Add encrypt command

twpayne · Sep 9, 2021 · ed65ef6 · ed65ef6
1 parent 736aaa1
commit ed65ef6
Show file tree

Hide file tree

Showing 6 changed files with 82 additions and 35 deletions.
diff --git a/docs/REFERENCE.md b/docs/REFERENCE.md
@@ -64,6 +64,7 @@ Manage your dotfiles across multiple machines, securely.
   * [`dump` [*target*...]](#dump-target)
   * [`edit` [*target*...]](#edit-target)
   * [`edit-config`](#edit-config)
+  * [`encrypt` [*file*...]](#encrypt-file)
   * [`execute-template` [*template*...]](#execute-template-template)
   * [`forget` *targets*](#forget-targets)
   * [`git` [*arg*...]](#git-arg)
@@ -1149,6 +1150,14 @@ $ chezmoi edit-config
 
 ---
 
+### `encrypt` [*file*...]
+
+Encrypt *file*s using chezmoi's configured encryption. If no files are given,
+encrypt the standard input. The encrypted result is written to the standard
+output or a file if the `--output` flag is set.
+
+---
+
 ### `execute-template` [*template*...]
 
 Execute *template*s. This is useful for testing templates or for calling chezmoi

diff --git a/internal/cmd/config.go b/internal/cmd/config.go
@@ -929,6 +929,42 @@ func (c *Config) execute(args []string) error {
 	return rootCmd.Execute()
 }
 
+// filterInput reads from args (or the standard input if args is empty),
+// transforms it with f, and writes the output.
+func (c *Config) filterInput(args []string, f func([]byte) ([]byte, error)) error {
+	if len(args) == 0 {
+		input, err := io.ReadAll(c.stdin)
+		if err != nil {
+			return err
+		}
+		output, err := f(input)
+		if err != nil {
+			return err
+		}
+		return c.writeOutput(output)
+	}
+
+	for _, arg := range args {
+		argAbsPath, err := chezmoi.NewAbsPathFromExtPath(arg, c.homeDirAbsPath)
+		if err != nil {
+			return err
+		}
+		input, err := c.baseSystem.ReadFile(argAbsPath)
+		if err != nil {
+			return err
+		}
+		output, err := f(input)
+		if err != nil {
+			return err
+		}
+		if err := c.writeOutput(output); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (c *Config) findConfigTemplate() (chezmoi.RelPath, string, []byte, error) {
 	for _, ext := range viper.SupportedExts {
 		filename := chezmoi.RelPath(chezmoi.Prefix + "." + ext + chezmoi.TemplateSuffix)
@@ -1085,6 +1121,7 @@ func (c *Config) newRootCmd() (*cobra.Command, error) {
 		c.newDumpCmd(),
 		c.newEditCmd(),
 		c.newEditConfigCmd(),
+		c.newEncryptCommand(),
 		c.newExecuteTemplateCmd(),
 		c.newForgetCmd(),
 		c.newGitCmd(),

diff --git a/internal/cmd/decryptcmd.go b/internal/cmd/decryptcmd.go
@@ -1,11 +1,7 @@
 package cmd
 
 import (
-	"io"
-
 	"github.com/spf13/cobra"
-
-	"github.com/twpayne/chezmoi/v2/internal/chezmoi"
 )
 
 func (c *Config) newDecryptCommand() *cobra.Command {
@@ -21,35 +17,5 @@ func (c *Config) newDecryptCommand() *cobra.Command {
 }
 
 func (c *Config) runDecryptCmd(cmd *cobra.Command, args []string) error {
-	if len(args) == 0 {
-		ciphertext, err := io.ReadAll(c.stdin)
-		if err != nil {
-			return err
-		}
-		plaintext, err := c.encryption.Decrypt(ciphertext)
-		if err != nil {
-			return err
-		}
-		return c.writeOutput(plaintext)
-	}
-
-	for _, arg := range args {
-		argAbsPath, err := chezmoi.NewAbsPathFromExtPath(arg, c.homeDirAbsPath)
-		if err != nil {
-			return err
-		}
-		ciphertext, err := c.baseSystem.ReadFile(argAbsPath)
-		if err != nil {
-			return err
-		}
-		plaintext, err := c.encryption.Decrypt(ciphertext)
-		if err != nil {
-			return err
-		}
-		if err := c.writeOutput(plaintext); err != nil {
-			return err
-		}
-	}
-
-	return nil
+	return c.filterInput(args, c.encryption.Decrypt)
 }
diff --git a/internal/cmd/encryptcmd.go b/internal/cmd/encryptcmd.go
@@ -0,0 +1,21 @@
+package cmd
+
+import (
+	"github.com/spf13/cobra"
+)
+
+func (c *Config) newEncryptCommand() *cobra.Command {
+	decryptCommand := &cobra.Command{
+		Use:     "encrypt [file...]",
+		Short:   "Encrypt file or standard input",
+		Long:    mustLongHelp("encrypt"),
+		Example: example("encrypt"),
+		RunE:    c.runEncryptCmd,
+	}
+
+	return decryptCommand
+}
+
+func (c *Config) runEncryptCmd(cmd *cobra.Command, args []string) error {
+	return c.filterInput(args, c.encryption.Encrypt)
+}
diff --git a/internal/cmd/testdata/scripts/ageencryption.txt b/internal/cmd/testdata/scripts/ageencryption.txt
@@ -35,6 +35,13 @@ cmp stdout golden/.encrypted
 chezmoi decrypt ${CHEZMOISOURCEDIR}${/}encrypted_dot_encrypted.age
 cmp stdout golden/.encrypted
 
+# test chezmoi encrypt/chezmoi decrypt round trip
+chezmoi encrypt golden/.encrypted
+stdout '-----BEGIN AGE ENCRYPTED FILE-----'
+stdin stdout
+chezmoi decrypt
+cmp stdout golden/.encrypted
+
 # test that chezmoi edit --apply transparently decrypts and re-encrypts
 chezmoi edit --apply --force $HOME${/}.encrypted
 grep '# edited' $HOME/.encrypted

diff --git a/internal/cmd/testdata/scripts/gpgencryption.txt b/internal/cmd/testdata/scripts/gpgencryption.txt
@@ -35,6 +35,13 @@ cmp stdout golden/.encrypted
 chezmoi decrypt ${CHEZMOISOURCEDIR}${/}encrypted_dot_encrypted.asc
 cmp stdout golden/.encrypted
 
+# test chezmoi encrypt/chezmoi decrypt round trip
+chezmoi encrypt golden/.encrypted
+stdout '-----BEGIN PGP MESSAGE-----'
+stdin stdout
+chezmoi decrypt
+cmp stdout golden/.encrypted
+
 # test that chezmoi edit --apply transparently decrypts and re-encrypts
 chezmoi edit --apply --force $HOME${/}.encrypted
 grep '# edited' $HOME/.encrypted