예제 #1
0
 public void SetKey(string key, string value)
 {
     using var sman = SecretsManager.LoadStore(storeFile);
     sman.LoadKeyFromFile(keyFile);
     sman.Set(key, value);
     sman.SaveStore(storeFile);
 }
예제 #2
0
        public void StoreAndLoad()
        {
            var storePath = Path.GetTempFileName();
            var keyPath   = Path.GetTempFileName();

            using (var sman = SecretsManager.CreateStore())
            {
                sman.GenerateKey();
                foreach (var key in SecureData.Keys)
                {
                    sman.Set(key, SecureData[key]);
                }
                sman.SaveStore(storePath);
                sman.ExportKey(keyPath);
            }

            using (var sman = SecretsManager.LoadStore(storePath))
            {
                sman.LoadKeyFromFile(keyPath);
                foreach (var key in SecureData.Keys)
                {
                    Assert.AreEqual(SecureData[key], sman.Retrieve(key), $"Retrieved data for key \"{key}\" does not match stored value!");
                }
            }
        }
예제 #3
0
        protected override void ProcessRecord()
        {
            try {
                if (File.Exists(StorePath))
                {
                    using (var sman = SecretsManager.LoadStore(StorePath)) {
                        if (ParameterSetName == "KeyPath")
                        {
                            KeyPath = GetUnresolvedProviderPathFromPSPath(KeyPath);
                            sman.LoadKeyFromFile(KeyPath);
                        }

                        if (ParameterSetName == "Password")
                        {
                            sman.LoadKeyFromPassword(Password);
                        }

                        sman.Set(Name, Value);

                        StorePath = GetUnresolvedProviderPathFromPSPath(StorePath);

                        sman.SaveStore(StorePath);
                    }
                }
            }
            catch {
                //either the file doesn't exist, or it is a non-secretful file
                using (var sman = SecretsManager.CreateStore())
                {
                    if (ParameterSetName == "KeyPath")
                    {
                        KeyPath = GetUnresolvedProviderPathFromPSPath(KeyPath);
                        sman.LoadKeyFromFile(KeyPath);
                    }

                    if (ParameterSetName == "Password")
                    {
                        sman.LoadKeyFromPassword(Password);
                    }

                    sman.Set(Name, Value);

                    StorePath = GetUnresolvedProviderPathFromPSPath(StorePath);

                    sman.SaveStore(StorePath);
                }
            }
        }
예제 #4
0
        protected override void ProcessRecord()
        {
            StorePath = GetUnresolvedProviderPathFromPSPath(StorePath);

            using (var sman = SecretsManager.LoadStore(StorePath))
            {
                if (All)
                {
                    if (ParameterSetName == "KeyPath")
                    {
                        KeyPath = GetUnresolvedProviderPathFromPSPath(KeyPath);
                        sman.LoadKeyFromFile(KeyPath);
                    }

                    if (ParameterSetName == "Password")
                    {
                        sman.LoadKeyFromPassword(Password);
                    }

                    Hashtable toReturn = new Hashtable();
                    foreach (var k in sman.Keys)
                    {
                        toReturn.Add(k, sman.Get(k));
                    }

                    WriteObject(toReturn);
                }
                else
                {
                    if (ParameterSetName == "KeyPath")
                    {
                        KeyPath = GetUnresolvedProviderPathFromPSPath(KeyPath);
                        sman.LoadKeyFromFile(KeyPath);
                    }

                    if (ParameterSetName == "Password")
                    {
                        sman.LoadKeyFromPassword(Password);
                    }

