From 161012fefe6f5dd5609c726608e2e9398376b5a0 Mon Sep 17 00:00:00 2001 From: michaeljguarino Date: Mon, 30 Oct 2023 04:02:47 -0400 Subject: [PATCH] Custom keyfile (#470) * add stable sort to helm dependencies * Add ability to specify custom keyfiles Can be useful for people who want to enable repo specific encryption or other patterns --- pkg/crypto/age.go | 1 - pkg/crypto/config.go | 10 +++++++++- pkg/crypto/key.go | 10 +++++++++- 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/pkg/crypto/age.go b/pkg/crypto/age.go index e360ea41..329a1ab6 100644 --- a/pkg/crypto/age.go +++ b/pkg/crypto/age.go @@ -56,7 +56,6 @@ func (prov *AgeProvider) Marshall() ([]byte, error) { Version: "crypto.plural.sh/v1", Type: AGE, Id: prov.ID(), - Context: map[string]interface{}{}, } return yaml.Marshal(conf) diff --git a/pkg/crypto/config.go b/pkg/crypto/config.go index 46c2a13f..7c9ca161 100644 --- a/pkg/crypto/config.go +++ b/pkg/crypto/config.go @@ -13,7 +13,15 @@ type Config struct { Version string Type IdentityType Id string - Context map[string]interface{} + Context *Context +} + +type Context struct { + Key *KeyConfig `yaml:"key" json:"key"` +} + +type KeyConfig struct { + File string } func configPath() string { diff --git a/pkg/crypto/key.go b/pkg/crypto/key.go index 4c932b8b..4b06ca54 100644 --- a/pkg/crypto/key.go +++ b/pkg/crypto/key.go @@ -10,6 +10,7 @@ import ( "os" "path/filepath" + "github.com/mitchellh/go-homedir" "github.com/pluralsh/plural/pkg/utils" "github.com/pluralsh/plural/pkg/utils/pathing" "gopkg.in/yaml.v2" @@ -39,13 +40,20 @@ func (prov *KeyProvider) Marshall() ([]byte, error) { Version: "crypto.plural.sh/v1", Type: KEY, Id: prov.ID(), - Context: map[string]interface{}{}, } return yaml.Marshal(conf) } func buildKeyProvider(conf *Config, key *AESKey) (prov *KeyProvider, err error) { + if conf.Context != nil && conf.Context.Key != nil { + if file, err := homedir.Expand(conf.Context.Key.File); err == nil { + if k, err := Read(file); err == nil { + key = k + } + } + } + prov = &KeyProvider{key: key.Key} if prov.ID() != conf.Id { err = fmt.Errorf("the key fingerprints failed to match")