@@ -905,82 +905,12 @@ func main() {
905905 })
906906 }
907907 if c .Bool ("rotate" ) {
908- var addMasterKeys []keys.MasterKey
909- kmsEncryptionContext := kms .ParseKMSContext (c .String ("encryption-context" ))
910- for _ , k := range kms .MasterKeysFromArnString (c .String ("add-kms" ), kmsEncryptionContext , c .String ("aws-profile" )) {
911- addMasterKeys = append (addMasterKeys , k )
912- }
913- for _ , k := range pgp .MasterKeysFromFingerprintString (c .String ("add-pgp" )) {
914- addMasterKeys = append (addMasterKeys , k )
915- }
916- for _ , k := range gcpkms .MasterKeysFromResourceIDString (c .String ("add-gcp-kms" )) {
917- addMasterKeys = append (addMasterKeys , k )
918- }
919- azureKeys , err := azkv .MasterKeysFromURLs (c .String ("add-azure-kv" ))
920- if err != nil {
921- return toExitError (err )
922- }
923- for _ , k := range azureKeys {
924- addMasterKeys = append (addMasterKeys , k )
925- }
926- hcVaultKeys , err := hcvault .NewMasterKeysFromURIs (c .String ("add-hc-vault-transit" ))
927- if err != nil {
928- return toExitError (err )
929- }
930- for _ , k := range hcVaultKeys {
931- addMasterKeys = append (addMasterKeys , k )
932- }
933- ageKeys , err := age .MasterKeysFromRecipients (c .String ("add-age" ))
934- if err != nil {
935- return toExitError (err )
936- }
937- for _ , k := range ageKeys {
938- addMasterKeys = append (addMasterKeys , k )
939- }
940-
941- var rmMasterKeys []keys.MasterKey
942- for _ , k := range kms .MasterKeysFromArnString (c .String ("rm-kms" ), kmsEncryptionContext , c .String ("aws-profile" )) {
943- rmMasterKeys = append (rmMasterKeys , k )
944- }
945- for _ , k := range pgp .MasterKeysFromFingerprintString (c .String ("rm-pgp" )) {
946- rmMasterKeys = append (rmMasterKeys , k )
947- }
948- for _ , k := range gcpkms .MasterKeysFromResourceIDString (c .String ("rm-gcp-kms" )) {
949- rmMasterKeys = append (rmMasterKeys , k )
950- }
951- azureKeys , err = azkv .MasterKeysFromURLs (c .String ("rm-azure-kv" ))
952- if err != nil {
953- return toExitError (err )
954- }
955- for _ , k := range azureKeys {
956- rmMasterKeys = append (rmMasterKeys , k )
957- }
958- hcVaultKeys , err = hcvault .NewMasterKeysFromURIs (c .String ("rm-hc-vault-transit" ))
908+ rotateOpts , err := getRotateOpts (c , fileName , inputStore , outputStore , svcs , order )
959909 if err != nil {
960910 return toExitError (err )
961911 }
962- for _ , k := range hcVaultKeys {
963- rmMasterKeys = append (rmMasterKeys , k )
964- }
965- ageKeys , err = age .MasterKeysFromRecipients (c .String ("rm-age" ))
966- if err != nil {
967- return toExitError (err )
968- }
969- for _ , k := range ageKeys {
970- rmMasterKeys = append (rmMasterKeys , k )
971- }
972912
973- output , err = rotate (rotateOpts {
974- OutputStore : outputStore ,
975- InputStore : inputStore ,
976- InputPath : fileName ,
977- Cipher : aes .NewCipher (),
978- KeyServices : svcs ,
979- DecryptionOrder : order ,
980- IgnoreMAC : c .Bool ("ignore-mac" ),
981- AddMasterKeys : addMasterKeys ,
982- RemoveMasterKeys : rmMasterKeys ,
983- })
913+ output , err = rotate (rotateOpts )
984914 // While this check is also done below, the `err` in this scope shadows
985915 // the `err` in the outer scope
986916 if err != nil {
@@ -1155,6 +1085,85 @@ func getEncryptConfig(c *cli.Context, fileName string) (encryptConfig, error) {
