-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcmd_encrypt.go
87 lines (73 loc) · 1.48 KB
/
cmd_encrypt.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
package main
import (
"fmt"
"io"
"io/ioutil"
"log"
"os"
"github.com/urfave/cli"
)
func encryptCommand(kmsFlags []cli.Flag) cli.Command {
return cli.Command{
Name: "encrypt",
Usage: "Encrypt files",
Action: encryptAction,
Before: initializeKMS,
Flags: kmsFlags,
}
}
func encryptAction(c *cli.Context) error {
processed := false
for _, filename := range c.Args() {
// Skip dir
fstat, err := os.Stat(filename)
if err != nil {
return err
}
if fstat.IsDir() {
continue
}
err = encryptFileAndWrite(filename)
if err != nil {
return err
}
processed = true
}
if !processed {
return fmt.Errorf("specify at least one file")
}
return nil
}
func encryptFileAndWrite(filename string) error {
fp, err := os.OpenFile(filename, os.O_RDWR, 0666)
if err != nil {
return fmt.Errorf("open: %w", err)
}
defer fp.Close()
headerByte := make([]byte, len([]byte(vaultHeaderInfo)))
_, err = fp.ReadAt(headerByte, 0)
if err != nil && err != io.EOF {
return fmt.Errorf("read header: %w", err)
}
if isVaultHeader(headerByte) {
log.Printf("Skipping already encrypted: %s\n", filename)
return nil
}
file, err := ioutil.ReadAll(fp)
if err != nil {
return fmt.Errorf("readall: %w", err)
}
val, err := kmsClient.Encrypt(file)
if err != nil {
return err
}
err = fp.Truncate(0)
if err != nil {
return fmt.Errorf("truncate: %w", err)
}
_, err = fp.WriteAt(format(val), 0)
if err != nil {
return fmt.Errorf("write: %w", err)
}
return nil
}