@@ -888,82 +888,12 @@ func main() {
888888 })
889889 }
890890 if c .Bool ("rotate" ) {
891- var addMasterKeys []keys.MasterKey
892- kmsEncryptionContext := kms .ParseKMSContext (c .String ("encryption-context" ))
893- for _ , k := range kms .MasterKeysFromArnString (c .String ("add-kms" ), kmsEncryptionContext , c .String ("aws-profile" )) {
894- addMasterKeys = append (addMasterKeys , k )
895- }
896- for _ , k := range pgp .MasterKeysFromFingerprintString (c .String ("add-pgp" )) {
897- addMasterKeys = append (addMasterKeys , k )
898- }
899- for _ , k := range gcpkms .MasterKeysFromResourceIDString (c .String ("add-gcp-kms" )) {
900- addMasterKeys = append (addMasterKeys , k )
901- }
902- azureKeys , err := azkv .MasterKeysFromURLs (c .String ("add-azure-kv" ))
903- if err != nil {
904- return toExitError (err )
905- }
906- for _ , k := range azureKeys {
907- addMasterKeys = append (addMasterKeys , k )
908- }
909- hcVaultKeys , err := hcvault .NewMasterKeysFromURIs (c .String ("add-hc-vault-transit" ))
910- if err != nil {
911- return toExitError (err )
912- }
913- for _ , k := range hcVaultKeys {
914- addMasterKeys = append (addMasterKeys , k )
915- }
916- ageKeys , err := age .MasterKeysFromRecipients (c .String ("add-age" ))
917- if err != nil {
918- return toExitError (err )
919- }
920- for _ , k := range ageKeys {
921- addMasterKeys = append (addMasterKeys , k )
922- }
923-
924- var rmMasterKeys []keys.MasterKey
925- for _ , k := range kms .MasterKeysFromArnString (c .String ("rm-kms" ), kmsEncryptionContext , c .String ("aws-profile" )) {
926- rmMasterKeys = append (rmMasterKeys , k )
927- }
928- for _ , k := range pgp .MasterKeysFromFingerprintString (c .String ("rm-pgp" )) {
929- rmMasterKeys = append (rmMasterKeys , k )
930- }
931- for _ , k := range gcpkms .MasterKeysFromResourceIDString (c .String ("rm-gcp-kms" )) {
932- rmMasterKeys = append (rmMasterKeys , k )
933- }
934- azureKeys , err = azkv .MasterKeysFromURLs (c .String ("rm-azure-kv" ))
935- if err != nil {
936- return toExitError (err )
937- }
938- for _ , k := range azureKeys {
939- rmMasterKeys = append (rmMasterKeys , k )
940- }
941- hcVaultKeys , err = hcvault .NewMasterKeysFromURIs (c .String ("rm-hc-vault-transit" ))
891+ rotateOpts , err := getRotateOpts (c , fileName , inputStore , outputStore , svcs , order )
942892 if err != nil {
943893 return toExitError (err )
944894 }
945- for _ , k := range hcVaultKeys {
946- rmMasterKeys = append (rmMasterKeys , k )
947- }
948- ageKeys , err = age .MasterKeysFromRecipients (c .String ("rm-age" ))
949- if err != nil {
950- return toExitError (err )
951- }
952- for _ , k := range ageKeys {
953- rmMasterKeys = append (rmMasterKeys , k )
954- }
955895
956- output , err = rotate (rotateOpts {
957- OutputStore : outputStore ,
958- InputStore : inputStore ,
959- InputPath : fileName ,
960- Cipher : aes .NewCipher (),
961- KeyServices : svcs ,
962- DecryptionOrder : order ,
963- IgnoreMAC : c .Bool ("ignore-mac" ),
964- AddMasterKeys : addMasterKeys ,
965- RemoveMasterKeys : rmMasterKeys ,
966- })
896+ output , err = rotate (rotateOpts )
967897 // While this check is also done below, the `err` in this scope shadows
968898 // the `err` in the outer scope
969899 if err != nil {
@@ -1138,6 +1068,85 @@ func getEncryptConfig(c *cli.Context, fileName string) (encryptConfig, error) {
