aboutsummaryrefslogtreecommitdiffstats
path: root/cmd/clef/main.go
diff options
context:
space:
mode:
authorJohns Beharry <johns@peakshift.com>2018-10-26 03:45:56 +0800
committerMartin Holst Swende <martin@swende.se>2018-10-26 03:45:56 +0800
commit80d390776742a2a3cfc2f3041fd01ffe82f43d23 (patch)
treef0e4b1231e4c0a24199972b89b8a166927c8a7a9 /cmd/clef/main.go
parent68109336405a36e3c3fdcab6a87e8bc024a44a49 (diff)
downloaddexon-80d390776742a2a3cfc2f3041fd01ffe82f43d23.tar
dexon-80d390776742a2a3cfc2f3041fd01ffe82f43d23.tar.gz
dexon-80d390776742a2a3cfc2f3041fd01ffe82f43d23.tar.bz2
dexon-80d390776742a2a3cfc2f3041fd01ffe82f43d23.tar.lz
dexon-80d390776742a2a3cfc2f3041fd01ffe82f43d23.tar.xz
dexon-80d390776742a2a3cfc2f3041fd01ffe82f43d23.tar.zst
dexon-80d390776742a2a3cfc2f3041fd01ffe82f43d23.zip
cmd/clef: replace password arg with prompt (#17897)
* cmd/clef: replace password arg with prompt (#17829) Entering passwords on the command line is not secure as it is easy to recover from bash_history or the process table. 1. The clef command addpw was renamed to setpw to better describe the functionality 2. The <password> argument was removed and replaced with an interactive prompt * cmd/clef: remove undeclared variable
Diffstat (limited to 'cmd/clef/main.go')
-rw-r--r--cmd/clef/main.go28
1 files changed, 13 insertions, 15 deletions
diff --git a/cmd/clef/main.go b/cmd/clef/main.go
index 6098b1ac2..519d63b3c 100644
--- a/cmd/clef/main.go
+++ b/cmd/clef/main.go
@@ -157,18 +157,18 @@ Whenever you make an edit to the rule file, you need to use attestation to tell
Clef that the file is 'safe' to execute.`,
}
- addCredentialCommand = cli.Command{
- Action: utils.MigrateFlags(addCredential),
- Name: "addpw",
+ setCredentialCommand = cli.Command{
+ Action: utils.MigrateFlags(setCredential),
+ Name: "setpw",
Usage: "Store a credential for a keystore file",
- ArgsUsage: "<address> <password>",
+ ArgsUsage: "<address>",
Flags: []cli.Flag{
logLevelFlag,
configdirFlag,
signerSecretFlag,
},
Description: `
-The addpw command stores a password for a given address (keyfile). If you invoke it with only one parameter, it will
+ The setpw command stores a password for a given address (keyfile). If you enter a blank passphrase, it will
remove any stored credential for that address (keyfile)
`,
}
@@ -200,7 +200,7 @@ func init() {
advancedMode,
}
app.Action = signer
- app.Commands = []cli.Command{initCommand, attestCommand, addCredentialCommand}
+ app.Commands = []cli.Command{initCommand, attestCommand, setCredentialCommand}
}
func main() {
@@ -293,14 +293,17 @@ func attestFile(ctx *cli.Context) error {
return nil
}
-func addCredential(ctx *cli.Context) error {
+func setCredential(ctx *cli.Context) error {
if len(ctx.Args()) < 1 {
- utils.Fatalf("This command requires at leaste one argument.")
+ utils.Fatalf("This command requires an address to be passed as an argument.")
}
if err := initialize(ctx); err != nil {
return err
}
+ address := ctx.Args().First()
+ password := getPassPhrase("Enter a passphrase to store with this address.", true)
+
stretchedKey, err := readMasterKey(ctx, nil)
if err != nil {
utils.Fatalf(err.Error())
@@ -311,13 +314,8 @@ func addCredential(ctx *cli.Context) error {
// Initialize the encrypted storages
pwStorage := storage.NewAESEncryptedStorage(filepath.Join(vaultLocation, "credentials.json"), pwkey)
- key := ctx.Args().First()
- value := ""
- if len(ctx.Args()) > 1 {
- value = ctx.Args().Get(1)
- }
- pwStorage.Put(key, value)
- log.Info("Credential store updated", "key", key)
+ pwStorage.Put(address, password)
+ log.Info("Credential store updated", "key", address)
return nil
}