                    WriteObject(sman.Get(Name));
                }
            }
        }
예제 #5
0
        /// <summary>
        ///     Loads the SecureStore data from a stream.
        /// </summary>
        /// <param name="stream">The stream to read.</param>
        public override void Load(Stream stream)
        {
            var source     = (SecureStoreConfigurationSource)Source;
            var dictionary = new Dictionary <string, string>(StringComparer.OrdinalIgnoreCase);

            using (var manager = SecretsManager.LoadStore(stream))
            {
                switch (source.KeyType)
                {
                case KeyType.File:
                    // ref: https://github.com/aspnet/Configuration/blob/master/src/Config.FileExtensions/FileConfigurationProvider.cs#L48
                    var file = source.KeyFileProvider?.GetFileInfo(source.Key);
                    if (file == null || !file.Exists)
                    {
                        var error = new StringBuilder(
                            $"The configuration key file '{source.Key}' was not found and is not optional.");
                        if (!string.IsNullOrEmpty(file?.PhysicalPath))
                        {
                            error.Append($" The physical path is '{file.PhysicalPath}'.");
                        }

                        throw new FileNotFoundException(error.ToString());
                    }

                    manager.LoadKeyFromFile(file.PhysicalPath);
                    break;

                case KeyType.Password:
                    manager.LoadKeyFromPassword(source.Key);
                    break;

                default:
                    throw new ArgumentOutOfRangeException(nameof(source.KeyType));
                }

                foreach (var key in manager.Keys)
                {
                    dictionary.Add(key, manager.Get(key));
                }
            }

            Data = dictionary;
        }
예제 #6
0
        public void StoreAndLoadStream()
        {
            var storePath = Path.GetTempFileName();
            var keyPath   = Path.GetTempFileName();

            CreateTestStore(storePath, keyPath);

            using (var stream = new FileStream(storePath, FileMode.Open, FileAccess.Read))
            {
                using (var sman = SecretsManager.LoadStore(stream))
                {
                    sman.LoadKeyFromFile(keyPath);
                    foreach (var key in SecureData.Keys)
                    {
                        Assert.AreEqual(SecureData[key], sman.Retrieve(key), $"Retrieved data for key \"{key}\" does not match stored value!");
                    }
                }
            }
        }
예제 #7
0
        public void CatchTamperedData()
        {
            const string password  = "******";
            string       storePath = Path.GetTempFileName();

            // Generate a valid store
            using (var sman = SecretsManager.CreateStore())
            {
                sman.LoadKeyFromPassword(password);
                sman.Set("foo", "bar");
                sman.SaveStore(storePath);
            }

            // Load the store contents into memory
            var fileData = File.ReadAllText(storePath);
            // We don't have access to the internal encrypted bytes payloads are
            // deserialized to, but we can just access it directly.
            var deserialized = JsonConvert.DeserializeObject <MockStore>(fileData);

            var bytes = deserialized.Secrets["foo"].Payload;

            // Tamper with the data
            var prng = new Random();

            for (int i = 0; i < bytes.Length; ++i)
            {
                bytes[i] ^= (byte)prng.Next();
            }

            // Write the changes back
            deserialized.Secrets["foo"].Payload = bytes;
            fileData = JsonConvert.SerializeObject(deserialized);
            File.WriteAllText(storePath, fileData);

            // Verify that tampering is caught
            using (var sman = SecretsManager.LoadStore(storePath))
            {
                sman.LoadKeyFromPassword(password);
                Assert.ThrowsException <TamperedCipherTextException>(() => sman.Get("foo"), "Could not detect tampering with encrypted data!");
            }
        }
예제 #8
0
        public void CatchTamperedData()
        {
            const string password  = "******";
            string       storePath = Path.GetTempFileName();

            //generate a valid store
            using (var sman = SecretsManager.CreateStore())
            {
                sman.LoadKeyFromPassword(password);
                sman.Set("foo", "bar");
                sman.SaveStore(storePath);
            }

            //load the store contents into memory
            var fileData     = File.ReadAllText(storePath);
            var deserialized = JsonConvert.DeserializeObject <dynamic>(fileData);

            string base64 = deserialized.Data.foo.Payload;
            var    bytes  = Convert.FromBase64String(base64);

            //tamper with the data
            var prng = new Random();

            for (int i = 0; i < bytes.Length; ++i)
            {
                bytes[i] ^= (byte)prng.Next();
            }

            //write the changes back
            deserialized.Data.foo.Payload = Convert.ToBase64String(bytes);
            fileData = JsonConvert.SerializeObject(deserialized);
            File.WriteAllText(storePath, fileData);

