noa-x / ev
Öffentliche Dateiansicht: Raw-Dateien, Tree, Releases und Issues sind ohne Login verfügbar.
vault/session_secret_darwin.go Raw 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

//go:build darwin

package vault

import (
	"encoding/base64"
	"fmt"
	"os/exec"
	"strings"
)

const sessionKeychainService = "envault-session"

func sessionKeychainAccount(project string) string {
	return fmt.Sprintf("%s:%s", keychainAccount(), project)
}

func storeSessionSecret(project string, key []byte) error {
	value := base64.StdEncoding.EncodeToString(key)
	return exec.Command(
		"security", "add-generic-password",
		"-U",
		"-a", sessionKeychainAccount(project),
		"-s", sessionKeychainService,
		"-w", value,
	).Run()
}

func loadSessionSecret(project string) ([]byte, error) {
	out, err := exec.Command(
		"security", "find-generic-password",
		"-a", sessionKeychainAccount(project),
		"-s", sessionKeychainService,
		"-w",
	).Output()
	if err != nil {
		return nil, err
	}
	return base64.StdEncoding.DecodeString(strings.TrimSpace(string(out)))
}

func removeSessionSecret(project string) error {
	return exec.Command(
		"security", "delete-generic-password",
		"-a", sessionKeychainAccount(project),
		"-s", sessionKeychainService,
	).Run()
}