diff options
author | Johns Beharry <johns@peakshift.com> | 2018-10-26 03:45:56 +0800 |
---|---|---|
committer | Martin Holst Swende <martin@swende.se> | 2018-10-26 03:45:56 +0800 |
commit | 80d390776742a2a3cfc2f3041fd01ffe82f43d23 (patch) | |
tree | f0e4b1231e4c0a24199972b89b8a166927c8a7a9 /cmd/clef/main.go | |
parent | 68109336405a36e3c3fdcab6a87e8bc024a44a49 (diff) | |
download | dexon-80d390776742a2a3cfc2f3041fd01ffe82f43d23.tar dexon-80d390776742a2a3cfc2f3041fd01ffe82f43d23.tar.gz dexon-80d390776742a2a3cfc2f3041fd01ffe82f43d23.tar.bz2 dexon-80d390776742a2a3cfc2f3041fd01ffe82f43d23.tar.lz dexon-80d390776742a2a3cfc2f3041fd01ffe82f43d23.tar.xz dexon-80d390776742a2a3cfc2f3041fd01ffe82f43d23.tar.zst dexon-80d390776742a2a3cfc2f3041fd01ffe82f43d23.zip |
cmd/clef: replace password arg with prompt (#17897)
* cmd/clef: replace password arg with prompt (#17829)
Entering passwords on the command line is not secure as it is easy to recover from bash_history or the process table.
1. The clef command addpw was renamed to setpw to better describe the functionality
2. The <password> argument was removed and replaced with an interactive prompt
* cmd/clef: remove undeclared variable
Diffstat (limited to 'cmd/clef/main.go')
-rw-r--r-- | cmd/clef/main.go | 28 |
1 files changed, 13 insertions, 15 deletions
diff --git a/cmd/clef/main.go b/cmd/clef/main.go index 6098b1ac2..519d63b3c 100644 --- a/cmd/clef/main.go +++ b/cmd/clef/main.go @@ -157,18 +157,18 @@ Whenever you make an edit to the rule file, you need to use attestation to tell Clef that the file is 'safe' to execute.`, } - addCredentialCommand = cli.Command{ - Action: utils.MigrateFlags(addCredential), - Name: "addpw", + setCredentialCommand = cli.Command{ + Action: utils.MigrateFlags(setCredential), + Name: "setpw", Usage: "Store a credential for a keystore file", - ArgsUsage: "<address> <password>", + ArgsUsage: "<address>", Flags: []cli.Flag{ logLevelFlag, configdirFlag, signerSecretFlag, }, Description: ` -The addpw command stores a password for a given address (keyfile). If you invoke it with only one parameter, it will + The setpw command stores a password for a given address (keyfile). If you enter a blank passphrase, it will remove any stored credential for that address (keyfile) `, } @@ -200,7 +200,7 @@ func init() { advancedMode, } app.Action = signer - app.Commands = []cli.Command{initCommand, attestCommand, addCredentialCommand} + app.Commands = []cli.Command{initCommand, attestCommand, setCredentialCommand} } func main() { @@ -293,14 +293,17 @@ func attestFile(ctx *cli.Context) error { return nil } -func addCredential(ctx *cli.Context) error { +func setCredential(ctx *cli.Context) error { if len(ctx.Args()) < 1 { - utils.Fatalf("This command requires at leaste one argument.") + utils.Fatalf("This command requires an address to be passed as an argument.") } if err := initialize(ctx); err != nil { return err } + address := ctx.Args().First() + password := getPassPhrase("Enter a passphrase to store with this address.", true) + stretchedKey, err := readMasterKey(ctx, nil) if err != nil { utils.Fatalf(err.Error()) @@ -311,13 +314,8 @@ func addCredential(ctx *cli.Context) error { // Initialize the encrypted storages pwStorage := storage.NewAESEncryptedStorage(filepath.Join(vaultLocation, "credentials.json"), pwkey) - key := ctx.Args().First() - value := "" - if len(ctx.Args()) > 1 { - value = ctx.Args().Get(1) - } - pwStorage.Put(key, value) - log.Info("Credential store updated", "key", key) + pwStorage.Put(address, password) + log.Info("Credential store updated", "key", address) return nil } |