flag", s.Environment)
+		}
 	}
 	strKey := string(key)
 
@@ -208,7 +215,8 @@ func (s *sicher) Edit(editor ...string) error {
 	}
 
 	//open decrypted file with editor
-	cmd := execCmd(editorName, waitOpt, filePath)
+	cmdArgs = append(cmdArgs, filePath)
+	cmd := execCmd(editorName, cmdArgs...)
 	cmd.Stdin = stdIn
 	cmd.Stdout = stdOut
 	cmd.Stderr = stdErr
diff --git a/sicher_test.go b/sicher_test.go
@@ -88,9 +88,11 @@ func TestEditSuccess(t *testing.T) {
 
 	if !bytes.Contains(buf.Bytes(), []byte("TESTKEY=loremipsum")) {
 		t.Errorf("Expected credential file to be opened and contain TESTKEY=loremipsum; got %s", buf.String())
+		return
 	}
 	if !bytes.Contains(buf.Bytes(), []byte("File encrypted and saved")) {
 		t.Errorf("Expected file to be saved and message to be displayed, got %s", buf.String())
+		return
 	}
 
 	// get path to the gitignore file and cleanup
@@ -102,6 +104,7 @@ func TestEditSuccess(t *testing.T) {
 		os.Remove(gitPath)
 	})
 }
+
 func TestEditFail(t *testing.T) {
 	oldExecCmd := execCmd
 	defer func() { execCmd = oldExecCmd }()

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-d23c446cbf6dda61365112d6cd815426e433a23c07aaa562d84bf7c4527adeac4a8966358df27d2fb8d2b43cc548240f6a1169a45ea477742d97f6ff==--==7007112fa552cbfe5457b407`
	`1`	`+cb3272c8a4437c24b70296e697b551a9aa972e244d682af20fd5d2d1a4f32c9b1a059a48caa0d8c08e52e59c4660f88ae4309d5a0e3e5e198a81974c7e4918fd7fdbfcf32e72f3d9af4a9fc1fe7ea56b9f7d2b315b4fbfe47d9d5fc698510322a9==--==090e8f04181739a0d57068d8`
Original file line number	Diff line number	Diff line change
`@@ -88,9 +88,11 @@ func TestEditSuccess(t *testing.T) {`
`88`	`88`
`89`	`89`	`if !bytes.Contains(buf.Bytes(), []byte("TESTKEY=loremipsum")) {`
`90`	`90`	`t.Errorf("Expected credential file to be opened and contain TESTKEY=loremipsum; got %s", buf.String())`
	`91`	`+ return`
`91`	`92`	`}`
`92`	`93`	`if !bytes.Contains(buf.Bytes(), []byte("File encrypted and saved")) {`
`93`	`94`	`t.Errorf("Expected file to be saved and message to be displayed, got %s", buf.String())`
	`95`	`+ return`
`94`	`96`	`}`
`95`	`97`
`96`	`98`	`// get path to the gitignore file and cleanup`
`@@ -102,6 +104,7 @@ func TestEditSuccess(t *testing.T) {`
`102`	`104`	`os.Remove(gitPath)`
`103`	`105`	`})`
`104`	`106`	`}`
	`107`	`+`
`105`	`108`	`func TestEditFail(t *testing.T) {`
`106`	`109`	`oldExecCmd := execCmd`
`107`	`110`	`defer func() { execCmd = oldExecCmd }()`