Skip to content

Commit

Permalink
removed the decrypt filter
Browse files Browse the repository at this point in the history
  • Loading branch information
@HeavyHorst
HeavyHorst committed Aug 25, 2017
1 parent eea84a4 commit f6c78db
Show file tree
Hide file tree
Showing 54 changed files with 2 additions and 10,922 deletions.
4 changes: 2 additions & 2 deletions Gopkg.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

19 changes: 0 additions & 19 deletions docs/content/template/template-filters.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,25 +75,6 @@ Works with []string and []KVPair.
```
</details>

<details>
<summary> **decrypt** -- Decrypts the stored data. Data must follow the following format, `base64(gpg(gzip(data)))`. </summary>

This is compatible with [crypt](https://github.com/xordataexchange/crypt/tree/master/bin/crypt).

Works with string, []string, KVPair, KVPairs

```
{{ getv("/test/data") | decrypt:"/path/to/your/armored/private/key" }}
```

#### Storing data using gpg
```
data = `echo 'secret text' | gzip -c | gpg2 --compress-level 0 --encrypt --default-recipient <your-recipient> | base64`
ETCDCTL_API=3 etcdctl put /test/data $data
```
</details>


## Custom filters

It is possible to create custom filters in JavaScript.
Expand Down
69 changes: 0 additions & 69 deletions pkg/template/template_filters.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,19 +11,14 @@ package template
import (
"encoding/base64"
"encoding/json"
"fmt"
"io/ioutil"
"os"
"path"
"path/filepath"
"sort"
"strings"

"golang.org/x/crypto/openpgp"

"github.com/HeavyHorst/memkv"
"github.com/HeavyHorst/pongo2"
"github.com/HeavyHorst/remco/pkg/log"
"github.com/dop251/goja"
"github.com/mickep76/iodatafmt/yaml_mapstr"
"github.com/pkg/errors"
Expand All @@ -40,7 +35,6 @@ func init() {
pongo2.RegisterFilter("dir", filterDir)
pongo2.RegisterFilter("base", filterBase)
pongo2.RegisterFilter("base64", filterBase64)
pongo2.RegisterFilter("decrypt", filterDecrypt)
}

// RegisterCustomJsFilters loads all filters from the given directory.
Expand Down Expand Up @@ -180,66 +174,3 @@ func filterSortByLength(in *pongo2.Value, param *pongo2.Value) (*pongo2.Value, *

return in, nil
}

func filterDecrypt(in *pongo2.Value, param *pongo2.Value) (*pongo2.Value, *pongo2.Error) {
if !param.IsString() {
return in, nil
}

secretKeyring, err := os.Open(param.String())
if err != nil {
return nil, &pongo2.Error{
Sender: "filter:filterDecrypt",
OrigError: err,
}
}

defer secretKeyring.Close()
entityList, err := openpgp.ReadArmoredKeyRing(secretKeyring)
if err != nil {
return nil, &pongo2.Error{
Sender: "filter:filterDecrypt",
OrigError: err,
}
}

input := in.Interface()
switch i := input.(type) {
case string:
data, err := decrypt(i, entityList)
if err != nil {
return nil, &pongo2.Error{
Sender: "filter:filterDecrypt",
OrigError: err,
}
}
return pongo2.AsValue(data), nil
case memkv.KVPairs:
var new []memkv.KVPair
for _, v := range i {
dvalue, err := decrypt(v.Value, entityList)
if err != nil {
log.Warning(fmt.Sprintf("Couldn't decrypt `%s` - %s", v.Value, err))
}
new = append(new, memkv.KVPair{Key: v.Key, Value: dvalue})
}
return pongo2.AsValue(memkv.KVPairs(new)), nil
case memkv.KVPair:
dvalue, err := decrypt(i.Value, entityList)
if err != nil {
log.Warning(fmt.Sprintf("Couldn't decrypt `%s` - %s", i.Value, err))
}
return pongo2.AsValue(memkv.KVPair{Key: i.Key, Value: dvalue}), nil
case []string:
var new []string
for _, v := range i {
dvalue, err := decrypt(v, entityList)
if err != nil {
log.Warning(fmt.Sprintf("Couldn't decrypt `%s` - %s", v, err))
}
new = append(new, dvalue)
}
return pongo2.AsValue(new), nil
}
return in, nil
}
27 changes: 0 additions & 27 deletions pkg/template/util.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,15 +12,7 @@
package template

import (
"bytes"
"compress/gzip"
"encoding/base64"
"io/ioutil"
"path"

"github.com/pkg/errors"

"golang.org/x/crypto/openpgp"
)

func appendPrefix(prefix string, keys []string) []string {
Expand All @@ -30,22 +22,3 @@ func appendPrefix(prefix string, keys []string) []string {
}
return s
}

func decrypt(data string, entityList openpgp.EntityList) (string, error) {
// Taken from crypt and adapted
decoder := base64.NewDecoder(base64.StdEncoding, bytes.NewBufferString(data))
md, err := openpgp.ReadMessage(decoder, entityList, nil, nil)
if err != nil {
return data, errors.Wrap(err, "openpgp.ReadMessage failed")
}
gzReader, err := gzip.NewReader(md.UnverifiedBody)
if err != nil {
return data, errors.Wrap(err, "gzip.NewReader failed")
}
defer gzReader.Close()
bytes, err := ioutil.ReadAll(gzReader)
if err != nil {
return data, errors.Wrap(err, "couldn't read from gzip reader")
}
return string(bytes), nil
}
Loading

0 comments on commit f6c78db

Please sign in to comment.