read key from env

bakito · Mar 1, 2024 · 6ce6746 · 6ce6746
1 parent 74eb7f3
commit 6ce6746
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 2 deletions.
diff --git a/cmd/decrypt.go b/cmd/decrypt.go
@@ -19,6 +19,11 @@ var (
 		Aliases: []string{"uor"},
 		Short:   "Decrypt secrets in exported resource files",
 		RunE: func(cmd *cobra.Command, args []string) error {
+
+			if k, ok := os.LookupEnv(types.EnvAesKey); ok {
+				aesKey = k
+			}
+
 			if aesKey == "" {
 				fmt.Println("Please the aes key: ")
 				key, err := term.ReadPassword(int(os.Stdin.Fd()))

diff --git a/pkg/types/encrypted.go b/pkg/types/encrypted.go
@@ -8,14 +8,18 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"os"
 	"strings"
 
 	"github.com/bakito/kubexporter/pkg/utils"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/cli-runtime/pkg/genericclioptions"
 )
 
-const prefix = "AES@"
+const (
+	prefix    = "AES@"
+	EnvAesKey = "KUBEXPORTER_AES_KEY"
+)
 
 type Encrypted struct {
 	AesKey     string     `json:"aesKey" yaml:"aesKey"`
@@ -25,6 +29,9 @@ type Encrypted struct {
 }
 
 func (e *Encrypted) Setup() (err error) {
+	if k, ok := os.LookupEnv(EnvAesKey); ok {
+		e.AesKey = k
+	}
 	if e.AesKey != "" {
 		e.gcm, err = setupAES(e.AesKey)
 		if err != nil {

diff --git a/pkg/types/masked.go b/pkg/types/masked.go
@@ -1,7 +1,7 @@
 package types
 
 import (
-	"crypto/md5"  // #nosec G501 we are ok with md5
+	"crypto/md5" // #nosec G501 we are ok with md5
 	"crypto/sha1" // #nosec G505 we are ok with sha1
 	"crypto/sha256"
 	"fmt"