From 353d231a4eaa1b62b7ee11e2f1883ee1d333abdc Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Wed, 7 Aug 2024 18:35:07 -0400 Subject: [PATCH 1/5] =?UTF-8?q?Patch=20CLI=20auto=20select=20file=20vault?= =?UTF-8?q?=20#=20Description=20=F0=9F=93=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When we auto select file vault, we also need to set it's type. When we set the type, we don't need to fall back to file vault in the `GetValueInKeyring` and `DeleteValueInKeyring` because `currentVaultBackend` will be `file`. Also rephrased the text asking the user to eneter a passphrase. --- cli/packages/util/keyringwrapper.go | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/cli/packages/util/keyringwrapper.go b/cli/packages/util/keyringwrapper.go index 0652719065..296f6439c5 100644 --- a/cli/packages/util/keyringwrapper.go +++ b/cli/packages/util/keyringwrapper.go @@ -32,9 +32,8 @@ func SetValueInKeyring(key, value string) error { configFile, _ := GetConfigFile() if configFile.VaultBackendPassphrase == "" { - PrintWarning("System keyring could not be used, falling back to `file` vault for sensitive data storage.") passphrasePrompt := promptui.Prompt{ - Label: "Enter the passphrase to use for keyring encryption", + Label: "Enter a passphrase to protect your local backup secrets & login access token", } passphrase, err := passphrasePrompt.Run() if err != nil { @@ -43,6 +42,7 @@ func SetValueInKeyring(key, value string) error { encodedPassphrase := base64.StdEncoding.EncodeToString([]byte(passphrase)) configFile.VaultBackendPassphrase = encodedPassphrase + configFile.VaultBackendType = VAULT_BACKEND_FILE_MODE err = WriteConfigFile(&configFile) if err != nil { return err @@ -65,12 +65,7 @@ func GetValueInKeyring(key string) (string, error) { PrintErrorAndExit(1, err, "Unable to get current vault. Tip: run [infisical reset] then try again") } - value, err := keyring.Get(currentVaultBackend, MAIN_KEYRING_SERVICE, key) - - if err != nil { - value, err = keyring.Get(VAULT_BACKEND_FILE_MODE, MAIN_KEYRING_SERVICE, key) - } - return value, err + return keyring.Get(currentVaultBackend, MAIN_KEYRING_SERVICE, key) } @@ -80,11 +75,6 @@ func DeleteValueInKeyring(key string) error { return err } - err = keyring.Delete(currentVaultBackend, MAIN_KEYRING_SERVICE, key) + return keyring.Delete(currentVaultBackend, MAIN_KEYRING_SERVICE, key) - if err != nil { - err = keyring.Delete(VAULT_BACKEND_FILE_MODE, MAIN_KEYRING_SERVICE, key) - } - - return err } From 942e5f2f65202f3738fb7fc323a3417e25e9f41b Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Wed, 7 Aug 2024 18:35:57 -0400 Subject: [PATCH 2/5] update phrase --- cli/packages/util/keyringwrapper.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cli/packages/util/keyringwrapper.go b/cli/packages/util/keyringwrapper.go index 296f6439c5..3e8dbadba9 100644 --- a/cli/packages/util/keyringwrapper.go +++ b/cli/packages/util/keyringwrapper.go @@ -33,7 +33,7 @@ func SetValueInKeyring(key, value string) error { if configFile.VaultBackendPassphrase == "" { passphrasePrompt := promptui.Prompt{ - Label: "Enter a passphrase to protect your local backup secrets & login access token", + Label: "Enter a passphrase to protect your local secret backups & login access token", } passphrase, err := passphrasePrompt.Run() if err != nil { From cd9316537d9b0673f4d397883259e6bdff557aab Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Wed, 7 Aug 2024 18:56:15 -0400 Subject: [PATCH 3/5] prevent auto saving passphrase to disk --- cli/packages/util/keyringwrapper.go | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/cli/packages/util/keyringwrapper.go b/cli/packages/util/keyringwrapper.go index 3e8dbadba9..ecf9582961 100644 --- a/cli/packages/util/keyringwrapper.go +++ b/cli/packages/util/keyringwrapper.go @@ -1,8 +1,8 @@ package util import ( - "encoding/base64" "fmt" + "os" "github.com/manifoldco/promptui" "github.com/rs/zerolog/log" @@ -33,23 +33,19 @@ func SetValueInKeyring(key, value string) error { if configFile.VaultBackendPassphrase == "" { passphrasePrompt := promptui.Prompt{ - Label: "Enter a passphrase to protect your local secret backups & login access token", + Label: "Enter a passphrase to encrypt sensitive CLI data at rest", } passphrase, err := passphrasePrompt.Run() if err != nil { return err } - - encodedPassphrase := base64.StdEncoding.EncodeToString([]byte(passphrase)) - configFile.VaultBackendPassphrase = encodedPassphrase configFile.VaultBackendType = VAULT_BACKEND_FILE_MODE err = WriteConfigFile(&configFile) if err != nil { return err } - // We call this function at last to trigger the environment variable to be set - GetConfigFile() + os.Setenv("INFISICAL_VAULT_FILE_PASSPHRASE", passphrase) } err = keyring.Set(VAULT_BACKEND_FILE_MODE, MAIN_KEYRING_SERVICE, key, value) From bb934ef7b1c47195b2ff65a335712add791cb59c Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Wed, 7 Aug 2024 23:02:35 +0000 Subject: [PATCH 4/5] set vault type when auto selection enabled --- cli/packages/util/keyringwrapper.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/cli/packages/util/keyringwrapper.go b/cli/packages/util/keyringwrapper.go index ecf9582961..4714858ac5 100644 --- a/cli/packages/util/keyringwrapper.go +++ b/cli/packages/util/keyringwrapper.go @@ -39,13 +39,15 @@ func SetValueInKeyring(key, value string) error { if err != nil { return err } + encodedPassphrase := base64.StdEncoding.EncodeToString([]byte(passphrase)) + configFile.VaultBackendPassphrase = encodedPassphrase configFile.VaultBackendType = VAULT_BACKEND_FILE_MODE - err = WriteConfigFile(&configFile) if err != nil { return err } - os.Setenv("INFISICAL_VAULT_FILE_PASSPHRASE", passphrase) + // We call this function at last to trigger the environment variable to be set + GetConfigFile() } err = keyring.Set(VAULT_BACKEND_FILE_MODE, MAIN_KEYRING_SERVICE, key, value) From 79181a1e3d681f24c9cafc498e6e041c4a11b1ef Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Wed, 7 Aug 2024 23:03:14 +0000 Subject: [PATCH 5/5] remove os --- cli/packages/util/keyringwrapper.go | 1 - 1 file changed, 1 deletion(-) diff --git a/cli/packages/util/keyringwrapper.go b/cli/packages/util/keyringwrapper.go index 4714858ac5..24ee0453b6 100644 --- a/cli/packages/util/keyringwrapper.go +++ b/cli/packages/util/keyringwrapper.go @@ -2,7 +2,6 @@ package util import ( "fmt" - "os" "github.com/manifoldco/promptui" "github.com/rs/zerolog/log"