+1 -1

.nox.yaml

reviewed

··· 2 2 age: 3 3 identity: "keys/key.txt" 4 4 recipients: 5 5 - - "age1nuxu3q9wr5wrd53dj8hj5flhz86q2dpjyuq7agseh0wzwq5t696s2dm0ht" 5 5 + - "age1qq5sazxv755u2vs5ulyl486jxhlg7ztrvm27nya47aln668xldkqsm4kn5" 6 6 statePath: ".nox-state.json" 7 7 defaultRepo: git@github.com:ShorkBytes/nox-secrets.git 8 8

+47 -19

cmd/nox/main.go

reviewed

··· 36 36 Flags: []cli.Flag{ 37 37 &cli.StringFlag{ 38 38 Name: "config", 39 39 + Aliases: []string{"c"}, 39 40 Value: constants.DefaultConfigPath, 40 41 Usage: "path to config file", 41 42 Destination: &configPath, ··· 98 99 }, 99 100 }, 100 101 Action: func(ctx context.Context, cmd *cli.Command) error { 101 101 - fmt.Println("encrypting file", inputPath) 102 102 - fmt.Println("writing to", outputPath) 103 102 recipients, err := crypto.StringsToRecipients(cmd.StringSlice("recipient")) 104 103 if err != nil { 105 104 return err 106 105 } 107 107 - out, err := crypto.EncryptFile(inputPath, recipients) 108 108 - if err != nil { 106 106 + if err := processor.IOWrapper(inputPath, outputPath, recipients, crypto.EncryptBytes); err != nil { 109 107 return err 110 108 } 111 111 - fmt.Println(string(out)) 112 112 - // priv, pub, err := crypto.GenerateAndWriteX25519Identity("test.key") 113 113 - // if err != nil { 114 114 - // return err 115 115 - // } 116 116 - // fmt.Println(priv) 117 117 - // fmt.Println(pub) 118 118 - 119 109 return nil 120 110 }, 121 111 }, 122 112 { 123 123 - Name: "generate", 113 113 + Name: "decrypt", 114 114 + Aliases: []string{"dec"}, 115 115 + Usage: "Decrypt a file", 124 116 Flags: []cli.Flag{ 117 117 + &cli.StringFlag{ 118 118 + Name: "input", 119 119 + Usage: "path to input file", 120 120 + Aliases: []string{"i"}, 121 121 + Value: constants.StandardInput, 122 122 + Destination: &inputPath, 123 123 + }, 125 124 &cli.StringFlag{ 126 125 Name: "output", 127 126 Usage: "path to output file", ··· 131 130 }, 132 131 }, 133 132 Action: func(ctx context.Context, cmd *cli.Command) error { 134 134 - priv, pub, err := crypto.GenerateIdentity(cmd.String("output")) 133 133 + identities, err := crypto.LoadAgeIdentitiesFromPaths(identityPaths) 135 134 if err != nil { 136 135 return err 137 136 } 138 138 - fmt.Println(priv) 139 139 - fmt.Println(pub) 137 137 + return processor.IOWrapper(inputPath, constants.StandardOutput, identities, crypto.DecryptBytes) 138 138 + }, 139 139 + }, 140 140 + { 141 141 + Name: "generate", 142 142 + Flags: []cli.Flag{ 143 143 + &cli.StringFlag{ 144 144 + Name: "output", 145 145 + Usage: "path to output file", 146 146 + Aliases: []string{"o"}, 147 147 + Value: constants.StandardOutput, 148 148 + Destination: &outputPath, 149 149 + }, 150 150 + }, 151 151 + Action: func(ctx context.Context, cmd *cli.Command) error { 152 152 + 153 153 + output := cmd.String("output") 154 154 + switch output { 155 155 + case constants.StandardOutput: 156 156 + priv, pub, err := crypto.GenerateIdentity("") 157 157 + if err != nil { 158 158 + return err 159 159 + } 160 160 + fmt.Println("Public key:\n", pub, "\nPrivate Key:\n", priv) 161 161 + default: 162 162 + _, _, err := crypto.GenerateIdentity(cmd.String("output")) 163 163 + if err != nil { 164 164 + return err 165 165 + } 166 166 + } 167 167 + 140 168 return nil 141 169 }, 142 170 }, 143 171 { 144 144 - Name: "decrypt", 145 145 - Aliases: []string{"d"}, 146 146 - Usage: "Decrypts all secrets of one or all apps", 172 172 + Name: "sync", 173 173 + Aliases: []string{"fetch"}, 174 174 + Usage: "Fetches and decrypts all secrets of one or all apps", 147 175 Flags: []cli.Flag{ 148 176 &cli.StringFlag{ 149 177 Name: "app",

