scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-29 17:52:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix transit byok tool, add docs, tests (#19373)

Browse Source 
* Fix Vault Transit BYOK helper argument parsing

This commit fixes the following issues with the importer:

 - More than two arguments were not supported, causing the CLI to error
   out and resulting in a failure to import RSA keys.
 - The @file notation support was not accepted for KEY, meaning
   unencrypted keys had to be manually specified on the CLI.
 - Parsing of additional argument data was done in a non-standard way.
 - Fix parsing of command line options and ensure only relevant
   options are included.

Additionally, some error messages and help text was clarified.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add missing documentation on Transit CLI to website

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add tests for Transit BYOK vault subcommand

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Appease CI

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
This commit is contained in:
Alexander Scheel
2023-02-27 13:25:38 -05:00
committed by GitHub
parent 6080a01835
commit d35be2d0de
7 changed files with 347 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
command/transit_import_key_version.go
View File

@@ -22,21 +22,23 @@ func (c *TransitImportVersionCommand) Synopsis() string {
func (c *TransitImportVersionCommand) Help() string {
helpText := `
Usage: vault transit import-version PATH KEY
Usage: vault transit import-version PATH KEY [...]
Using the Transit or Transform key wrapping system, imports key material from
the base64 encoded KEY, into a new key whose API path is PATH. To import a new transit/transform key,
use import. The remaining options after KEY (key=value style) are passed on to the transit/transform create key
endpoint.
If your system or device natively supports the RSA AES key wrap mechanism, you should use it directly
rather than this command.
the base64 encoded KEY (either directly on the CLI or via @path notation),
into a new key whose API path is PATH. To import a new transit/transform
key, use the import command instead. The remaining options after KEY
(key=value style) are passed on to the transit/transform create key endpoint.
If your system or device natively supports the RSA AES key wrap mechanism
(such as the PKCS#11 mechanism CKM_RSA_AES_KEY_WRAP), you should use it
directly rather than this command.
` + c.Flags().Help()
return strings.TrimSpace(helpText)
}
func (c *TransitImportVersionCommand) Flags() *FlagSets {
return c.flagSet(FlagSetHTTP | FlagSetOutputField | FlagSetOutputFormat)
return c.flagSet(FlagSetHTTP)
}
func (c *TransitImportVersionCommand) AutocompleteArgs() complete.Predictor {
@@ -48,5 +50,5 @@ func (c *TransitImportVersionCommand) AutocompleteFlags() complete.Flags {
}
func (c *TransitImportVersionCommand) Run(args []string) int {
return importKey(c.BaseCommand, "import_version", args)
return importKey(c.BaseCommand, "import_version", c.Flags(), args)
}