            //test decryption
            using (var sman = SecretsManager.LoadStore(storePath))
            {
                sman.LoadKeyFromPassword(password);
                Assert.ThrowsException <TamperedCipherTextException>(() => sman.Retrieve("foo"), "Could not detect tampering with encrypted data!");
            }
        }
예제 #9
0
        public void EncryptionTest()
        {
            string storePath = Path.GetTempFileName();

            using (var sman = SecretsManager.CreateStore())
            {
                sman.LoadKeyFromPassword("password1");
                sman.Set("foo", "bar");
                sman.SaveStore(storePath);
            }

            using (var sman = SecretsManager.LoadStore(storePath))
            {
                sman.LoadKeyFromPassword("password2");

                string retrieved = null;
                try
                {
                    retrieved = sman.Get("foo");
                }
                catch { }
                Assert.AreNotEqual("bar", retrieved, "Retrieved encrypted data with wrong password!");
            }
        }
예제 #10
0
        static void Main(string[] args)
        {
            var argv = args;
            int argc = args.Length;

            string        path       = null;
            string        password   = null;
            string        keyfile    = null;
            bool          delete     = false;
            string        key        = null;
            string        value      = null;
            bool          decryptAll = false;
            bool          generate   = false;
            DecryptFormat format     = DecryptFormat.None;

            OptionSet globalOptions;

            var createOptions = new OptionSet
            {
                { "s|store=", "Path to the secrets store to be created", s => path = s },
                { "p|password:"******"Secure the store with a key derived from a password (optionally provided in the command line)", p => password = p ?? "" },
                { "f|keyfile=", "Secure the store with a randomly generated key, created at the provided path", f => keyfile = f },
                { "g|generate", "Generate a new key and save it to the path specified by --keyfile", g => generate = g != null },
            };

            var updateOptions = new OptionSet
            {
                { "s|store=", "Path to the secrets store to be loaded", s => path = s },
                { "p|password:"******"Decrypt the store with a key derived from a password (optionally provided in the command line)", p => password = p ?? "" },
                { "f|keyfile=", "Decrypt the store with a keyfile, located at the provided path", f => keyfile = f },
                { "k|key=", "The (new or existing) key of the (key, value) tuple to create or update", k => key = k },
                { "v|value=", "The (new) value of the (key, value) tuple to create or update", v => value = v },
                { "d|delete=", "The existing key of the (key, value) tuple to delete", k => { key = k; delete = true; } },
            };

            var decryptOptions = new OptionSet
            {
                { "s|store=", "Path to the secrets store to be loaded", s => path = s },
                { "p|password:"******"Decrypt the store with a key derived from a password (optionally provided in the command line)", p => password = p ?? "" },
                { "f|keyfile=", "Decrypt the store with a keyfile, located at the provided path", f => keyfile = f },
                { "k|key=", "The (new or existing) key of the (key, value) tuple to create or update", k => key = k },
                { "a|all", "Decrypt the entire contents of the store and print to stdout", a => decryptAll = a != null },
                { "t|format=", "Specify the output format: json (default), text", t => { if (!Parse(t, out format))
                                                                                         {
                                                                                             throw new ExitCodeException(1, "Unsupported format specified!");
                                                                                         }
                  } }
            };

            void printUsage()
            {
                Console.WriteLine($"ssclient [OPTIONS | [create|update|decrypt] OPTIONS]");
                PrintOptions(null, globalOptions);
                Console.WriteLine();
                PrintOptions("create", createOptions);
                PrintOptions("update", updateOptions);
                PrintOptions("decrypt", decryptOptions);
            }

            bool help    = false;
            bool version = false;

            globalOptions = new OptionSet
            {
                { "h|help|?", "Show this help message and exit", h => help = true },
                { "v|version", "Print version information and exit", h => version = true },
            };

            if (args.Length == 0)
            {
                Console.Write("Usage: ");
                printUsage();
                Environment.Exit(1);
            }

