github.com/cmalfait/terraform@v0.11.12-beta1/helper/encryption/encryption.go (about)

     1  package encryption
     2  
     3  import (
     4  	"encoding/base64"
     5  	"fmt"
     6  	"strings"
     7  
     8  	"github.com/hashicorp/errwrap"
     9  	"github.com/hashicorp/vault/helper/pgpkeys"
    10  )
    11  
    12  // RetrieveGPGKey returns the PGP key specified as the pgpKey parameter, or queries
    13  // the public key from the keybase service if the parameter is a keybase username
    14  // prefixed with the phrase "keybase:"
    15  func RetrieveGPGKey(pgpKey string) (string, error) {
    16  	const keybasePrefix = "keybase:"
    17  
    18  	encryptionKey := pgpKey
    19  	if strings.HasPrefix(pgpKey, keybasePrefix) {
    20  		publicKeys, err := pgpkeys.FetchKeybasePubkeys([]string{pgpKey})
    21  		if err != nil {
    22  			return "", errwrap.Wrapf(fmt.Sprintf("Error retrieving Public Key for %s: {{err}}", pgpKey), err)
    23  		}
    24  		encryptionKey = publicKeys[pgpKey]
    25  	}
    26  
    27  	return encryptionKey, nil
    28  }
    29  
    30  // EncryptValue encrypts the given value with the given encryption key. Description
    31  // should be set such that errors return a meaningful user-facing response.
    32  func EncryptValue(encryptionKey, value, description string) (string, string, error) {
    33  	fingerprints, encryptedValue, err :=
    34  		pgpkeys.EncryptShares([][]byte{[]byte(value)}, []string{encryptionKey})
    35  	if err != nil {
    36  		return "", "", errwrap.Wrapf(fmt.Sprintf("Error encrypting %s: {{err}}", description), err)
    37  	}
    38  
    39  	return fingerprints[0], base64.StdEncoding.EncodeToString(encryptedValue[0]), nil
    40  }