cerc-io/plugeth
18
0
Fork 1
Code Issues 4 Pull Requests Packages Projects Releases Wiki Activity

cmd/clef: replace password arg with prompt (#17897)

Browse Source 
* cmd/clef: replace password arg with prompt (#17829)

Entering passwords on the command line is not secure as it is easy to recover from bash_history or the process table.
1. The clef command addpw was renamed to setpw to better describe the functionality
2. The <password> argument was removed and replaced with an interactive prompt

* cmd/clef: remove undeclared variable
This commit is contained in:
Johns Beharry 2018-10-25 21:45:56 +02:00 committed by Martin Holst Swende
parent 6810933640
commit 80d3907767
1 changed files with 13 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
cmd/clef/main.go
View File

@ -157,18 +157,18 @@ Whenever you make an edit to the rule file, you need to use attestation to tell
Clef that the file is 'safe' to execute.`, Clef that the file is 'safe' to execute.`,
} }
addCredentialCommand = cli.Command{ setCredentialCommand = cli.Command{
Action: utils.MigrateFlags(addCredential), Action: utils.MigrateFlags(setCredential),
Name: "addpw", Name: "setpw",
Usage: "Store a credential for a keystore file", Usage: "Store a credential for a keystore file",
ArgsUsage: "<address> <password>", ArgsUsage: "<address>",
Flags: []cli.Flag{ Flags: []cli.Flag{
logLevelFlag, logLevelFlag,
configdirFlag, configdirFlag,
signerSecretFlag, signerSecretFlag,
}, },
Description: ` Description: `
The addpw command stores a password for a given address (keyfile). If you invoke it with only one parameter, it will The setpw command stores a password for a given address (keyfile). If you enter a blank passphrase, it will
remove any stored credential for that address (keyfile) remove any stored credential for that address (keyfile)
`, `,
} }
@ -200,7 +200,7 @@ func init() {
advancedMode, advancedMode,
} }
app.Action = signer app.Action = signer
app.Commands = []cli.Command{initCommand, attestCommand, addCredentialCommand} app.Commands = []cli.Command{initCommand, attestCommand, setCredentialCommand}
} }
func main() { func main() {
@ -293,14 +293,17 @@ func attestFile(ctx *cli.Context) error {
return nil return nil
} }
func addCredential(ctx *cli.Context) error { func setCredential(ctx *cli.Context) error {
if len(ctx.Args()) < 1 { if len(ctx.Args()) < 1 {
utils.Fatalf("This command requires at leaste one argument.") utils.Fatalf("This command requires an address to be passed as an argument.")
} }
if err := initialize(ctx); err != nil { if err := initialize(ctx); err != nil {
return err return err
} }
address := ctx.Args().First()
password := getPassPhrase("Enter a passphrase to store with this address.", true)
stretchedKey, err := readMasterKey(ctx, nil) stretchedKey, err := readMasterKey(ctx, nil)
if err != nil { if err != nil {
utils.Fatalf(err.Error()) utils.Fatalf(err.Error())
@ -311,13 +314,8 @@ func addCredential(ctx *cli.Context) error {
// Initialize the encrypted storages // Initialize the encrypted storages
pwStorage := storage.NewAESEncryptedStorage(filepath.Join(vaultLocation, "credentials.json"), pwkey) pwStorage := storage.NewAESEncryptedStorage(filepath.Join(vaultLocation, "credentials.json"), pwkey)
key := ctx.Args().First() pwStorage.Put(address, password)
value := "" log.Info("Credential store updated", "key", address)
if len(ctx.Args()) > 1 {
value = ctx.Args().Get(1)
}
pwStorage.Put(key, value)
log.Info("Credential store updated", "key", key)
return nil return nil
} }