            //only try to parse --help and --version
            globalOptions.Parse(new[] { args[0] });

            void printVersion()
            {
                Console.WriteLine($"ssclient {AssemblyVersion} - SecureStore secrets manager client");
                Console.WriteLine("Copyright NeoSmart Technologies 2017 - https://github.com/neosmart/SecureStore/");
            }

            if (help)
            {
                printVersion();
                Console.WriteLine();
                Console.Write("Usage: ");
                printUsage();

                Environment.Exit(0);
            }

            if (version)
            {
                printVersion();
                Environment.Exit(0);
            }

            string    command = args[0];
            OptionSet options = null;

            switch (command)
            {
            case "create":
                options = createOptions;
                break;

            case "update":
                options = updateOptions;
                break;

            case "decrypt":
                options = decryptOptions;
                break;

            default:
                Console.WriteLine($"{command}: unsupported command!");
                Console.WriteLine();
                printUsage();
                Environment.Exit(1);
                break;
            }

            int exitCode = 0;

            try
            {
                //we have no trailing parameters, but Mono.Options is dumb and does not treat --password PASSWORD
                //as an option:value tuple when password is defined as taking an optional value.
                //It instead requires --password=PASSWORD or --password:PASSWORD or -pPASSWORD
                var bareArguments = options.Parse(args.Skip(1));

                bool standalonePassword = false;
                if (bareArguments.Count == 1 && password == "")
                {
                    //check if this was the standalone password
                    var possibles = new[] { "-p", "--password", "/p", "/password" };

                    for (int i = 1; i < argc; ++i)
                    {
                        if (!possibles.Contains(argv[i]))
                        {
                            continue;
                        }

                        //this was the password index
                        if (argc > i + 1 && argv[i + 1] == bareArguments[0])
                        {
                            password           = bareArguments[0];
                            standalonePassword = true;
                        }

                        break;
                    }
                }

                //Handle common parameters
                if (!standalonePassword && bareArguments.Count > 0)
                {
                    Help("Invalid arguments!", command, options);
                }

                if (string.IsNullOrWhiteSpace(path))
                {
                    Help("A path to the secrets store is required!", command, options);
                }

                if (keyfile != null && password != null)
                {
                    Help("Cannot specify both --password and --keyfile", command, options);
                }

                if (keyfile == null && password == null)
                {
                    Help("Must specify either --password or --keyfile!", command, options);
                }

                if (password == "")
                {
                    Console.Write("Password: "******"create")
                {
                    if (generate && keyfile == null)
                    {
                        Help("--generate requires a path specified by --keyfile to export the newly created key to!", command, options);
                    }
                    sman = SecretsManager.CreateStore();
                }
                else
                {
                    if (command == "update")
                    {
                        if (delete && (key != null || value != null))
                        {
                            Help("Cannot specify both --delete and --key or --value!", command, options);
                        }
                        else if (!delete && (key == null || value == null))
                        {
                            Help("Must specify both --key and --value to update!", command, options);
                        }
                    }
                    else if (command == "decrypt")
                    {
                        if (!decryptAll && string.IsNullOrWhiteSpace(key))
                        {
                            Help("Either --all or --key KEY must be specified as an argument to decrypt!", command, options);
                        }
                    }

                    sman = SecretsManager.LoadStore(path);
                }

                using (sman)
                {
                    if (generate)
                    {
                        sman.GenerateKey();
                        sman.ExportKey(keyfile);
                    }
                    else if (keyfile != null)
                    {
                        sman.LoadKeyFromFile(keyfile);
                    }
                    else
                    {
                        sman.LoadKeyFromPassword(password);
                    }

                    var client = new Client(sman);

                    switch (command)
                    {
                    case "create":
                        client.Create();
                        break;

                    case "update":
                        if (delete)
                        {
                            client.Delete(key);
                        }
                        else
                        {
                            client.Update(key, value);
                        }
                        break;

                    case "decrypt":
                        if (!decryptAll)
                        {
                            if (format != DecryptFormat.None)
                            {
                                Help($"--format can only be used in conjunction with --all!", command, options);
                            }

