private static void ConfigureOfflineOperationCommand()
{
_app.Command("offline-operation", cmd =>
{
const string systemDirArgText = "[RavenDB system directory]";
const string systemDirArgDescText = "RavenDB system directory";
cmd.Description = "Performs an offline operation on the RavenDB Server.";
cmd.HelpOption(HelpOptionString);
cmd.Command("init-keys", subcmd =>
{
subcmd.ExtendedHelpText = subcmd.Description = "Initialize keys";
subcmd.HelpOption(HelpOptionString);
subcmd.OnExecute(() =>
{
OfflineOperations.InitKeys();
return(0);
});
});
cmd.Command("get-key", subcmd =>
{
subcmd.Description = "Exports unprotected server store encryption key";
subcmd.ExtendedHelpText =
"\r\nExports unprotected server store encryption key. This key will allow decryption of the server store and must be secured. This is REQUIRED when restoring backups from an encrypted server store.";
subcmd.HelpOption(HelpOptionString);
subcmd.Argument(systemDirArgText, systemDirArgDescText, systemDir =>
{
subcmd.OnExecute(() =>
{
return(PerformOfflineOperation(
() => OfflineOperations.GetKey(systemDir.Value), systemDir, subcmd));
});
});
});
cmd.Command("put-key", subcmd =>
{
subcmd.Description = @"Restores and protects the key for current OS user";
subcmd.HelpOption(HelpOptionString);
subcmd.Argument(systemDirArgText, systemDirArgDescText, systemDir =>
{
subcmd.OnExecute(() =>
{
return(PerformOfflineOperation(
() => OfflineOperations.PutKey(systemDir.Value), systemDir, subcmd));
});
});
subcmd.ExtendedHelpText =
"\r\nRestores the encryption key on the new machine and protects it for the current OS user. This is typically used as part of the restore process of an encrypted server store on a new machine";
});
cmd.Command("trust", subcmd =>
{
subcmd.Description = string.Empty;
subcmd.HelpOption(HelpOptionString);
var keyArg = subcmd.Argument("[key]", "key");
var tagArg = subcmd.Argument("[tag]", "tag");
subcmd.OnExecute(() =>
{
if (subcmd.Arguments.Count == 2)
{
OfflineOperations.Trust(keyArg.Value, tagArg.Value);
}
else
{
return(ExitWithError("Key and tag arguments are mandatory.", subcmd));
}
return(0);
});
});
cmd.Command("encrypt", subcmd =>
{
subcmd.Description = "Encrypts RavenDB files and saves the key to the same directory";
subcmd.ExtendedHelpText = $"\r\nEncrypts RavenDB files and saves the key to a given directory. This key file (secret.key.encrypted) is protected for the current OS user. Once encrypted, The server will only work for the current OS user. It is recommended that you do that as part of the initial setup of the server, before it is running. Encrypted server store can only talk to other encrypted server stores, and only over SSL.\r\n{ EncryptionCommandsNote }";
subcmd.HelpOption(HelpOptionString);
subcmd.Argument(systemDirArgText, systemDirArgDescText, systemDir =>
{
subcmd.OnExecute(() =>
{
return(PerformOfflineOperation(
() => OfflineOperations.Encrypt(systemDir.Value), systemDir, subcmd));
});
});
});
cmd.Command("decrypt", subcmd =>
{
subcmd.ExtendedHelpText = $"\r\nDecrypts RavenDB files in a given directory using the key inserted earlier using the put-key command.\r\n{ EncryptionCommandsNote }";
subcmd.HelpOption(HelpOptionString);
subcmd.Description = "Decrypts RavenDB files";
subcmd.Argument(systemDirArgText, systemDirArgDescText, systemDir =>
{
subcmd.OnExecute(() =>
{
return(PerformOfflineOperation(
() => OfflineOperations.Decrypt(systemDir.Value), systemDir, subcmd));
});
});
});
});
}
private static void ConfigureOfflineOperationCommand()
{
_app.Command("offline-operation", cmd =>
{
const string systemDirArgText = "[RavenDB system directory]";
const string systemDirArgDescText = "RavenDB system directory";