11381068 }, nil
11391069}
11401070
1071+ func getRotateOpts (c * cli.Context , fileName string , inputStore common.Store , outputStore common.Store , svcs []keyservice.KeyServiceClient , decryptionOrder []string ) (rotateOpts , error ) {
1072+ var addMasterKeys []keys.MasterKey
1073+ kmsEncryptionContext := kms .ParseKMSContext (c .String ("encryption-context" ))
1074+ for _ , k := range kms .MasterKeysFromArnString (c .String ("add-kms" ), kmsEncryptionContext , c .String ("aws-profile" )) {
1075+ addMasterKeys = append (addMasterKeys , k )
1076+ }
1077+ for _ , k := range pgp .MasterKeysFromFingerprintString (c .String ("add-pgp" )) {
1078+ addMasterKeys = append (addMasterKeys , k )
1079+ }
1080+ for _ , k := range gcpkms .MasterKeysFromResourceIDString (c .String ("add-gcp-kms" )) {
1081+ addMasterKeys = append (addMasterKeys , k )
1082+ }
1083+ azureKeys , err := azkv .MasterKeysFromURLs (c .String ("add-azure-kv" ))
1084+ if err != nil {
1085+ return rotateOpts {}, err
1086+ }
1087+ for _ , k := range azureKeys {
1088+ addMasterKeys = append (addMasterKeys , k )
1089+ }
1090+ hcVaultKeys , err := hcvault .NewMasterKeysFromURIs (c .String ("add-hc-vault-transit" ))
1091+ if err != nil {
1092+ return rotateOpts {}, err
1093+ }
1094+ for _ , k := range hcVaultKeys {
1095+ addMasterKeys = append (addMasterKeys , k )
1096+ }
1097+ ageKeys , err := age .MasterKeysFromRecipients (c .String ("add-age" ))
1098+ if err != nil {
1099+ return rotateOpts {}, err
1100+ }
1101+ for _ , k := range ageKeys {
1102+ addMasterKeys = append (addMasterKeys , k )
1103+ }
1104+
1105+ var rmMasterKeys []keys.MasterKey
1106+ for _ , k := range kms .MasterKeysFromArnString (c .String ("rm-kms" ), kmsEncryptionContext , c .String ("aws-profile" )) {
1107+ rmMasterKeys = append (rmMasterKeys , k )
1108+ }
1109+ for _ , k := range pgp .MasterKeysFromFingerprintString (c .String ("rm-pgp" )) {
1110+ rmMasterKeys = append (rmMasterKeys , k )
1111+ }
1112+ for _ , k := range gcpkms .MasterKeysFromResourceIDString (c .String ("rm-gcp-kms" )) {
1113+ rmMasterKeys = append (rmMasterKeys , k )
1114+ }
1115+ azureKeys , err = azkv .MasterKeysFromURLs (c .String ("rm-azure-kv" ))
1116+ if err != nil {
1117+ return rotateOpts {}, err
1118+ }
1119+ for _ , k := range azureKeys {
1120+ rmMasterKeys = append (rmMasterKeys , k )
1121+ }
1122+ hcVaultKeys , err = hcvault .NewMasterKeysFromURIs (c .String ("rm-hc-vault-transit" ))
1123+ if err != nil {
1124+ return rotateOpts {}, err
1125+ }
1126+ for _ , k := range hcVaultKeys {
1127+ rmMasterKeys = append (rmMasterKeys , k )
1128+ }
1129+ ageKeys , err = age .MasterKeysFromRecipients (c .String ("rm-age" ))
1130+ if err != nil {
1131+ return rotateOpts {}, err
1132+ }
1133+ for _ , k := range ageKeys {
1134+ rmMasterKeys = append (rmMasterKeys , k )
1135+ }
1136+
1137+ return rotateOpts {
1138+ OutputStore : outputStore ,
1139+ InputStore : inputStore ,
1140+ InputPath : fileName ,
1141+ Cipher : aes .NewCipher (),
1142+ KeyServices : svcs ,
1143+ DecryptionOrder : decryptionOrder ,
1144+ IgnoreMAC : c .Bool ("ignore-mac" ),
1145+ AddMasterKeys : addMasterKeys ,
1146+ RemoveMasterKeys : rmMasterKeys ,
1147+ }, nil
1148+ }
1149+
11411150func toExitError (err error ) error {
11421151 if cliErr , ok := err .(* cli.ExitError ); ok && cliErr != nil {
11431152 return cliErr
0 commit comments