+1 -1

internal/crypto/encrypt.go

reviewed

··· 29 29 } 30 30 31 31 if _, err := io.Copy(enc, src); err != nil { 32 32 - enc.Close() // ensure resources are freed 32 32 + enc.Close() 33 33 return nil, fmt.Errorf("encryption failed: %w", err) 34 34 } 35 35

+4

internal/crypto/identity.go

reviewed

··· 47 47 priv = id.String() // "AGE-SECRET-KEY-1..." 48 48 pub = id.Recipient().String() // "age1..." 49 49 50 50 + if path == "" { 51 51 + return priv, pub, nil 52 52 + } 53 53 + 50 54 // ensure directory exists and apply permissions 51 55 if err := os.MkdirAll(filepath.Dir(path), 0o700); err != nil { 52 56 return "", "", fmt.Errorf("mkdir %s: %w", filepath.Dir(path), err)

-35

internal/processor/file.go

reviewed

··· 1 1 - package processor 2 2 - 3 3 - import ( 4 4 - "fmt" 5 5 - "os" 6 6 - "path/filepath" 7 7 - 8 8 - "github.com/aottr/nox/internal/config" 9 9 - ) 10 10 - 11 11 - type FileProcessorOptions struct { 12 12 - CreateDir bool 13 13 - } 14 14 - 15 15 - func WriteToFile(data []byte, file config.FileConfig, opts *FileProcessorOptions) error { 16 16 - path := file.Output 17 17 - if path == "" { 18 18 - // Default output filename if none specified, e.g. replace .age with .env 19 19 - path = filepath.Base(file.Path) 20 20 - fmt.Println(path) 21 21 - if filepath.Ext(path) == ".age" { 22 22 - path = path[:len(path)-4] + ".env" 23 23 - } 24 24 - } 25 25 - if opts.CreateDir { 26 26 - if err := os.MkdirAll(filepath.Dir(path), 0755); err != nil { 27 27 - return fmt.Errorf("failed to create directories for %s: %w", path, err) 28 28 - } 29 29 - } 30 30 - 31 31 - if err := os.WriteFile(path, data, 0600); err != nil { 32 32 - return fmt.Errorf("failed to write decrypted file to %s: %w", path, err) 33 33 - } 34 34 - return nil 35 35 - }

+71

internal/processor/fsutil.go

reviewed

··· 1 1 + package processor 2 2 + 3 3 + import ( 4 4 + "fmt" 5 5 + "io" 6 6 + "os" 7 7 + "path/filepath" 8 8 + 9 9 + "github.com/aottr/nox/internal/config" 10 10 + "github.com/aottr/nox/internal/constants" 11 11 + ) 12 12 + 13 13 + type FileProcessorOptions struct { 14 14 + CreateDir bool 15 15 + } 16 16 + 17 17 + func WriteToFile(data []byte, file config.FileConfig, opts *FileProcessorOptions) error { 18 18 + path := file.Output 19 19 + if path == "" { 20 20 + // Default output filename if none specified, e.g. replace .age with .env 21 21 + path = filepath.Base(file.Path) 22 22 + fmt.Println(path) 23 23 + if filepath.Ext(path) == ".age" { 24 24 + path = path[:len(path)-4] + ".env" 25 25 + } 26 26 + } 27 27 + if opts.CreateDir { 28 28 + if err := os.MkdirAll(filepath.Dir(path), 0755); err != nil { 29 29 + return fmt.Errorf("failed to create directories for %s: %w", path, err) 30 30 + } 31 31 + } 32 32 + 33 33 + if err := os.WriteFile(path, data, 0600); err != nil { 34 34 + return fmt.Errorf("failed to write decrypted file to %s: %w", path, err) 35 35 + } 36 36 + return nil 37 37 + } 38 38 + 39 39 + // IOWrapper is a generic wrapper for reading/writing files/STDIN/STDOUT 40 40 + func IOWrapper[T any](input, output string, additional T, process func([]byte, T) ([]byte, error)) error { 41 41 + var inputBytes []byte 42 42 + var err error 43 43 + 44 44 + if input == constants.StandardInput { 45 45 + inputBytes, err = io.ReadAll(os.Stdin) 46 46 + if err != nil { 47 47 + return err 48 48 + } 49 49 + } else { 50 50 + inputBytes, err = os.ReadFile(input) 51 51 + if err != nil { 52 52 + return err 53 53 + } 54 54 + } 55 55 + 56 56 + outbutBytes, err := process(inputBytes, additional) 57 57 + if err != nil { 58 58 + return err 59 59 + } 60 60 + 61 61 + if output == constants.StandardOutput { 62 62 + if _, err = os.Stdout.Write(outbutBytes); err != nil { 63 63 + return err 64 64 + } 65 65 + } else { 66 66 + if err = os.WriteFile(output, outbutBytes, 0600); err != nil { 67 67 + return err 68 68 + } 69 69 + } 70 70 + return nil 71 71 + }