scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-03 03:58:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

command/seal

Browse Source
This commit is contained in:
Mitchell Hashimoto
2015-03-04 08:56:10 -08:00
parent c0557579da
commit d8ec17588c
3 changed files with 74 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
command/seal.go Normal file
View File

@@ -0,0 +1,61 @@
package command
import (
"strings"
)
// SealCommand is a Command that seals the vault.
type SealCommand struct {
Meta
}
func (c *SealCommand) Run(args []string) int {
flags := c.Meta.FlagSet("unseal", FlagSetDefault)
flags.Usage = func() { c.Ui.Error(c.Help()) }
if err := flags.Parse(args); err != nil {
return 1
}
return 0
}
func (c *SealCommand) Synopsis() string {
return "Seals the vault server"
}
func (c *SealCommand) Help() string {
helpText := `
Usage: vault seal [options]
Seal the vault.
Sealing a vault tells the Vault server to stop responding to any
access operations until it is unsealed again. A sealed vault throws away
its master key to unlock the data, so it physically is blocked from
responding to operations again until the Vault is unsealed again with
the "unseal" command or via the API.
This command is idempotent, if the vault is already sealed it does nothing.
If an unseal has started, sealing the vault will reset the unsealing
process. You'll have to re-enter every portion of the master key again.
This is the same as running "vault unseal -reset".
General Options:
-address=TODO The address of the Vault server.
-ca-cert=path Path to a PEM encoded CA cert file to use to
verify the Vault server SSL certificate.
-ca-path=path Path to a directory of PEM encoded CA cert files
to verify the Vault server SSL certificate. If both
-ca-cert and -ca-path are specified, -ca-path is used.
-insecure Do not verify TLS certificate. This is highly
not recommended. This is especially not recommended
for unsealing a vault.
`
return strings.TrimSpace(helpText)
}

7
command/unseal.go
View File

@@ -14,7 +14,9 @@ type UnsealCommand struct {
} }
func (c *UnsealCommand) Run(args []string) int { func (c *UnsealCommand) Run(args []string) int {
var reset bool
flags := c.Meta.FlagSet("unseal", FlagSetDefault) flags := c.Meta.FlagSet("unseal", FlagSetDefault)
flags.BoolVar(&reset, "reset", false, "")
flags.Usage = func() { c.Ui.Error(c.Help()) } flags.Usage = func() { c.Ui.Error(c.Help()) }
if err := flags.Parse(args); err != nil { if err := flags.Parse(args); err != nil {
return 1 return 1
@@ -67,6 +69,11 @@ General Options:
not recommended. This is especially not recommended not recommended. This is especially not recommended
for unsealing a vault. for unsealing a vault.
Unseal Options:
-reset Reset the unsealing process by throwing away
prior keys in process to unseal the vault.
` `
return strings.TrimSpace(helpText) return strings.TrimSpace(helpText)
} }

10
commands.go
View File

@@ -32,12 +32,14 @@ func init() {
"put": func() (cli.Command, error) { "put": func() (cli.Command, error) {
return nil, nil return nil, nil
}, },
"seal": func() (cli.Command, error) {
return nil, nil
},
*/ */
"seal": func() (cli.Command, error) {
return &command.SealCommand{
Meta: meta,
}, nil
},
"unseal": func() (cli.Command, error) { "unseal": func() (cli.Command, error) {
return &command.UnsealCommand{ return &command.UnsealCommand{
Meta: meta, Meta: meta,