                            client.Decrypt(key);
                        }
                        else
                        {
                            client.DecryptAll(format);
                        }
                        break;

                    default:
                        throw new NotImplementedException($"Case {command} not handled!");
                    }

                    sman.SaveStore(path);
                }
            }
            catch (OptionException ex)
            {
                Console.WriteLine(ex.Message);
                exitCode = 1;
            }
            catch (ExitCodeException ex)
            {
                if (!string.IsNullOrWhiteSpace(ex.Message))
                {
                    Console.WriteLine(ex.Message);
                }
                exitCode = ex.ExitCode;
            }
            catch (Exception ex)
            {
                Console.WriteLine($"Error: {ex.Message}");
                exitCode = 1;
            }

            Environment.Exit(exitCode);
        }
예제 #11
0
        static void Main(string[] mainArgs)
        {
            var args = new List <string>(mainArgs);

            bool          help        = false;
            bool          version     = false;
            string        path        = null;
            string        password    = null;
            string        keyfile     = null;
            string        secretName  = null;
            string        secretValue = null;
            bool          decryptAll  = false;
            DecryptFormat format      = DecryptFormat.None;

            var globalOptions = new OptionSet
            {
                { "h|help|?", "Show this help message and exit", _ => help = true },
                { "v|version", "Print version information and exit", _ => version = true },
                { "s|store=", "Load secrets store from provided path", s => path = s },
                { "p|password:"******"Prompt for decryption password", p => password = p ?? "" },
                { "k|keyfile=", "Load decryption key from path", k => keyfile = k },
            };

            var options = new Dictionary <string, OptionSet>();

            options["create"] = new OptionSet
            {
                { "h|help", "Show help for create command options", _ => help = true },
                // password is : because automated systems may use the command line to specify passwords. This may change!
                { "p|password:"******"Secure store with a key derived from a password", p => password = p ?? "" },
                { "k|keyfile=", "Path to load or save secure key from/to", k => keyfile = k },
            };

            options["delete"] = new OptionSet
            {
                { "h|help", "Show help for delete command options", _ => help = true },
                { "s|store=", "Load secrets store from provided path", s => path = s },
                // password is : because automated systems may use the command line to specify passwords. This may change!
                { "p|password:"******"Decrypt store with key derived from password", p => password = p ?? "" },
                { "k|keyfile=", "Path to load secure key from", k => keyfile = k },
            };

            options["get"] = new OptionSet
            {
                { "h|help", "Show help for decryption command options", _ => help = true },
                { "s|store=", "Load secrets store from provided path", s => path = s },
                // password is : because automated systems may use the command line to specify passwords. This may change!
                { "p|password:"******"Decrypt store with key derived from password", p => password = p ?? "" },
                { "k|keyfile=", "Path to load secure key from", k => keyfile = k },
                { "a|all", "Decrypt the entire contents of the store and print to stdout", _ => decryptAll = true },
                { "t|output-format=", "Specify the output format: json (default), text", t => { if (!Parse(t, out format))
                                                                                                {
                                                                                                    throw new ExitCodeException(1, "Unsupported format specified!");
                                                                                                }
                  } }
            };

            options["set"] = new OptionSet
            {
                { "h|help", "Show help for encryption command options", _ => help = true },
                { "s|store=", "Load secrets store from provided path", s => path = s },
                // password is : because automated systems may use the command line to specify passwords. This may change!
                { "p|password:"******"Decrypt store with key derived from password", p => password = p ?? "" },
                { "k|keyfile=", "Path to load secure key from", k => keyfile = k },
            };

            void printUsage(TextWriter output)
            {
                output.WriteLine($"ssclient [FLAGS] [create|set|get|delete] OPTIONS");
                PrintOptions(output, null, globalOptions);
                output.WriteLine();

                foreach (var kv in options)
                {
                    PrintOptions(output, kv.Key, kv.Value);
                }
            }

            if (args.Count == 0)
            {
                Console.Out.Write("Usage: ");
                printUsage(Console.Out);
                Environment.Exit(1);
            }

