diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 3b641ef..f116907 100755 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -21,7 +21,7 @@ jobs: - windows-latest toolchain: - - 1.54.0 + - 1.59.0 - stable - nightly @@ -52,13 +52,13 @@ jobs: - uses: actions/checkout@v2 - uses: actions-rs/toolchain@v1 with: - toolchain: 1.54.0 + toolchain: 1.59.0 target: x86_64-unknown-linux-musl profile: minimal override: true - uses: Swatinem/rust-cache@v1 with: - key: ${{ runner.os }}-${{ hashFiles('Cargo.lock') }}-1.54.0-binary + key: ${{ runner.os }}-${{ hashFiles('Cargo.lock') }}-1.59.0-binary - name: Install musl tools run: sudo apt-get install -y musl-tools - name: Build @@ -81,12 +81,12 @@ jobs: - uses: actions/checkout@v2 - uses: actions-rs/toolchain@v1 with: - toolchain: 1.54.0 + toolchain: 1.59.0 profile: minimal override: true - uses: Swatinem/rust-cache@v1 with: - key: ${{ runner.os }}-${{ hashFiles('Cargo.lock') }}-1.54.0-binary + key: ${{ runner.os }}-${{ hashFiles('Cargo.lock') }}-1.59.0-binary - name: Build run: cargo build --release - name: Rename @@ -105,12 +105,12 @@ jobs: - uses: actions/checkout@v2 - uses: actions-rs/toolchain@v1 with: - toolchain: 1.54.0 + toolchain: 1.59.0 profile: minimal override: true - uses: Swatinem/rust-cache@v1 with: - key: ${{ runner.os }}-${{ hashFiles('Cargo.lock') }}-1.54.0-binary + key: ${{ runner.os }}-${{ hashFiles('Cargo.lock') }}-1.59.0-binary - name: Build run: cargo build --release - name: Rename diff --git a/CHANGELOG.md b/CHANGELOG.md index 5576abf..875c5f4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Change log for Amber +## 0.1.3 (2022-03-13) + +* Add the `write-file` command + ## 0.1.2 (2022-01-18) * Allow `encrypt` subcommand to take secret value from `stdin` [#15](https://github.com/fpco/amber/issues/15) diff --git a/Cargo.lock b/Cargo.lock index 5cad78b..1e6ccfc 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -13,7 +13,7 @@ dependencies = [ [[package]] name = "amber" -version = "0.1.2" +version = "0.1.3" dependencies = [ "aho-corasick", "anyhow", diff --git a/Cargo.toml b/Cargo.toml index e5ac317..b3f21f0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "amber" -version = "0.1.2" +version = "0.1.3" authors = ["Michael Snoyman "] edition = "2018" description = "Manage secret values in-repo via public key cryptography" diff --git a/rust-toolchain.toml b/rust-toolchain.toml index ef3ea20..60883f4 100644 --- a/rust-toolchain.toml +++ b/rust-toolchain.toml @@ -1,2 +1,2 @@ [toolchain] -channel = "1.54.0" +channel = "1.59.0" diff --git a/src/cli.rs b/src/cli.rs index d6f963a..086cee8 100644 --- a/src/cli.rs +++ b/src/cli.rs @@ -53,6 +53,15 @@ pub enum SubCommand { /// Command line arguments to pass to the command args: Vec, }, + /// Write the contents of a secret to the given file. + WriteFile { + /// The key for the secret + #[clap(long)] + key: String, + /// File path to write to + #[clap(long)] + dest: PathBuf, + }, } #[derive(Parser, Debug)] diff --git a/src/config.rs b/src/config.rs index 5b57191..cbcbcdf 100644 --- a/src/config.rs +++ b/src/config.rs @@ -203,6 +203,14 @@ impl Config { .map(|plain| (key, plain)) }) } + + /// Look up a specific secret value + pub(crate) fn get_secret(&self, key: &str, secret_key: &SecretKey) -> Result { + self.secrets + .get(key) + .with_context(|| format!("Key does not exist: {}", key)) + .and_then(|secret| secret.decrypt(&self.public_key, secret_key, key)) + } } impl Secret { diff --git a/src/main.rs b/src/main.rs index e05064b..1a0220b 100644 --- a/src/main.rs +++ b/src/main.rs @@ -3,7 +3,7 @@ mod config; mod exec; mod mask; -use std::io::Read; +use std::{io::Read, path::Path}; use anyhow::*; use exec::CommandExecExt; @@ -38,6 +38,7 @@ fn main() -> Result<()> { cli::SubCommand::Remove { key } => remove(cmd.opt, key), cli::SubCommand::Print { style } => print(cmd.opt, style), cli::SubCommand::Exec { cmd: cmd_, args } => exec(cmd.opt, cmd_, args), + cli::SubCommand::WriteFile { key, dest } => write_file(cmd.opt, &key, &dest), } } @@ -169,3 +170,11 @@ fn exec(mut opt: cli::Opt, cmd: String, args: Vec) -> Result<()> { Ok(()) } + +fn write_file(mut opt: cli::Opt, key: &str, dest: &Path) -> Result<()> { + let config = config::Config::load(opt.find_amber_yaml()?)?; + let secret_key = config.load_secret_key()?; + let value = config.get_secret(key, &secret_key)?; + std::fs::write(dest, value) + .with_context(|| format!("Unable to write to file {}", dest.display())) +}