11551085 }, nil
11561086}
11571087
1088+ func getRotateOpts (c * cli.Context , fileName string , inputStore common.Store , outputStore common.Store , svcs []keyservice.KeyServiceClient , decryptionOrder []string ) (rotateOpts , error ) {
1089+ var addMasterKeys []keys.MasterKey
1090+ kmsEncryptionContext := kms .ParseKMSContext (c .String ("encryption-context" ))
1091+ for _ , k := range kms .MasterKeysFromArnString (c .String ("add-kms" ), kmsEncryptionContext , c .String ("aws-profile" )) {
1092+ addMasterKeys = append (addMasterKeys , k )
1093+ }
1094+ for _ , k := range pgp .MasterKeysFromFingerprintString (c .String ("add-pgp" )) {
1095+ addMasterKeys = append (addMasterKeys , k )
1096+ }
1097+ for _ , k := range gcpkms .MasterKeysFromResourceIDString (c .String ("add-gcp-kms" )) {
1098+ addMasterKeys = append (addMasterKeys , k )
1099+ }
1100+ azureKeys , err := azkv .MasterKeysFromURLs (c .String ("add-azure-kv" ))
1101+ if err != nil {
1102+ return rotateOpts {}, err
1103+ }
1104+ for _ , k := range azureKeys {
1105+ addMasterKeys = append (addMasterKeys , k )
1106+ }
1107+ hcVaultKeys , err := hcvault .NewMasterKeysFromURIs (c .String ("add-hc-vault-transit" ))
1108+ if err != nil {
1109+ return rotateOpts {}, err
1110+ }
1111+ for _ , k := range hcVaultKeys {
1112+ addMasterKeys = append (addMasterKeys , k )
1113+ }
1114+ ageKeys , err := age .MasterKeysFromRecipients (c .String ("add-age" ))
1115+ if err != nil {
1116+ return rotateOpts {}, err
1117+ }
1118+ for _ , k := range ageKeys {
1119+ addMasterKeys = append (addMasterKeys , k )
1120+ }
1121+
1122+ var rmMasterKeys []keys.MasterKey
1123+ for _ , k := range kms .MasterKeysFromArnString (c .String ("rm-kms" ), kmsEncryptionContext , c .String ("aws-profile" )) {
1124+ rmMasterKeys = append (rmMasterKeys , k )
1125+ }
1126+ for _ , k := range pgp .MasterKeysFromFingerprintString (c .String ("rm-pgp" )) {
1127+ rmMasterKeys = append (rmMasterKeys , k )
1128+ }
1129+ for _ , k := range gcpkms .MasterKeysFromResourceIDString (c .String ("rm-gcp-kms" )) {
1130+ rmMasterKeys = append (rmMasterKeys , k )
1131+ }
1132+ azureKeys , err = azkv .MasterKeysFromURLs (c .String ("rm-azure-kv" ))
1133+ if err != nil {
1134+ return rotateOpts {}, err
1135+ }
1136+ for _ , k := range azureKeys {
1137+ rmMasterKeys = append (rmMasterKeys , k )
1138+ }
1139+ hcVaultKeys , err = hcvault .NewMasterKeysFromURIs (c .String ("rm-hc-vault-transit" ))
1140+ if err != nil {
1141+ return rotateOpts {}, err
1142+ }
1143+ for _ , k := range hcVaultKeys {
1144+ rmMasterKeys = append (rmMasterKeys , k )
1145+ }
1146+ ageKeys , err = age .MasterKeysFromRecipients (c .String ("rm-age" ))
1147+ if err != nil {
1148+ return rotateOpts {}, err
1149+ }
1150+ for _ , k := range ageKeys {
1151+ rmMasterKeys = append (rmMasterKeys , k )
1152+ }
1153+
1154+ return rotateOpts {
1155+ OutputStore : outputStore ,
1156+ InputStore : inputStore ,
1157+ InputPath : fileName ,
1158+ Cipher : aes .NewCipher (),
1159+ KeyServices : svcs ,
1160+ DecryptionOrder : decryptionOrder ,
1161+ IgnoreMAC : c .Bool ("ignore-mac" ),
1162+ AddMasterKeys : addMasterKeys ,
1163+ RemoveMasterKeys : rmMasterKeys ,
1164+ }, nil
1165+ }
1166+
11581167func toExitError (err error ) error {
11591168 if cliErr , ok := err .(* cli.ExitError ); ok && cliErr != nil {
11601169 return cliErr
0 commit comments