-
-
Notifications
You must be signed in to change notification settings - Fork 9.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
8c8f623
commit 02b5d74
Showing
27 changed files
with
951 additions
and
272 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
72 changes: 37 additions & 35 deletions
72
src/Symfony/Bundle/FrameworkBundle/Command/SecretsAddCommand.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,68 +1,70 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the Symfony package. | ||
* | ||
* (c) Fabien Potencier <fabien@symfony.com> | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
namespace Symfony\Bundle\FrameworkBundle\Command; | ||
|
||
use Symfony\Bundle\FrameworkBundle\Secret\SecretStorageInterface; | ||
use Symfony\Bundle\FrameworkBundle\Exception\EncryptionKeyNotFoundException; | ||
use Symfony\Bundle\FrameworkBundle\Secret\Storage\MutableSecretStorageInterface; | ||
use Symfony\Component\Console\Command\Command; | ||
use Symfony\Component\Console\Helper\QuestionHelper; | ||
use Symfony\Component\Console\Input\InputArgument; | ||
use Symfony\Component\Console\Input\InputInterface; | ||
use Symfony\Component\Console\Output\OutputInterface; | ||
use Symfony\Component\Console\Question\Question; | ||
use Symfony\Component\Console\Style\SymfonyStyle; | ||
|
||
/** | ||
* @author Tobias Schultze <http://tobion.de> | ||
* @author Jérémy Derussé <jeremy@derusse.com> | ||
*/ | ||
final class SecretsAddCommand extends Command | ||
{ | ||
protected static $defaultName = 'secrets:add'; | ||
|
||
/** | ||
* @var SecretStorageInterface | ||
*/ | ||
private $secretStorage; | ||
private $secretsStorage; | ||
|
||
public function __construct(SecretStorageInterface $secretStorage) | ||
public function __construct(MutableSecretStorageInterface $secretsStorage) | ||
{ | ||
$this->secretStorage = $secretStorage; | ||
$this->secretsStorage = $secretsStorage; | ||
|
||
parent::__construct(); | ||
} | ||
|
||
protected function configure() | ||
{ | ||
$this | ||
->setDescription('Adds a secret with the key.') | ||
->addArgument( | ||
'key', | ||
InputArgument::REQUIRED | ||
) | ||
->addArgument( | ||
'secret', | ||
InputArgument::REQUIRED | ||
->setDefinition([ | ||
new InputArgument('name', InputArgument::REQUIRED, 'The name of the secret'), | ||
]) | ||
->setDescription('Adds a secret in the storage.') | ||
->setHelp(<<<'EOF' | ||
The <info>%command.name%</info> command stores a secret. | ||
%command.full_name% <name> | ||
EOF | ||
) | ||
; | ||
} | ||
|
||
protected function execute(InputInterface $input, OutputInterface $output) | ||
{ | ||
$key = $input->getArgument('key'); | ||
$secret = $input->getArgument('secret'); | ||
|
||
$this->secretStorage->putSecret($key, $secret); | ||
} | ||
|
||
protected function interact(InputInterface $input, OutputInterface $output) | ||
{ | ||
/** @var QuestionHelper $helper */ | ||
$helper = $this->getHelper('question'); | ||
|
||
$question = new Question('Key of the secret: ', $input->getArgument('key')); | ||
$io = new SymfonyStyle($input, $output); | ||
|
||
$key = $helper->ask($input, $output, $question); | ||
$input->setArgument('key', $key); | ||
$name = $input->getArgument('name'); | ||
$secret = $io->askHidden('Value of the secret'); | ||
|
||
$question = new Question('Plaintext secret value: ', $input->getArgument('secret')); | ||
$question->setHidden(true); | ||
try { | ||
$this->secretsStorage->setSecret($name, $secret); | ||
} catch (EncryptionKeyNotFoundException $e) { | ||
throw new \LogicException(sprintf('No encryption keys found. You should call the "%s" command.', SecretsGenerateKeyCommand::getDefaultName())); | ||
} | ||
|
||
$secret = $helper->ask($input, $output, $question); | ||
$input->setArgument('secret', $secret); | ||
$io->success('Secret was successfully stored.'); | ||
} | ||
} |
77 changes: 73 additions & 4 deletions
77
src/Symfony/Bundle/FrameworkBundle/Command/SecretsGenerateKeyCommand.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,28 +1,97 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the Symfony package. | ||
* | ||
* (c) Fabien Potencier <fabien@symfony.com> | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
namespace Symfony\Bundle\FrameworkBundle\Command; | ||
|
||
use Symfony\Bundle\FrameworkBundle\Exception\EncryptionKeyNotFoundException; | ||
use Symfony\Bundle\FrameworkBundle\Secret\Encoder\EncoderInterface; | ||
use Symfony\Bundle\FrameworkBundle\Secret\Storage\MutableSecretStorageInterface; | ||
use Symfony\Component\Console\Command\Command; | ||
