Skip to content

Commit 806a05f

Browse files
JancisJancis
committed
Allow multiple file encryption
1 parent 09d43c5 commit 806a05f

File tree

2 files changed

+54
-39
lines changed

2 files changed

+54
-39
lines changed

cmd/secretsDecrypt.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -110,5 +110,5 @@ func init() {
110110
secretsDecryptCmd.Flags().String("secret-key", "", "Secret key (falls back to SECRET_KEY environment variable. Also see: --secret-key-env)")
111111
secretsDecryptCmd.Flags().String("secret-key-env", "", "Environment variable holding symmetrical decryption key.")
112112

113-
secretsDecryptCmd.MarkFlagRequired("files")
113+
secretsDecryptCmd.MarkFlagRequired("file")
114114
}

cmd/secretsEncrypt.go

Lines changed: 53 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ import (
55
"fmt"
66
"log"
77
"os"
8+
"regexp"
89
"strings"
910

1011
"github.com/Luzifer/go-openssl/v4"
@@ -15,7 +16,7 @@ var secretsEncryptCmd = &cobra.Command{
1516
Use: "encrypt",
1617
Short: "Encrypt secret files",
1718
Run: func(cmd *cobra.Command, args []string) {
18-
file, _ := cmd.Flags().GetString("file")
19+
files, _ := cmd.Flags().GetString("file")
1920
outputFile, _ := cmd.Flags().GetString("output-file")
2021
secretKey, _ := cmd.Flags().GetString("secret-key")
2122
secretKeyEnv, _ := cmd.Flags().GetString("secret-key-env")
@@ -30,66 +31,80 @@ var secretsEncryptCmd = &cobra.Command{
3031
}
3132
}
3233

34+
// Replace comma with whitespace and iterate all whitespace separated values.
35+
// This also means there can't be commas nor whitespaces in filenames.
36+
space := regexp.MustCompile(`,\s?|\s+`)
37+
files = space.ReplaceAllString(files, " ")
38+
3339
// Allow failing with exit code 0 when no files defined.
34-
if len(file) == 0 {
40+
if len(files) == 0 {
3541
fmt.Println("No input files supplied")
3642
return
3743
}
44+
45+
// Split on whitespace.
46+
fileList := strings.Split(files, " ")
47+
48+
// Fail if no secret key is not provided
3849
if len(secretKey) == 0 {
3950
fmt.Println("No secret key provided")
4051
return
4152
}
4253

43-
fmt.Printf("Encrypting %s\n", file)
54+
// Encrypt files
55+
for i := range fileList {
56+
file := fileList[i]
57+
fmt.Printf("Encrypting %s\n", file)
4458

45-
// Read file
46-
decryptedMsg, _ := os.ReadFile(file)
59+
// Read file
60+
decryptedMsg, _ := os.ReadFile(file)
4761

48-
// Verify file state
49-
if strings.HasPrefix(string(decryptedMsg), "Salted") {
50-
log.Fatal("File seems to be been encrypted already, skipping")
51-
}
62+
// Verify file state
63+
if strings.HasPrefix(string(decryptedMsg), "Salted") {
64+
log.Fatal("File seems to be been encrypted already, skipping")
65+
}
5266

53-
// Encrypt message
54-
o := openssl.New()
55-
// openssl aes-256-cbc -pbkdf2 -in $2.dec -out $2 -pass pass:$ssl_pass
56-
// openssl aes-256-cbc -pbkdf2 -in $2.dec -out $2 -pass env:SECRET_KEY_ENV
57-
encryptedMsg64, err := o.EncryptBytes(secretKey, decryptedMsg, openssl.PBKDF2SHA256)
58-
if err != nil {
59-
fmt.Printf("An error occurred: %s\n", err)
60-
}
67+
// Encrypt message
68+
o := openssl.New()
69+
// openssl aes-256-cbc -pbkdf2 -in $2.dec -out $2 -pass pass:$ssl_pass
70+
// openssl aes-256-cbc -pbkdf2 -in $2.dec -out $2 -pass env:SECRET_KEY_ENV
71+
encryptedMsg64, err := o.EncryptBytes(secretKey, decryptedMsg, openssl.PBKDF2SHA256)
72+
if err != nil {
73+
fmt.Printf("An error occurred: %s\n", err)
74+
}
6175

62-
// Decode base64 output, we don't use it for encrypted files
63-
encryptedMsg, _ := base64.StdEncoding.DecodeString(string(encryptedMsg64))
76+
// Decode base64 output, we don't use it for encrypted files
77+
encryptedMsg, _ := base64.StdEncoding.DecodeString(string(encryptedMsg64))
6478

65-
if len(outputFile) > 0 {
66-
file = outputFile
67-
fmt.Printf("Saving encrypted file to %s\n", file)
68-
}
79+
if len(outputFile) > 0 {
80+
file = outputFile
81+
fmt.Printf("Saving encrypted file to %s\n", file)
82+
}
6983

70-
// Write back the encrypted file
71-
f, err := os.Create(file)
72-
if err != nil {
73-
log.Fatal("Error creating file: ", err)
74-
}
75-
err = f.Truncate(0)
76-
_, err = f.Seek(0, 0)
77-
_, err = f.Write(encryptedMsg)
78-
if err != nil {
79-
log.Fatal("Error writing to file: ", err)
80-
}
84+
// Write back the encrypted file
85+
f, err := os.Create(file)
86+
if err != nil {
87+
log.Fatal("Error creating file: ", err)
88+
}
89+
err = f.Truncate(0)
90+
_, err = f.Seek(0, 0)
91+
_, err = f.Write(encryptedMsg)
92+
if err != nil {
93+
log.Fatal("Error writing to file: ", err)
94+
}
8195

82-
fmt.Println("Success")
96+
fmt.Println("Success")
8397

84-
f.Close()
98+
f.Close()
99+
}
85100
},
86101
}
87102

88103
func init() {
89104
secretsCmd.AddCommand(secretsEncryptCmd)
90105

91-
secretsEncryptCmd.Flags().String("file", "", "File location")
92-
secretsEncryptCmd.Flags().String("output-file", "", "Output file location (optional, rewrites original when undefined)")
106+
secretsEncryptCmd.Flags().String("file", "", "Decrypted file location. Can have multiple, comma separated paths (i.e. 'silta/secrets.enc,silta/secrets2.enc')")
107+
secretsEncryptCmd.Flags().String("output-file", "", "Output file location (optional, rewrites original when undefined, don't use with multiple input files)")
93108
secretsEncryptCmd.Flags().String("secret-key", "", "Secret key (falls back to SECRET_KEY environment variable. Also see: --secret-key-env)")
94109
secretsEncryptCmd.Flags().String("secret-key-env", "", "Environment variable holding symmetrical decryption key.")
95110

0 commit comments

Comments
 (0)