Skip to content

Commit

Permalink
Custom keyfile (#470)
Browse files Browse the repository at this point in the history
* add stable sort to helm dependencies

* Add ability to specify custom keyfiles

Can be useful for people who want to enable repo specific encryption or other patterns
  • Loading branch information
michaeljguarino committed Aug 28, 2024
1 parent 4c4b1d6 commit 161012f
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 3 deletions.
1 change: 0 additions & 1 deletion pkg/crypto/age.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,6 @@ func (prov *AgeProvider) Marshall() ([]byte, error) {
Version: "crypto.plural.sh/v1",
Type: AGE,
Id: prov.ID(),
Context: map[string]interface{}{},
}

return yaml.Marshal(conf)
Expand Down
10 changes: 9 additions & 1 deletion pkg/crypto/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,15 @@ type Config struct {
Version string
Type IdentityType
Id string
Context map[string]interface{}
Context *Context
}

type Context struct {
Key *KeyConfig `yaml:"key" json:"key"`
}

type KeyConfig struct {
File string
}

func configPath() string {
Expand Down
10 changes: 9 additions & 1 deletion pkg/crypto/key.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
"os"
"path/filepath"

"github.com/mitchellh/go-homedir"
"github.com/pluralsh/plural/pkg/utils"
"github.com/pluralsh/plural/pkg/utils/pathing"
"gopkg.in/yaml.v2"
Expand Down Expand Up @@ -39,13 +40,20 @@ func (prov *KeyProvider) Marshall() ([]byte, error) {
Version: "crypto.plural.sh/v1",
Type: KEY,
Id: prov.ID(),
Context: map[string]interface{}{},
}

return yaml.Marshal(conf)
}

func buildKeyProvider(conf *Config, key *AESKey) (prov *KeyProvider, err error) {
if conf.Context != nil && conf.Context.Key != nil {
if file, err := homedir.Expand(conf.Context.Key.File); err == nil {
if k, err := Read(file); err == nil {
key = k
}
}
}

prov = &KeyProvider{key: key.Key}
if prov.ID() != conf.Id {
err = fmt.Errorf("the key fingerprints failed to match")
Expand Down

0 comments on commit 161012f

Please sign in to comment.