public bool Upgrade(SecretsManager sman, Vault vault, string password)
{
// Convert JSON strings and byte arrays to plain values
foreach (var key in new List <string>(sman.Keys))
{
sman.DefaultSerializer = new Utf8JsonSerializer();
sman.TryGetValue(key, out byte[] bytes);
try
{
var s = Encoding.UTF8.GetString(bytes);
var o = JsonConvert.DeserializeObject(s);
if (o is string stringValue)
{
sman.Set(key, stringValue);
}
else if (o is byte[] byteValue)
{
sman.Set(key, byteValue);
}
}
catch
{
throw new VaultVersionException($"Cannot upgrade secret {key}");
}
}
sman.CreateSentinel();
return(true);
}
public void Update(string key, string value)
{
//manually attempt to handle a few particular types
if (!value.StartsWith("0") && int.TryParse(value, out var intValue))
{
_sman.Set(key, intValue);
}
else if (bool.TryParse(value, out var boolValue))
{
_sman.Set(key, boolValue);
}
else
{
_sman.Set(key, value);
}
}
private static bool TryGetCredentials(out string userName, out string userToken)
{
userName = userToken = null;
if (!GetSecret(SecretsManager.GitHubUsername, "What is your GitHub user name?", out userName))
{
Console.WriteLine("This is needed...exiting");
userName = userToken = null;
return(false);
}
else
{
SecretsManager.Set(SecretsManager.GitHubUsername, userName);
Console.WriteLine($"Your GitHub username is {SecretsManager.Get(SecretsManager.GitHubUsername)}.");
}
if (!GetSecret(SecretsManager.GitHubUserToken, "What is your GitHub user token?", out userToken))
{
Console.WriteLine("This is needed...exiting");
userName = userToken = null;
return(false);
}
else
{
SecretsManager.Set(SecretsManager.GitHubUserToken, userToken);
GitHubQlService.SetAuthToken(userToken);
Console.WriteLine("Your GitHub auth token is set.");
}
Console.WriteLine();
SecretsManager.Save();
Console.WriteLine("You can clear both of these by running this command with a `clear` argument.");
Console.WriteLine();
return(true);
}
public void Update(string key, string value)
{
// Force validation to avoid loss of sensitive data
if (_sman.TryGetBytes(key, out var buffer))
{
}
_sman.Set(key, value);
}
public bool Upgrade(SecretsManager sman, Vault vault, string password)
{
// Upgrade from 10,000 PBKDF2 rounds to 256,000 PBKDF2 rounds
if (password is null)
{
return(true);
}
// Load old key
var oldKey = SecretsManager.DerivePassword(password, vault.IV, 10000);
sman.SplitAndLoadKey(oldKey);
var secrets = new Dictionary <string, SecureBuffer>(vault.Data.Count);
foreach (var kv in vault.Data)
{
secrets.Add(kv.Key, sman.Decrypt(kv.Value));
}
// Load new key with explicit IV length
vault.IV = new byte[16];
SecretsManager.GenerateBytes(vault.IV);
var newKey = SecretsManager.DerivePassword(password, vault.IV, 256000);
sman.SplitAndLoadKey(newKey);
// Update individual secrets
foreach (var kv in secrets)
{
sman.Set(kv.Key, kv.Value);
kv.Value.Dispose();
}
// Update sentinel to match new password
vault.Sentinel = null;
sman.CreateSentinel();
return(true);
}
