cli

package
v0.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 31, 2025 License: Apache-2.0 Imports: 26 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ExitSuccess             = output.ExitSuccess
	ExitGeneralError        = output.ExitGeneralError
	ExitConfigError         = output.ExitConfigError
	ExitVaultError          = output.ExitVaultError
	ExitGPGError            = output.ExitGPGError
	ExitAuthError           = output.ExitAuthError
	ExitValidationError     = output.ExitValidationError
	ExitFingerprintRequired = output.ExitFingerprintRequired
	ExitAccessDenied        = output.ExitAccessDenied
	ExitAlgorithmNotAllowed = output.ExitAlgorithmNotAllowed
)

Exit code constants - aliases to output package.

Variables

View Source 
var ErrUserCancelled = errors.New("cancelled by user")

ErrUserCancelled is returned when the user cancels an interactive prompt (Ctrl-C or Escape)

Functions

func ComputeHash 

func ComputeHash(data []byte, algorithmBits int) string

ComputeHash computes a cryptographic hash of the data based on the algorithm bits Uses SHA-512 for keys >= 256 bits (RSA 4096, ECC P-521), SHA-256 for smaller keys

func ComputeIdentityHash 

func ComputeIdentityHash(identity *vault.Identity) string

ComputeIdentityHash computes the canonical hash for an identity

func ExitWithError 

func ExitWithError(err error)

ExitWithError exits the program with the given error.

func PrintHelp 

func PrintHelp(w io.Writer)

PrintHelp prints the help message

func PrintSuccess 

func PrintSuccess(w io.Writer, message string)

PrintSuccess prints a success message to stdout.

func PrintVersion 

func PrintVersion(w io.Writer, version, commit, date string)

PrintVersion prints the version information

func PrintWarning 

func PrintWarning(w io.Writer, message string)

PrintWarning prints a warning to stderr.

func ResolveConfigPath 

func ResolveConfigPath(configPath string, silent bool, stderr io.Writer) string

ResolveConfigPath returns the effective config path considering: 1. Explicit configPath argument (highest priority, e.g. -c flag) 2. /etc/dotsecenv/config (if SUID mode) 3. DOTSECENV_CONFIG env var (if not SUID mode) 4. XDG default path If configPath is specified and DOTSECENV_CONFIG is set, prints a warning to stderr (unless silent).

Types

type CLI 

type CLI struct {
	Silent bool
	Strict bool // Strict mode: certain warnings become errors
	// contains filtered or unexported fields
}

CLI represents the command-line interface

func NewCLI 

func NewCLI(vaultPaths []string, configPath string, silent bool, strict bool, stdin io.Reader, stdout, stderr io.Writer) (*CLI, error)

func (*CLI) Close 

func (c *CLI) Close() error

Close closes the vault and releases locks

func (*CLI) IdentityAdd 

func (c *CLI) IdentityAdd(fingerprint string, all bool) *Error

IdentityAdd adds an identity to the vault

func (*CLI) IdentityList 

func (c *CLI) IdentityList(jsonOutput bool) *Error

IdentityList lists all identities in all vaults

func (*CLI) Login 

func (c *CLI) Login(fingerprint string) *Error

Login initializes the user's identity in the vault

func (*CLI) Output 

func (c *CLI) Output() *output.Handler

Output returns the unified output handler for this CLI instance.

func (*CLI) SecretGet 

func (c *CLI) SecretGet(secretKey string, all bool, last bool, jsonOutput bool, vaultPath string, fromIndex int) *Error

SecretGet retrieves a secret from the vault. If c.Strict is true (from config), only returns a value if the user has access to the LATEST value of the secret.

func (*CLI) SecretPut 

func (c *CLI) SecretPut(secretKeyArg, vaultPath string, fromIndex int) *Error

SecretPut stores a secret in the vault

func (*CLI) SecretRevoke 

func (c *CLI) SecretRevoke(secretKey, targetFingerprint string, vaultIndex int) *Error

SecretRevoke re-encrypts a secret without the specified fingerprint, effectively revoking their access. If the secret is shared with the fingerprint, it re-encrypts with every other public key except the one corresponding to the fingerprint, updates available_to, regenerates the hash, and signs it.

func (*CLI) SecretRevokeAll 

func (c *CLI) SecretRevokeAll(secretKey, targetFingerprint string) *Error

SecretRevokeAll revokes access to a secret from a fingerprint across all vaults.

func (*CLI) SecretShare 

func (c *CLI) SecretShare(secretKey, targetFingerprint string, vaultIndex int) *Error

SecretShare shares a secret with another identity

func (*CLI) SecretShareAll 

func (c *CLI) SecretShareAll(secretKey, targetFingerprint string) *Error

SecretShareAll shares a secret with a fingerprint across all vaults where the secret exists.

func (*CLI) SetJSONMode 

func (c *CLI) SetJSONMode(enabled bool)

SetJSONMode enables or disables JSON output mode for the current command. This creates a new handler with fresh warning collection.

func (*CLI) Validate 

func (c *CLI) Validate(fix bool) *Error

Validate validates the configuration and vault files

func (*CLI) VaultDefrag 

func (c *CLI) VaultDefrag(dryRun bool, jsonOutput bool, skipConfirm bool, vaultPath string, fromIndex int) *Error

VaultDefrag shows fragmentation stats or performs defragmentation on a single vault

func (*CLI) VaultList 

func (c *CLI) VaultList(jsonOutput bool) *Error

VaultList lists all vaults and their keys

func (*CLI) Warnf 

func (c *CLI) Warnf(format string, args ...interface{})