            // Only try to parse --help and --version
            globalOptions.Parse(args);

            void printVersion()
            {
                Console.Out.WriteLine($"ssclient {AssemblyVersion} - SecureStore secrets manager client");
                Console.Out.WriteLine("Copyright NeoSmart Technologies 2017-2020 - https://github.com/neosmart/SecureStore/");
            }

            if (help)
            {
                printVersion();
                Console.Out.WriteLine();
                Console.Out.Write("Usage: ");
                printUsage(Console.Out);

                Environment.Exit(0);
            }

            if (version)
            {
                printVersion();
                Environment.Exit(0);
            }

            int commandIndex = args.FindIndex(arg => options.ContainsKey(arg));

            if (commandIndex < 0)
            {
                printUsage(Console.Error);
                Environment.Exit(1);
            }

            string command = args[commandIndex];

            args.RemoveAt(commandIndex);
            OptionSet parseOptions = options[command];

            int exitCode = 0;

            try
            {
                // Mono.Options is dumb and does not treat --password PASSWORD
                // as an option:value tuple when password is defined as taking an optional value.
                // It instead requires --password=PASSWORD or --password:PASSWORD or -pPASSWORD
                var bareArguments = parseOptions.Parse(args);

                if (bareArguments.Count > 0 && password == string.Empty)
                {
                    // Check if this was the standalone password
                    var possibles = new[] { "-p", "--password", "/p", "/password" };

                    for (int i = 0; i < args.Count - 1; ++i)
                    {
                        if (!possibles.Contains(args[i]))
                        {
                            continue;
                        }

                        // This was the password index
                        var bareIndex = bareArguments.FindIndex(arg => arg == args[i + 1]);
                        if (bareIndex >= 0)
                        {
                            password = bareArguments[bareIndex];
                            bareArguments.RemoveAt(bareIndex);
                            break;
                        }
                    }
                }

                // Consume remaining bare parameters before carrying out any actions so we can validate
                // there are no unexpected bare parameters.
                if (command == "create")
                {
                    if (bareArguments.Count > 0 && string.IsNullOrEmpty(path))
                    {
                        path = bareArguments[0];
                        bareArguments.RemoveAt(0);
                    }
                }
                else if (command == "get" || command == "delete")
                {
                    if (!decryptAll && bareArguments.Count != 1)
                    {
                        Console.Error.WriteLine("Expected the name of a single secret to look up or delete!");
                        Environment.Exit(1);
                    }
                    else if (!decryptAll)
                    {
                        secretName = bareArguments[0];
                        bareArguments.RemoveAt(0);
                    }
                }
                else if (command == "set")
                {
                    if (bareArguments.Count == 1 && bareArguments[0].Contains('='))
                    {
                        var parts = bareArguments[0].Split('=', 2);
                        secretName  = parts[0];
                        secretValue = parts[1];
                        bareArguments.RemoveAt(0);
                    }
                    else if (bareArguments.Count == 2 && !bareArguments[1].Contains('='))
                    {
                        secretName  = bareArguments[0];
                        secretValue = bareArguments[1];
                        bareArguments.RemoveRange(0, 2);
                    }
                    else
                    {
                        Console.Error.WriteLine("Expected a single \"key=value\" or \"key\" \"value\" to set!");
                        Environment.Exit(1);
                    }
                }

                // Handle common parameters
                // if (bareArguments.Count > 0)
                // {
                //     Console.Error.Write($"BareArguments[0]: {bareArguments[0]}");
                //     Help(Console.Error, "Invalid arguments!", command, parseOptions);
                // }

                if (path is null)
                {
                    // Help(Console.Error, "A path to the secrets store is required!", command, parseOptions);

                    // Default to secrets.json rather than error out
                    path = "secrets.json";
                }

                if (string.IsNullOrWhiteSpace(path))
                {
                    Help(Console.Error, "A path to the secrets store is required!", command, parseOptions);
                }

                if (keyfile == null && password == null)
                {
                    // Help(Console.Error, "Must specify either --password or --keyfile!", command, parseOptions);

