-
-
Notifications
You must be signed in to change notification settings - Fork 492
/
write.go
101 lines (76 loc) · 2.72 KB
/
write.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
package leaf
import (
"context"
"fmt"
"strings"
"github.com/gopasspw/gopass/internal/config"
"github.com/gopasspw/gopass/internal/queue"
"github.com/gopasspw/gopass/internal/store"
"github.com/gopasspw/gopass/pkg/ctxutil"
"github.com/gopasspw/gopass/pkg/debug"
"github.com/gopasspw/gopass/pkg/gopass"
)
// Set encodes and writes the ciphertext of one entry to disk.
func (s *Store) Set(ctx context.Context, name string, sec gopass.Byter) error {
if strings.Contains(name, "//") {
return fmt.Errorf("invalid secret name: %s", name)
}
if cfg, _ := config.FromContext(ctx); cfg.GetM(s.alias, "core.readonly") == "true" {
return fmt.Errorf("writing to %s is disabled by `core.readonly`.", s.alias)
}
p := s.Passfile(name)
recipients, err := s.useableKeys(ctx, name)
if err != nil {
return fmt.Errorf("failed to list useable keys for %q: %w", p, err)
}
// make sure the encryptor can decrypt later
recipients = s.ensureOurKeyID(ctx, recipients)
// we can not encrypt without recipients
if len(recipients) < 1 {
return fmt.Errorf("no useable recipients for %q. can not encrypt without recipients.", name)
}
ciphertext, err := s.crypto.Encrypt(ctx, sec.Bytes(), recipients)
if err != nil {
debug.Log("Failed encrypt secret: %s", err)
return store.ErrEncrypt
}
if err := s.storage.Set(ctx, p, ciphertext); err != nil {
return fmt.Errorf("failed to write secret: %w", err)
}
// It is not possible to perform concurrent git add and git commit commands
// so we need to skip this step when using concurrency and perform them
// at the end of the batch processing.
if IsNoGitOps(ctx) {
debug.Log("sub.Set(%s) - skipping git ops (disabled)")
return nil
}
if err := s.storage.TryAdd(ctx, p); err != nil {
return fmt.Errorf("failed to add %q to git: %w", p, err)
}
if !ctxutil.IsGitCommit(ctx) {
return nil
}
// try to enqueue this task, if the queue is not available
// it will return the task and we will execute it inline
t := queue.GetQueue(ctx).Add(func(_ context.Context) (context.Context, error) {
return nil, s.gitCommitAndPush(ctx, name)
})
ctx, err = t(ctx)
return err
}
func (s *Store) gitCommitAndPush(ctx context.Context, name string) error {
if err := s.storage.TryCommit(ctx, fmt.Sprintf("Save secret to %s: %s", name, ctxutil.GetCommitMessage(ctx))); err != nil {
return fmt.Errorf("failed to commit changes to git: %w", err)
}
ctx = config.WithMount(ctx, s.alias)
if !config.Bool(ctx, "core.autopush") {
debug.Log("not pushing to git remote, core.autopush is false")
return nil
}
debug.Log("pushing to remote ...")
if err := s.storage.TryPush(ctx, "", ""); err != nil {
return fmt.Errorf("failed to push to git remote: %w", err)
}
debug.Log("pushed to remote")
return nil
}