mirror of
https://gitlab.com/pulsechaincom/go-pulse.git
synced 2024-12-23 11:57:17 +00:00
cmd/clef: replace password arg with prompt (#17897)
* cmd/clef: replace password arg with prompt (#17829) Entering passwords on the command line is not secure as it is easy to recover from bash_history or the process table. 1. The clef command addpw was renamed to setpw to better describe the functionality 2. The <password> argument was removed and replaced with an interactive prompt * cmd/clef: remove undeclared variable
This commit is contained in:
parent
6810933640
commit
80d3907767
@ -157,18 +157,18 @@ Whenever you make an edit to the rule file, you need to use attestation to tell
|
|||||||
Clef that the file is 'safe' to execute.`,
|
Clef that the file is 'safe' to execute.`,
|
||||||
}
|
}
|
||||||
|
|
||||||
addCredentialCommand = cli.Command{
|
setCredentialCommand = cli.Command{
|
||||||
Action: utils.MigrateFlags(addCredential),
|
Action: utils.MigrateFlags(setCredential),
|
||||||
Name: "addpw",
|
Name: "setpw",
|
||||||
Usage: "Store a credential for a keystore file",
|
Usage: "Store a credential for a keystore file",
|
||||||
ArgsUsage: "<address> <password>",
|
ArgsUsage: "<address>",
|
||||||
Flags: []cli.Flag{
|
Flags: []cli.Flag{
|
||||||
logLevelFlag,
|
logLevelFlag,
|
||||||
configdirFlag,
|
configdirFlag,
|
||||||
signerSecretFlag,
|
signerSecretFlag,
|
||||||
},
|
},
|
||||||
Description: `
|
Description: `
|
||||||
The addpw command stores a password for a given address (keyfile). If you invoke it with only one parameter, it will
|
The setpw command stores a password for a given address (keyfile). If you enter a blank passphrase, it will
|
||||||
remove any stored credential for that address (keyfile)
|
remove any stored credential for that address (keyfile)
|
||||||
`,
|
`,
|
||||||
}
|
}
|
||||||
@ -200,7 +200,7 @@ func init() {
|
|||||||
advancedMode,
|
advancedMode,
|
||||||
}
|
}
|
||||||
app.Action = signer
|
app.Action = signer
|
||||||
app.Commands = []cli.Command{initCommand, attestCommand, addCredentialCommand}
|
app.Commands = []cli.Command{initCommand, attestCommand, setCredentialCommand}
|
||||||
|
|
||||||
}
|
}
|
||||||
func main() {
|
func main() {
|
||||||
@ -293,14 +293,17 @@ func attestFile(ctx *cli.Context) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func addCredential(ctx *cli.Context) error {
|
func setCredential(ctx *cli.Context) error {
|
||||||
if len(ctx.Args()) < 1 {
|
if len(ctx.Args()) < 1 {
|
||||||
utils.Fatalf("This command requires at leaste one argument.")
|
utils.Fatalf("This command requires an address to be passed as an argument.")
|
||||||
}
|
}
|
||||||
if err := initialize(ctx); err != nil {
|
if err := initialize(ctx); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
address := ctx.Args().First()
|
||||||
|
password := getPassPhrase("Enter a passphrase to store with this address.", true)
|
||||||
|
|
||||||
stretchedKey, err := readMasterKey(ctx, nil)
|
stretchedKey, err := readMasterKey(ctx, nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
utils.Fatalf(err.Error())
|
utils.Fatalf(err.Error())
|
||||||
@ -311,13 +314,8 @@ func addCredential(ctx *cli.Context) error {
|
|||||||
|
|
||||||
// Initialize the encrypted storages
|
// Initialize the encrypted storages
|
||||||
pwStorage := storage.NewAESEncryptedStorage(filepath.Join(vaultLocation, "credentials.json"), pwkey)
|
pwStorage := storage.NewAESEncryptedStorage(filepath.Join(vaultLocation, "credentials.json"), pwkey)
|
||||||
key := ctx.Args().First()
|
pwStorage.Put(address, password)
|
||||||
value := ""
|
log.Info("Credential store updated", "key", address)
|
||||||
if len(ctx.Args()) > 1 {
|
|
||||||
value = ctx.Args().Get(1)
|
|
||||||
}
|
|
||||||
pwStorage.Put(key, value)
|
|
||||||
log.Info("Credential store updated", "key", key)
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user