Warnf prints a warning message to stderr unless silent mode is enabled. Deprecated: For new code, use c.Output().Warnf() with a structured code.

type DefragStatsJSON 

type DefragStatsJSON struct {
	Vault              string  `json:"vault"`
	TotalEntries       int     `json:"total_entries"`
	TotalLines         int     `json:"total_lines"`
	FragmentationRatio float64 `json:"fragmentation_ratio"`
	RecommendDefrag    bool    `json:"recommend_defrag"`
	Reason             string  `json:"reason"`
	Defragmented       bool    `json:"defragmented,omitempty"`
}

DefragStatsJSON is the JSON output structure for defrag stats

type Error 

type Error struct {
	Message  string
	ExitCode ExitCode
}

Error represents a CLI error with an exit code. Kept for backward compatibility; new code should use output.Error.

func HandleInteractiveSelection 

func HandleInteractiveSelection(options []string, prompt string, stderr io.Writer) (int, *Error)

HandleInteractiveSelection prompts the user to select from options and handles cancellation uniformly. It opens /dev/tty directly for input, allowing interactive selection even when stdin is piped. Returns the selected index and nil on success, or writes "Cancelled." to stderr and returns an error on cancellation.

func InitConfig 

func InitConfig(configPath string, initialVaults []string, gpgProgram string, noGPGProgram bool, stdout, stderr io.Writer) *Error

InitConfig initializes a configuration file with FIPS-compliant defaults. gpgProgram: if non-empty, use this value for gpg.program (without validation) noGPGProgram: if true, skip GPG detection entirely and leave gpg.program empty

func InitVaultFile 

func InitVaultFile(vaultPath string, stdout, stderr io.Writer) *Error

InitVaultFile initializes a specific vault file

func InitVaultInteractiveStandalone 

func InitVaultInteractiveStandalone(configPath string, stdout, stderr io.Writer) *Error

InitVaultInteractiveStandalone allows user to select a vault from config to initialize This runs without requiring the vaults to be openable (since they might not exist yet)

func NewError 

func NewError(message string, code ExitCode) *Error

NewError creates a new CLI error. For new code, prefer output.NewError with a structured code.

func PromptConfirm 

func PromptConfirm(prompt string, stderr io.Writer) (bool, *Error)

PromptConfirm asks the user for a y/n confirmation. Returns true if confirmed, false if declined, or an error on cancellation. Opens /dev/tty directly to work even when stdin is piped.

func (*Error) Error 

func (e *Error) Error() string

Error implements the error interface.

type ExitCode 

type ExitCode = output.ExitCode

ExitCode represents the exit code for an error. This is an alias to the output package for backward compatibility.

func PrintError 

func PrintError(w io.Writer, err error) ExitCode

PrintError prints an error to stderr and returns the exit code. Handles both legacy Error and output.Error types.

type IdentityInfoJSON 

type IdentityInfoJSON struct {
	Algorithm     string     `json:"algorithm"`
	AlgorithmBits int        `json:"algorithm_bits"`
	Curve         string     `json:"curve,omitempty"`
	CreatedAt     time.Time  `json:"created_at"`
	ExpiresAt     *time.Time `json:"expires_at,omitempty"`
	Fingerprint   string     `json:"fingerprint"`
	UID           string     `json:"uid"`
}

IdentityInfoJSON is the JSON output structure for identity info

type IdentityListJSON 

type IdentityListJSON struct {
	Vault      string             `json:"vault"`
	Identities []IdentityInfoJSON `json:"identities"`
}

IdentityListJSON is the JSON output structure for identity list

type SecretValueJSON 

type SecretValueJSON struct {
	AddedAt time.Time `json:"added_at"`
	Value   string    `json:"value"`
	Vault   string    `json:"vault,omitempty"`
}

SecretValueJSON is the JSON output structure for secret values

type ValidationError 

type ValidationError struct {
	Level   string // "GLOBAL", "IDENTITY", "SECRET", "STRUCTURE"
	Message string
	Path    string // For errors in specific items
}

ValidationError represents a validation error with context

type VaultListJSON 

type VaultListJSON struct {
	Position int      `json:"position"`
	Vault    string   `json:"vault"`
	Secrets  []string `json:"secrets"`
}

VaultListJSON is the JSON output structure for vault list

type VaultResolver 

type VaultResolver interface {
	GetIdentityByFingerprint(fingerprint string) *vault.Identity
	AddSecret(secret vault.Secret, index int) error
	SaveAll() error
	GetSecretFromAnyVault(key string, stderr io.Writer) (*vault.SecretValue, error)
	GetAccessibleSecretFromAnyVault(key, fingerprint string, strict bool) (*vault.SecretValue, error)
	GetSecretByKeyFromVault(index int, key string) *vault.Secret
	FindSecretVaultIndex(key string) int
	GetVaultManager(index int) *vault.Manager
	AddIdentity(identity vault.Identity, index int) error
	GetConfig() vault.VaultConfig
	GetVaultPaths() []string
	IsPathInConfig(path string) bool
	IdentityExistsInVault(fingerprint string, index int) bool
	SaveVault(index int) error
	CloseAll() error
	GetLoadError(index int) error
	GetSecret(index int, key string) (*vault.SecretValue, error)
	OpenVaultsFromPaths(paths []string, stderr io.Writer) error
	OpenVaults(stderr io.Writer) error
	VaultCount() int
}

VaultResolver defines the interface for vault operations required by the CLI

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.