                    // Default to password mode instead of erroring out
                    password = string.Empty;
                }

                // We need to differentiate between null (not set) and empty (empty)
                if (password == string.Empty)
                {
                    if (command == "create")
                    {
                        while (string.IsNullOrWhiteSpace(password))
                        {
                            Console.Write("New password: "******"Confirm password: "******"Password: "******"create")
                {
                    if (password is null && string.IsNullOrWhiteSpace(keyfile))
                    {
                        Console.Error.WriteLine("A newly created store must have one or both of --password and --keyfile specified");
                        Environment.Exit(1);
                    }
                    if (!string.IsNullOrWhiteSpace(password) && File.Exists(keyfile) &&
                        new FileInfo(keyfile).Length > 0)
                    {
                        Confirm($"Overwrite the existing contents of the key file at {keyfile} " +
                                "with a key derived from the provided password? [yes/no]: ");
                    }
                    sman = SecretsManager.CreateStore();
                }
                else
                {
                    if (command == "get")
                    {
                        if (decryptAll && !string.IsNullOrWhiteSpace(secretName))
                        {
                            Help(Console.Error, "Either --all or KEY must be specified as an argument to decrypt (not both)!", command, parseOptions);
                        }
                    }

                    sman = SecretsManager.LoadStore(path);
                }

                using (sman)
                {
                    if (!string.IsNullOrEmpty(password))
                    {
                        sman.LoadKeyFromPassword(password);
                    }

                    if (command == "create")
                    {
                        if (File.Exists(path) && new FileInfo(path).Length > 0)
                        {
                            Confirm($"Overwrite existing store at {path}? [yes/no]: ");
                        }
                        if (password == null)
                        {
                            if (File.Exists(keyfile) && new FileInfo(keyfile).Length > 0)
                            {
                                sman.LoadKeyFromFile(keyfile);
                            }
                            else
                            {
                                sman.GenerateKey();
                                sman.ExportKey(keyfile);
                            }
                        }
                        else if (!string.IsNullOrEmpty(keyfile))
                        {
                            sman.ExportKey(keyfile);
                        }
                    }
                    else if (password == null && keyfile != null)
                    {
                        sman.LoadKeyFromFile(keyfile);
                    }

                    var client = new Client(sman);

                    switch (command)
                    {
                    case "create":
                        client.Create();
                        break;

                    case "delete":
                        client.Delete(secretName);
                        break;

                    case "set":
                        client.Update(secretName, secretValue);
                        break;

                    case "get":
                        if (!decryptAll)
                        {
                            if (format != DecryptFormat.None)
                            {
                                Help(Console.Error, "--format can only be used in conjunction with --all!",
                                     command, parseOptions);
                            }

                            client.Decrypt(secretName);
                        }
                        else
                        {
                            client.DecryptAll(format);
                        }
                        break;

                    default:
                        throw new NotImplementedException($"Case {command} not handled!");
                    }

                    sman.SaveStore(path);
                }
            }
            catch (OptionException ex)
            {
                Console.WriteLine(ex.Message);
                exitCode = 1;
            }
            catch (ExitCodeException ex)
            {
                if (!string.IsNullOrWhiteSpace(ex.Message))
                {
                    Console.WriteLine(ex.Message);
                }
                exitCode = ex.ExitCode;
            }
            catch (Exception ex)
            {
                Console.WriteLine($"Error: {ex.Message}");
                exitCode = 1;
            }

            Environment.Exit(exitCode);
        }
예제 #12
0
 public string ReadKey(string key)
 {
     using var sman = SecretsManager.LoadStore(storeFile);
     sman.LoadKeyFromFile(keyFile);
     return !sman.TryGetValue(key, out string value) ? "" : value;
 }
예제 #13
0
 public bool CheckKey(string key)
 {
     using var sman = SecretsManager.LoadStore(storeFile);
     sman.LoadKeyFromFile(keyFile);
     return sman.TryGetValue(key, out string value);
 }