66 lines
1.8 KiB
Python
66 lines
1.8 KiB
Python
"""Encryption commands for env-pro."""
|
|
|
|
import click
|
|
|
|
|
|
@click.command()
|
|
def generate():
|
|
"""Generate a new encryption key."""
|
|
from env_pro.core.encryption import generate_key, store_key_in_keyring
|
|
|
|
key = generate_key()
|
|
store_key_in_keyring(key)
|
|
click.echo("Generated new encryption key and stored in keyring")
|
|
click.echo("Keep this key safe - it's stored in your system keyring")
|
|
|
|
|
|
@click.command()
|
|
def rotate():
|
|
"""Rotate (regenerate) the encryption key."""
|
|
from env_pro.core.encryption import (
|
|
generate_key, store_key_in_keyring,
|
|
get_key_from_keyring, encrypt_value
|
|
)
|
|
from env_pro.core.profile import get_active_profile, get_profile_vars, set_profile_var
|
|
|
|
old_key = get_key_from_keyring()
|
|
if old_key is None:
|
|
click.echo("No existing key found. Generating new key.")
|
|
generate()
|
|
return
|
|
|
|
new_key = generate_key()
|
|
store_key_in_keyring(new_key)
|
|
|
|
profile = get_active_profile() or "default"
|
|
vars = get_profile_vars(profile)
|
|
|
|
reencrypted = 0
|
|
for key_name, value in vars.items():
|
|
try:
|
|
decrypted = decrypt_value(value, old_key)
|
|
encrypted = encrypt_value(decrypted, new_key)
|
|
set_profile_var(profile, key_name, encrypted)
|
|
reencrypted += 1
|
|
except Exception:
|
|
pass
|
|
|
|
click.echo(f"Generated new key and re-encrypted {reencrypted} values")
|
|
|
|
|
|
@click.command()
|
|
def show():
|
|
"""Show key status."""
|
|
from env_pro.core.encryption import get_key_from_keyring
|
|
|
|
key = get_key_from_keyring()
|
|
if key:
|
|
click.echo("Encryption key is set and stored in keyring")
|
|
else:
|
|
click.echo("No encryption key found. Run 'env-pro key generate' to create one.")
|
|
|
|
|
|
def decrypt_value(value, key):
|
|
from env_pro.core.encryption import decrypt_value as _decrypt
|
|
return _decrypt(value, key)
|