use Symfony\Component\Console\Input\InputInterface; | ||
use Symfony\Component\Console\Input\InputOption; | ||
use Symfony\Component\Console\Output\OutputInterface; | ||
use Symfony\Component\Console\Style\SymfonyStyle; | ||
|
||
/** | ||
* @author Tobias Schultze <http://tobion.de> | ||
* @author Jérémy Derussé <jeremy@derusse.com> | ||
*/ | ||
final class SecretsGenerateKeyCommand extends Command | ||
{ | ||
protected static $defaultName = 'secrets:generate-key'; | ||
private $secretsStorage; | ||
private $encoder; | ||
|
||
public function __construct(EncoderInterface $encoder, MutableSecretStorageInterface $secretsStorage) | ||
{ | ||
$this->secretsStorage = $secretsStorage; | ||
$this->encoder = $encoder; | ||
parent::__construct(); | ||
} | ||
|
||
protected function configure() | ||
{ | ||
$this | ||
->setDescription('Prints a randomly generated encryption key.') | ||
->setDefinition([ | ||
new InputOption('rekey', 'r', InputOption::VALUE_NONE, 'Re-encrypt previous secret with the new key.'), | ||
]) | ||
->setDescription('Generates a new encryption key.') | ||
->setHelp(<<<'EOF' | ||
The <info>%command.name%</info> command generates a new encryption key. | ||
%command.full_name% | ||
If a previous encryption key already exists, the command must be called with | ||
the <info>--rekey</info> option in order to override that key and re-encrypt | ||
previous secrets. | ||
%command.full_name% --rekey | ||
EOF | ||
) | ||
; | ||
} | ||
|
||
protected function execute(InputInterface $input, OutputInterface $output) | ||
{ | ||
$encryptionKey = sodium_crypto_stream_keygen(); | ||
$rekey = $input->getOption('rekey'); | ||
|
||
$previousSecrets = []; | ||
try { | ||
foreach ($this->secretsStorage->listSecrets(true) as $name => $decryptedSecret) { | ||
$previousSecrets[$name] = $decryptedSecret; | ||
} | ||
} catch (EncryptionKeyNotFoundException $e) { | ||
if (!$rekey) { | ||
throw $e; | ||
} | ||
} | ||
|
||
$output->write($encryptionKey, false, OutputInterface::OUTPUT_RAW); | ||
$keys = $this->encoder->generateKeys($rekey); | ||
foreach ($previousSecrets as $name => $decryptedSecret) { | ||
$this->secretsStorage->setSecret($name, $decryptedSecret); | ||
} | ||
|
||
sodium_memzero($encryptionKey); | ||
$io = new SymfonyStyle($input, $output); | ||
switch (\count($keys)) { | ||
case 0: | ||
$io->success('Keys have been generated.'); | ||
break; | ||
case 1: | ||
$io->success(sprintf('A key has been generated in "%s".', $keys[0])); | ||
$io->caution('DO NOT COMMIT that file!'); | ||
break; | ||
default: | ||
$io->success(sprintf("Keys have been generated in :\n -%s", implode("\n -", $keys))); | ||
$io->caution('DO NOT COMMIT those files!'); | ||
break; | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
61 changes: 61 additions & 0 deletions
61
src/Symfony/Bundle/FrameworkBundle/Command/SecretsRemoveCommand.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the Symfony package. | ||
* | ||
* (c) Fabien Potencier <fabien@symfony.com> | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
namespace Symfony\Bundle\FrameworkBundle\Command; | ||
|
||
use Symfony\Bundle\FrameworkBundle\Secret\Storage\MutableSecretStorageInterface; | ||
use Symfony\Component\Console\Command\Command; | ||
use Symfony\Component\Console\Input\InputArgument; | ||
use Symfony\Component\Console\Input\InputInterface; | ||
use Symfony\Component\Console\Output\OutputInterface; | ||
use Symfony\Component\Console\Style\SymfonyStyle; | ||
|
||
/** | ||
* @author Jérémy Derussé <jeremy@derusse.com> | ||
*/ | ||
final class SecretsRemoveCommand extends Command | ||
{ | ||
protected static $defaultName = 'secrets:remove'; | ||
|
||
private $secretsStorage; | ||
|
||
public function __construct(MutableSecretStorageInterface $secretsStorage) | ||
{ | ||
$this->secretsStorage = $secretsStorage; | ||
|
||
parent::__construct(); | ||
} | ||
|
||
protected function configure() | ||
{ | ||
$this | ||
->setDefinition([ | ||
new InputArgument('name', InputArgument::REQUIRED, 'The name of the secret'), | ||
]) | ||
->setDescription('Removes a secret from the storage.') | ||
->setHelp(<<<'EOF' | ||
The <info>%command.name%</info> command remove a secret. | ||
%command.full_name% <name> | ||
EOF | ||
) | ||
; | ||
} | ||
|
||
protected function execute(InputInterface $input, OutputInterface $output) | ||
{ | ||
$io = new SymfonyStyle($input, $output); | ||
|
||
$this->secretsStorage->removeSecret($input->getArgument('name')); | ||
|
||
$io->success('Secret was successfully removed.'); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.