Add passphrase fallback prompt

cmd/secrethub-http-proxy/main.go

@@ -8,6 +8,7 @@ import (
 	"os/signal"
 	"syscall"
 
+	"github.com/abiosoft/readline"
 	"github.com/keylockerbv/secrethub-http-proxy/pkg/restproxy"
 	"github.com/secrethub/secrethub-go/pkg/secrethub"
 )
@@ -32,14 +33,46 @@ func init() {
 		exit(fmt.Errorf("credential is required"))
 	}
 
-	cred, err := secrethub.NewCredential(credential, credentialPassphrase)
+	cred, err := findCredential(credential, credentialPassphrase)
 	if err != nil {
 		exit(err)
 	}
 
 	client = secrethub.NewClient(cred, nil)
 }
 
+func findCredential(credential string, passphrase string) (secrethub.Credential, error) {
+	parser := secrethub.NewCredentialParser(secrethub.DefaultCredentialDecoders)
+
+	encoded, err := parser.Parse(credential)
+	if err != nil {
+		return nil, err
+	}
+
+	if encoded.IsEncrypted() {
+		if passphrase == "" {
+			passphrase, err = promptPassword()
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		key, err := secrethub.NewPassBasedKey([]byte(passphrase))
+		if err != nil {
+			return nil, err
+		}
+
+		credential, err := encoded.DecodeEncrypted(key)
+		if err != nil {
+			return nil, err
+		}
+
+		return credential, err
+	}
+
+	return encoded.Decode()
+}
+
 func main() {
 	proxy := restproxy.NewRESTProxy(client, host, port)
 
@@ -52,6 +85,20 @@ func main() {
 	}
 }
 
+func promptPassword() (string, error) {
+	reader, err := readline.New("")
+	password, err := reader.ReadPassword("Please put in the passphrase to unlock your credential:")
+	if err == readline.ErrInterrupt {
+		return "", nil
+	}
+
+	if err != nil {
+		return "", err
+	}
+
+	return string(password), nil
+}
+
 func gracefulShutdown(proxy restproxy.ClientProxy) {
 	sigint := make(chan os.Signal, 1)
 

go.mod

@@ -1,6 +1,9 @@
 module github.com/keylockerbv/secrethub-http-proxy
 
 require (
+	github.com/abiosoft/readline v0.0.0-20180607040430-155bce2042db
+	github.com/chzyer/logex v1.1.10 // indirect
+	github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 // indirect
 	github.com/gorilla/mux v1.7.0
 	github.com/secrethub/secrethub-go v0.17.0
 )

go.sum

@@ -1,9 +1,15 @@
 bitbucket.org/zombiezen/cardcpx v0.0.0-20150417151802-902f68ff43ef h1:Y5Zf3CYdrdGE7GOuK/MNN98GS1V8mOfeiJlISrKUcEo=
 bitbucket.org/zombiezen/cardcpx v0.0.0-20150417151802-902f68ff43ef/go.mod h1:ZJR5FpaQx7Bt2bzIV3gBaCInI1+kG949WhNYYlRr8eA=
+github.com/abiosoft/readline v0.0.0-20180607040430-155bce2042db h1:CjPUSXOiYptLbTdr1RceuZgSFDQ7U15ITERUGrUORx8=
+github.com/abiosoft/readline v0.0.0-20180607040430-155bce2042db/go.mod h1:rB3B4rKii8V21ydCbIzH5hZiCQE7f5E9SzUb/ZZx530=
 github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf h1:eg0MeVzsP1G42dRafH3vf+al2vQIJU0YHX+1Tw87oco=
 github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/certifi/gocertifi v0.0.0-20190105021004-abcd57078448 h1:8tNk6SPXzLDnATTrWoI5Bgw9s/x4uf0kmBpk21NZgI4=
 github.com/certifi/gocertifi v0.0.0-20190105021004-abcd57078448/go.mod h1:GJKEexRPVJrBSOjoqN5VNOIKJ5Q3RViH6eu3puDRwx4=
+github.com/chzyer/logex v1.1.10 h1:Swpa1K6QvQznwJRcfTfQJmTE72DqScAa40E+fbHEXEE=
+github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWsoZXJNW3xEE4JJyHa5Q25/sd8=
+github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/docker/go-units v0.3.3 h1:Xk8S3Xj5sLGlG5g67hJmYMmUgXv5N4PhkjJHHqrwnTk=
 github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/getsentry/raven-go v0.2.0 h1:no+xWJRb5ZI7eE8TWgIq1jLulQiIoLG0IfYxv5JYMGs=