Get encrypt / decrypt working on the CLI

theandrew168 · theandrew168 · commit 7b7fc16059f2 · 2021-09-21T20:44:35.000-05:00
diff --git a/cmd/cli/main.go b/cmd/cli/main.go
@@ -10,6 +10,7 @@ import (
 	"strings"
 
 	"github.com/theandrew168/pg2s3"
+	"golang.org/x/term"
 )
 
 // TODO: move env var names to package constants?
@@ -33,8 +34,6 @@ func main() {
 		log.Fatalln(err)
 	}
 
-	publicKey := os.Getenv("PG2S3_AGE_PUBLIC_KEY")
-
 	usage := "usage: pg2s3 backup|restore|prune"
 	if len(os.Args) < 2 {
 		log.Fatalln(usage)
@@ -52,7 +51,7 @@ func main() {
 			log.Fatalln(err)
 		}
 	case "restore":
-		err = restore(client, publicKey)
+		err = restore(client)
 		if err != nil {
 			log.Fatalln(err)
 		}
@@ -92,6 +91,8 @@ func confirm(message string) bool {
 }
 
 func backup(client *pg2s3.Client, prefix string) error {
+	publicKey := os.Getenv("PG2S3_AGE_PUBLIC_KEY")
+
 	// generate name for backup
 	name, err := pg2s3.GenerateBackupName(prefix)
 	if err != nil {
@@ -108,6 +109,18 @@ func backup(client *pg2s3.Client, prefix string) error {
 	}
 	defer os.Remove(path)
 
+	// encrypt backup (if applicable)
+	if publicKey != "" {
+		agePath := path + ".age"
+		err := client.EncryptBackup(agePath, path, publicKey)
+		if err != nil {
+			return err
+		}
+
+		name = name + ".age"
+		path = agePath
+	}
+
 	// upload backup
 	err = client.UploadBackup(name, path)
 	if err != nil {
@@ -118,7 +131,9 @@ func backup(client *pg2s3.Client, prefix string) error {
 	return nil
 }
 
-func restore(client *pg2s3.Client, publicKey string) error {
+func restore(client *pg2s3.Client) error {
+	publicKey := os.Getenv("PG2S3_AGE_PUBLIC_KEY")
+
 	// list all backups
 	backups, err := client.ListBackups()
 	if err != nil {
@@ -142,6 +157,24 @@ func restore(client *pg2s3.Client, publicKey string) error {
 	}
 	defer os.Remove(path)
 
+	// decrypt backup (if applicable)
+	if publicKey != "" {
+		fmt.Println("enter age private key:")
+		input, err := term.ReadPassword(int(os.Stdin.Fd()))
+		if err != nil {
+			return err
+		}
+
+		privateKey := string(input)
+
+		agePath := path
+		path = strings.TrimSuffix(path, ".age")
+		err = client.DecryptBackup(path, agePath, privateKey)
+		if err != nil {
+			return err
+		}
+	}
+
 	// confirm restore before applying
 	message := fmt.Sprintf("restore %s", latest)
 	if !confirm(message) {
diff --git a/go.mod b/go.mod
@@ -5,6 +5,7 @@ go 1.17
 require (
 	filippo.io/age v1.0.0
 	github.com/minio/minio-go/v7 v7.0.14
+	golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b
 )
 
 require (
diff --git a/go.sum b/go.sum
@@ -71,6 +71,7 @@ golang.org/x/sys v0.0.0-20210903071746-97244b99971b h1:3Dq0eVHn0uaQJmPO+/aYPI/fR
 golang.org/x/sys v0.0.0-20210903071746-97244b99971b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b h1:9zKuko04nR4gjZ4+DNjHqRlAJqbJETHwiNKDqTfOjfE=
 golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@ go 1.17`
`5`	`5`	`require (`
`6`	`6`	`filippo.io/age v1.0.0`
`7`	`7`	`github.com/minio/minio-go/v7 v7.0.14`
	`8`	`+ golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b`
`8`	`9`	`)`
`9`	`10`
`10`	`11`	`require (`