Skip to content

Commit

Permalink
Move master key compilation to extra function.
Browse files Browse the repository at this point in the history 
Signed-off-by: Felix Fontein <[email protected]>
  • Loading branch information
@felixfontein
felixfontein committed Feb 6, 2024
1 parent 4b61117 commit d8ac0f1
Showing 1 changed file with 23 additions and 44 deletions.
67 changes: 23 additions & 44 deletions cmd/sops/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1085,72 +1085,51 @@ func getEncryptConfig(c *cli.Context, fileName string) (encryptConfig, error) {
}, nil
}

func getRotateOpts(c *cli.Context, fileName string, inputStore common.Store, outputStore common.Store, svcs []keyservice.KeyServiceClient, decryptionOrder []string) (rotateOpts, error) {
var addMasterKeys []keys.MasterKey
kmsEncryptionContext := kms.ParseKMSContext(c.String("encryption-context"))
for _, k := range kms.MasterKeysFromArnString(c.String("add-kms"), kmsEncryptionContext, c.String("aws-profile")) {
addMasterKeys = append(addMasterKeys, k)
func getMasterKeys(c *cli.Context, kmsEncryptionContext map[string]*string, kmsOptionName string, pgpOptionName string, gcpKmsOptionName string, azureKvOptionName string, hcVaultTransitOptionName string, ageOptionName string) ([]keys.MasterKey, error) {
var masterKeys []keys.MasterKey
for _, k := range kms.MasterKeysFromArnString(c.String(kmsOptionName), kmsEncryptionContext, c.String("aws-profile")) {
masterKeys = append(masterKeys, k)
}
for _, k := range pgp.MasterKeysFromFingerprintString(c.String("add-pgp")) {
addMasterKeys = append(addMasterKeys, k)
for _, k := range pgp.MasterKeysFromFingerprintString(c.String(pgpOptionName)) {
masterKeys = append(masterKeys, k)
}
for _, k := range gcpkms.MasterKeysFromResourceIDString(c.String("add-gcp-kms")) {
addMasterKeys = append(addMasterKeys, k)
for _, k := range gcpkms.MasterKeysFromResourceIDString(c.String(gcpKmsOptionName)) {
masterKeys = append(masterKeys, k)
}
azureKeys, err := azkv.MasterKeysFromURLs(c.String("add-azure-kv"))
azureKeys, err := azkv.MasterKeysFromURLs(c.String(azureKvOptionName))
if err != nil {
return rotateOpts{}, err
return nil, err
}
for _, k := range azureKeys {
addMasterKeys = append(addMasterKeys, k)
masterKeys = append(masterKeys, k)
}
hcVaultKeys, err := hcvault.NewMasterKeysFromURIs(c.String("add-hc-vault-transit"))
hcVaultKeys, err := hcvault.NewMasterKeysFromURIs(c.String(hcVaultTransitOptionName))
if err != nil {
return rotateOpts{}, err
return nil, err
}
for _, k := range hcVaultKeys {
addMasterKeys = append(addMasterKeys, k)
masterKeys = append(masterKeys, k)
}
ageKeys, err := age.MasterKeysFromRecipients(c.String("add-age"))
ageKeys, err := age.MasterKeysFromRecipients(c.String(ageOptionName))
if err != nil {
return rotateOpts{}, err
return nil, err
}
for _, k := range ageKeys {
addMasterKeys = append(addMasterKeys, k)
masterKeys = append(masterKeys, k)
}
return masterKeys, nil
}

var rmMasterKeys []keys.MasterKey
for _, k := range kms.MasterKeysFromArnString(c.String("rm-kms"), kmsEncryptionContext, c.String("aws-profile")) {
rmMasterKeys = append(rmMasterKeys, k)
}
for _, k := range pgp.MasterKeysFromFingerprintString(c.String("rm-pgp")) {
rmMasterKeys = append(rmMasterKeys, k)
}
for _, k := range gcpkms.MasterKeysFromResourceIDString(c.String("rm-gcp-kms")) {
rmMasterKeys = append(rmMasterKeys, k)
}
azureKeys, err = azkv.MasterKeysFromURLs(c.String("rm-azure-kv"))
if err != nil {
return rotateOpts{}, err
}
for _, k := range azureKeys {
rmMasterKeys = append(rmMasterKeys, k)
}
hcVaultKeys, err = hcvault.NewMasterKeysFromURIs(c.String("rm-hc-vault-transit"))
func getRotateOpts(c *cli.Context, fileName string, inputStore common.Store, outputStore common.Store, svcs []keyservice.KeyServiceClient, decryptionOrder []string) (rotateOpts, error) {
kmsEncryptionContext := kms.ParseKMSContext(c.String("encryption-context"))
addMasterKeys, err := getMasterKeys(c, kmsEncryptionContext, "add-kms", "add-pgp", "add-gcp-kms", "add-azure-kv", "add-hc-vault-transit", "add-age")
if err != nil {
return rotateOpts{}, err
}
for _, k := range hcVaultKeys {
rmMasterKeys = append(rmMasterKeys, k)
}
ageKeys, err = age.MasterKeysFromRecipients(c.String("rm-age"))
rmMasterKeys, err := getMasterKeys(c, kmsEncryptionContext, "rm-kms", "rm-pgp", "rm-gcp-kms", "rm-azure-kv", "rm-hc-vault-transit", "rm-age")
if err != nil {
return rotateOpts{}, err
}
for _, k := range ageKeys {
rmMasterKeys = append(rmMasterKeys, k)
}

return rotateOpts{
OutputStore: outputStore,
InputStore: inputStore,
Expand Down

0 comments on commit d8ac0f1

Please sign in to comment.