feat: add encryption to the cli (#11)

Co-authored-by: s1ntaxe770r <[email protected]>

.gitignore

@@ -1,4 +1,2 @@
 cmd/qernal
 cmd/.env
-
-

commands/auth/init.go

@@ -134,7 +134,6 @@ func validatePermissions(filePath string) error {
 }
 
 func ValidateToken(token string) error {
-
 	pattern := `^([^@]+)@([^@]+)$`
 
 	re := regexp.MustCompile(pattern)

go.mod

@@ -6,6 +6,7 @@ require (
 	github.com/charmbracelet/bubbles v0.18.0
 	github.com/charmbracelet/bubbletea v0.26.2
 	github.com/charmbracelet/lipgloss v0.10.0
+	github.com/hashicorp/terraform-plugin-log v0.9.0
 	github.com/joho/godotenv v1.5.1
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/qernal/openapi-chaos-go-client v0.0.0-20240529170325-1ff65532bd69

go.sum

@@ -64,6 +64,8 @@ github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdU
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/qernal/openapi-chaos-go-client v0.0.0-20240520132343-bbcbd803cb7c h1:N1Il9iDUoj3eo33TkeDnigONV6vq7MBenup7Ms3MOCk=
+github.com/qernal/openapi-chaos-go-client v0.0.0-20240520132343-bbcbd803cb7c/go.mod h1:V03TW7A8DLMBBZz1RGvIWog7Hfla2uPbNBIcMhg8bX8=
 github.com/qernal/openapi-chaos-go-client v0.0.0-20240529170325-1ff65532bd69 h1:URKCFmsKxioF/TPJHqMuhnitp05h0jLeiRvb7OP7MwA=
 github.com/qernal/openapi-chaos-go-client v0.0.0-20240529170325-1ff65532bd69/go.mod h1:V03TW7A8DLMBBZz1RGvIWog7Hfla2uPbNBIcMhg8bX8=
 github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=

pkg/client/client.go

@@ -19,8 +19,8 @@ import (
 )
 
 var (
-	hostHydra = getEnv("HOST_HYDRA", "https://hydra.qernal.com")
-	hostChaos = getEnv("HOST_CHAOS", "https://chaos.qernal.com")
+	hostHydra = getEnv("HOST_HYDRA", "https://hydra.qernal.dev")
+	hostChaos = getEnv("HOST_CHAOS", "https://chaos.qernal.dev")
 )
 
 type QernalAPIClient struct {
@@ -69,6 +69,7 @@ func (qc *QernalAPIClient) FetchDek(ctx context.Context, projectID string) (*ope
 	}
 	return keyRes, nil
 }
+
 func ParseResponseData(res *http.Response) (resData interface{}, err error) {
 	body, err := io.ReadAll(res.Body)
 	if err != nil {
@@ -87,28 +88,22 @@ type ResponseData struct {
 }
 
 func EncryptLocalSecret(pk, secret string) (string, error) {
-	secretBytes := []byte(secret)
 	pubKey, err := base64.StdEncoding.DecodeString(pk)
 	if err != nil {
 		return "", err
 	}
 
-	// Create a slice with enough capacity for both secret and public key
-	privateKey := make([]byte, 0, len(secretBytes)+len(pubKey))
-	privateKey = append(privateKey, secretBytes...)
-	privateKey = append(privateKey, pubKey...)
-	plaintextBytes := []byte(secret)
+	var pubKeyBytes [32]byte
+	copy(pubKeyBytes[:], pubKey)
 
-	var privateKeyArray [32]byte
-	copy(privateKeyArray[:], privateKey)
+	secretBytes := []byte(secret)
 
-	var nonce [24]byte
-	if _, err := io.ReadFull(rand.Reader, nonce[:]); err != nil {
+	var out []byte
+	encrypted, err := box.SealAnonymous(out, secretBytes, &pubKeyBytes, rand.Reader)
+	if err != nil {
 		return "", err
 	}
 
-	encrypted := box.Seal(nonce[:], plaintextBytes, &nonce, &privateKeyArray, new([32]byte))
-
 	return base64.StdEncoding.EncodeToString(encrypted), nil
 }