cmd.Description = "Performs an offline operation on the RavenDB Server.";
cmd.HelpOption(HelpOptionString);
cmd.Command("init-keys", subcmd =>
{
subcmd.ExtendedHelpText = subcmd.Description = "Initializes keys";
subcmd.HelpOption(HelpOptionString);
subcmd.OnExecute(() =>
{
var result = OfflineOperations.InitKeys();
Console.WriteLine(result);
return(0);
});
});
cmd.Command("get-key", subcmd =>
{
subcmd.Description = "Exports unprotected server store encryption key";
subcmd.ExtendedHelpText = Environment.NewLine + "Exports the unprotected server store encryption key. " +
"This key will allow decryption of the server store and must be kept safely. " +
"This is REQUIRED when restoring backups from an encrypted server store.";
subcmd.HelpOption(HelpOptionString);
subcmd.Argument(systemDirArgText, systemDirArgDescText, systemDir =>
{
subcmd.OnExecute(() =>
{
return(PerformOfflineOperation(
() => OfflineOperations.GetKey(systemDir.Value), systemDir, subcmd));
});
});
});
cmd.Command("put-key", subcmd =>
{
subcmd.Description = @"Restores and protects the key for current OS user";
subcmd.HelpOption(HelpOptionString);
subcmd.Argument(systemDirArgText, systemDirArgDescText, args =>
{
subcmd.OnExecute(() =>
{
if (args.Values.Count != 2)
{
return(ExitWithError("Usage: ./rvn offline-operation put-key <path-to-system-dir> <key>", cmd));
}
return(PerformOfflineOperation(
() => OfflineOperations.PutKey(args.Values[0], args.Values[1]), args, subcmd));
});
}, multipleValues: true);
subcmd.ExtendedHelpText = Environment.NewLine + "Restores the encryption key on a new machine and protects it for the current OS user or the current Master Key (whichever method was chosen to protect secrets). " +
"This is typically used as part of the restore process of an encrypted server store on a new machine";
});
cmd.Command("trust", subcmd =>
{
subcmd.Description = string.Empty;
subcmd.HelpOption(HelpOptionString);
var keyArg = subcmd.Argument("Key", "The key");
var tagArg = subcmd.Argument("Tag", "The tag");
subcmd.OnExecute(() =>
{
if (subcmd.Arguments.Count == 2)
{
OfflineOperations.Trust(keyArg.Value, tagArg.Value);
}
else
{
return(ExitWithError("Key and tag arguments are mandatory.", subcmd));
}
return(0);
});
});
cmd.Command("encrypt", subcmd =>
{
subcmd.Description = "Encrypts RavenDB files and saves the key to the same directory";
subcmd.ExtendedHelpText = Environment.NewLine + "Encrypts RavenDB files and saves the key to a given directory. " +
"Once encrypted, the server will only work for the current OS user or the current Master Key (whichever method was chosen to protect secrets)" +
"It is recommended to do this at the very start, as part of the initial cluster setup, right after the server was launched for the first time." +
"Encrypted server stores can only talk to other encrypted server stores, and only over SSL." +
Environment.NewLine + EncryptionCommandsNote;
subcmd.HelpOption(HelpOptionString);
subcmd.Argument(systemDirArgText, systemDirArgDescText, systemDir =>
{
subcmd.OnExecute(() =>
{
return(PerformOfflineOperation(
() => OfflineOperations.Encrypt(systemDir.Value), systemDir, subcmd));
});
});
});
cmd.Command("decrypt", subcmd =>
{
subcmd.ExtendedHelpText = Environment.NewLine + "Decrypts RavenDB files in a given directory using the key inserted earlier using the put-key command." +
Environment.NewLine + EncryptionCommandsNote;
subcmd.HelpOption(HelpOptionString);
subcmd.Description = "Decrypts RavenDB files";
subcmd.Argument(systemDirArgText, systemDirArgDescText, systemDir =>
{
subcmd.OnExecute(() =>
{
return(PerformOfflineOperation(
() => OfflineOperations.Decrypt(systemDir.Value), systemDir, subcmd));
});
});
});
cmd.OnExecute(() =>
{
cmd.ShowHelp();
return(1);
});
});
}
